US CERT Current Activity
Fortinet FortiOS System File Leak
Nov 27, 2020
Original release date: November 27, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States. Fortinet has released a security advisory to highlight mitigation of this vulnerability. CISA encourages users and administrators to review the advisory and apply the necessary updates immediately. Additionally, CISA recommends Fortinet users conduct a thorough review of logs on any connected networks to detect any additional threat actor activity. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Nov 27, 2020
Original release date: November 27, 2020Drupal has released security updates to address vulnerabilities in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisory SA-CORE-2020-013 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Online Holiday Shopping Scams
Nov 24, 2020
Original release date: November 24, 2020With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions. CISA encourages online holiday shoppers to review the following resources. CISA’s Online Shopping Tip CISA’s Holiday Online Shopping page CISA’s Social Engineering and Phishing Attacks Tip The Federal Bureau of Investigation’s (FBI’s) ‘Tis the Season for Holiday Online Shopping Scams - Don't Be a Victim Announcement If you believe you are a victim of a scam, consider the following actions. Report the incident to your local police, and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI's Internet Crime Complaint Center (IC3) page. Watch for unexpected or unexplained charges to your account. If any appear, contact your financial institution immediately and close any accounts that may have been compromised. See CISA’s Preventing and Responding to Identity Theft Tip for more information. Change any passwords you might have revealed immediately. Avoid reusing passwords. See CISA’s Choosing and Protecting Passwords Tip for more information. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Workarounds for CVE-2020-4006
Nov 23, 2020
Original release date: November 23, 2020VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review VMware Security Advisory VMSA-2020-0027 and apply the necessary workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for VMware SD-WAN Orchestrator
Nov 19, 2020
Original release date: November 19, 2020VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN Orchestrator. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0025 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Nov 19, 2020
Original release date: November 19, 2020Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Nov 19, 2020
Original release date: November 19, 2020Google has released Chrome version 87.0.4280.66 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could allow an attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Nov 19, 2020
Original release date: November 19, 2020Drupal has released security updates to address a critical vulnerability in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Advisory SA-CORE-2020-012, apply the necessary updates, and follow the additional recommendation. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Nov 19, 2020
Original release date: November 19, 2020Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. Integrated Management Controller Multiple Remote Code Execution Vulnerabilities cisco-sa-ucs-api-rce-UXwpeDHd DNA Spaces Connector Command Injection Vulnerability cisco-sa-dna-cmd-injection-rrAYzOwc IoT Field Network Director Unauthenticated REST API Vulnerability cisco-sa-FND-BCK-GHkPNZ5F Secure Web Appliance Privilege Escalation Vulnerability cisco-sa-wsa-prv-esc-nPzWZrQj IoT Field Network Director SOAP API Authorization Bypass Vulnerability cisco-sa-FND-AUTH-vEypBmmR IoT Field Network Director Missing API Authentication Vulnerability cisco-sa-FND-APIA-xZntFS2V For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Security Manager
Nov 17, 2020
Original release date: November 17, 2020Cisco has released security updates to address vulnerabilities in Cisco Security Manager. A remote attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates. Cisco Security Manager Path Traversal Vulnerability cisco-sa-csm-path-trav-NgeRnqgR Cisco Security Manager Static Credential Vulnerability cisco-sa-csm-rce-8gjUz9fW This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates for Multiple Products
Nov 13, 2020
Original release date: November 13, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for macOS Big Sur 11.0, 11.0.1 and for macOS High Sierra 10.13.6, macOS Mojave 10.14.6 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Nov 12, 2020
Original release date: November 12, 2020Google has released Chrome version 86.0.4240.198 for Windows, Mac, and Linux. This version addresses CVE-2020-16013 and CVE-2020-16017. An attacker could exploit one of these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates. Google Chrome Release Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory 2020-154 This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Nov 10, 2020
Original release date: November 10, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe security advisories for Adobe Connect and Adobe Reader for Android and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Update for IOS XR Software
Nov 10, 2020
Original release date: November 10, 2020Cisco has released a security update to address a vulnerability in IOS XR Software for ASR 9000 Series Aggregation Services Routers. An unauthenticated, remote attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases November 2020 Security Updates
Nov 10, 2020
Original release date: November 10, 2020Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s November 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
SAP Releases November 2020 Security Updates
Nov 10, 2020
Original release date: November 10, 2020SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include missing authentication check vulnerabilities affecting SAP Solution Manager (JAVA stack). The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the SAP Security Notes for November 2020 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
Nov 10, 2020
Original release date: November 10, 2020Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 82.0.3, Firefox ESR 78.4.1, and Thunderbird 78.4.2 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Updates for Multiple Products
Nov 6, 2020
Original release date: November 6, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. macOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update watchOS 5.3.9 watchOS 6.2.9 iOS 12.4.9 tvOS 14.2 iOS 14.2 and iPadOS 14.2 watchOS 7.1 This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Nov 5, 2020
Original release date: November 5, 2020Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Acrobat and Reader
Nov 4, 2020
Original release date: November 4, 2020Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-67 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
