NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Newsfeeds
US-CERT Current Activity
  • Apple Releases Security Update


    Original release date: February 21, 2017

    Apple has released a security update to address a vulnerability in Logic Pro X. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

    US-CERT encourages users and administrators to review the Apple security page for Logic Pro X and apply the necessary update.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • OpenSSL Releases Security Update


    Original release date: February 16, 2017

    OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

    Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • Cisco Releases Security Update


    Original release date: February 15, 2017

    Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system.

    US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • FBI Releases Article on Romance Scams


    Original release date: February 14, 2017

    The Federal Bureau of Investigation (FBI) has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.

    To stay safer online, review the FBI article on Romance Scams and US-CERT publication ST06-003 on staying safe on social networking sites. Please file a complaint with the FBI's Internet Crime Complaint Center if you believe you have been the victim of a romance scam.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • Adobe Releases Security Updates


    Original release date: February 14, 2017

    Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

    US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04, APSB17-05, and APSB17-06 and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • Apple Releases Security Update


    Original release date: February 14, 2017

    Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

    Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary update.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • Enhanced Analysis of GRIZZLY STEPPE


    Original release date: February 10, 2017

    The Department of Homeland Security (DHS) has released an Analysis Report (AR) related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to counter this threat.

    US-CERT recommends that network administrators review the Analysis Report and the previously-released Joint Analysis Report for additional information and mitigation recommendations.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • ISC Releases Security Updates for BIND


    Original release date: February 08, 2017 | Last revised: February 09, 2017

    The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

    Available updates include:

    • BIND 9 version 9.9.9-P6
    • BIND 9 version 9.10.4-P6
    • BIND 9 version 9.11.0-P3
    • BIND 9 version 9.9.9-S8

    Users and administrators are encouraged to review ISC Knowledge Base Article AA-01453 and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • Cisco Clock Signal Component Failure Advisory


    Original release date: February 06, 2017

    Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use.

    US-CERT encourages users and administrators to review the Cisco advisory for more information and replacement guidance.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

  • CERT/CC Reports a Microsoft SMB Vulnerability


    Original release date: February 03, 2017

    CERT Coordination Center (CERT/CC) has released information on a Server Message Block (SMB) vulnerability affecting Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition.

    No patches are currently available, but mitigations include blocking outbound SMB connections (TCP ports 139 and 445 and UDP ports 137 and 138) from the local network to the wide-area network. For more information, see VU#867968.


    This product is provided subject to this Notification and this Privacy & Use policy.




    click to view

| Date published: not known
Back to newsfeed list
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-4677
The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 201 ...
»CVE-2015-4056 (intelligent_operations)
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cry ...
»CVE-2015-4057
The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext ...
»CVE-2016-10109
Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remote attackers to cause denial of ...
»CVE-2016-10227 (nwa3560-n_firmware, usg50_firmware)
Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial o ...
»CVE-2016-1245
It was discovered that the zebra daemon in Quagga before 1.0.20161017 suffered from a stack-based bu ...
»CVE-2016-3013 (websphere_mq)
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data ...
»CVE-2016-3052 (websphere_mq)
IBM WebSphere MQ 8.0, under nonstandard configurations, sends password data in cleartext over the ne ...
»CVE-2016-4613 (apple_tv, icloud, itunes, safari)
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6 ...
»CVE-2016-4617 (mac_os_x)
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involve ...
»CVE-2016-4660 (apple_tv, iphone_os, mac_os_x, watch_os)
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 ...
»CVE-2016-4661 (mac_os_x)
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol ...
»CVE-2016-4662 (mac_os_x)
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol ...
»CVE-2016-4663 (mac_os_x)
An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue invol ...
»CVE-2016-4664 (apple_tv, iphone_os, watch_os)
An issue was discovered in certain Apple products. iOS before 10.1 is affected. tvOS before 10.0.1 i ...


Date published: 2017-02-24T01:00:01Z
Details

»Apple Releases Security Update
Original release date: February 21, 2017 Apple has released a security update to address a vu ...
»OpenSSL Releases Security Update
Original release date: February 16, 2017 OpenSSL version 1.1.0e has been released to address ...
»Cisco Releases Security Update
Original release date: February 15, 2017 Cisco has released a security update to address a vu ...
»FBI Releases Article on Romance Scams
Original release date: February 14, 2017 The Federal Bureau of Investigation (FBI) has releas ...
»Adobe Releases Security Updates
Original release date: February 14, 2017 Adobe has released security updates to address vulne ...
»Apple Releases Security Update
Original release date: February 14, 2017 Apple has released a security updates to address a v ...
»Enhanced Analysis of GRIZZLY STEPPE
Original release date: February 10, 2017 The Department of Homeland Security (DHS) has releas ...
»ISC Releases Security Updates for BIND
Original release date: February 08, 2017 | Last revised: February 09, 2017 The Internet Syste ...
»Cisco Clock Signal Component Failure Advisory
Original release date: February 06, 2017 Cisco has released a hardware advisory for a clock s ...
»CERT/CC Reports a Microsoft SMB Vulnerability
Original release date: February 03, 2017 CERT Coordination Center (CERT/CC) has released info ...


Date published: not known
Details

»The SHA-1 hashing algorithm has been 'shattered'
Researchers from Google and CWI Amsterdam have created the first kn ...
»Throwback Thursday: Once a researcher...
VB was saddened to learn this week of the passing of one of the pio ...
»VB2017: What is happening in the threat landscape and what are we doing against it? Submit a proposal in the VB2017 CFP!
Have you analysed a new online threat? Do you know a new way to def ...
»VB2016 paper: APT reports and OPSEC evolution, or: these are not the APT reports you are looking for
APT reports are great for gaining an understanding of how advanced ...
»Security for your ears: recommended infosec podcasts
Industry veteran Mikko Hyppönen recently urged would-be security re ...
»VB2016 video: Getting duped: piggybacking on webcam streams for surreptitious recordings
In a presentation at VB2016, Patrick Wardle, Director of Research a ...
»We shouldn't forget those most vulnerable in our digital world
Virus Bulletin Editor Martijn Grooten calls for the security commun ...
»Throwback Thursday: A troubled world
In early 1991, the world was a troubled place and conflict and viol ...
»VB2016 video: Nymaim: the Untold Story
Until very recently, the Nymaim banking trojan was a serious proble ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» Apple Releases Security Update
[21 Feb 2017 01:35pm]

» OpenSSL Releases Security Update
[16 Feb 2017 07:23pm]

» Cisco Releases Security Update
[15 Feb 2017 12:20pm]

» FBI Releases Article on Romance Scams
[14 Feb 2017 09:01pm]

» Adobe Releases Security Updates
[14 Feb 2017 08:57am]

» Apple Releases Security Update
[14 Feb 2017 06:25am]

» Enhanced Analysis of GRIZZLY STEPPE
[10 Feb 2017 07:24pm]

» ISC Releases Security Updates for BIND
[08 Feb 2017 05:29pm]

» Cisco Clock Signal Component Failure Advisory
[06 Feb 2017 04:40pm]

» CERT/CC Reports a Microsoft SMB Vulnerability
[03 Feb 2017 01:48am]

***
US-CERT Alerts

» TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
[30 Nov 2016 10:00pm]

» TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
[14 Oct 2016 05:59pm]

» TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
[06 Sep 2016 04:29pm]

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

» TA16-091A: Ransomware and Recent Variants
[31 Mar 2016 04:00pm]

» TA15-337A: Dorkbot
[03 Dec 2015 04:40pm]

» TA15-314A: Compromised Web Servers and Web Shells - Threat Awareness and Guidance
[10 Nov 2015 06:12pm]

***
Computerworld Security

» The SHA1 hash function is now completely unsafe
[23 Feb 2017 03:35pm]

» Ransomware 'customer support' chat reveals criminals' ruthlessness
[23 Feb 2017 03:14pm]

» 8 steps to regaining control over shadow IT
[23 Feb 2017 01:17pm]

» Breaking and protecting devops tool chains
[23 Feb 2017 11:33am]

» Bruce Schneier and the call for "public service technologists"
[23 Feb 2017 11:32am]

» Police arrest man suspected of building million-router German botnet
[23 Feb 2017 10:06am]

» Eleven-year-old root Linux kernel flaw found and patched
[23 Feb 2017 08:49am]

» Amid cyberattacks, ISPs try to clean up the internet
[23 Feb 2017 07:26am]

» A hard drive's LED light can be used to covertly leak data
[23 Feb 2017 04:40am]

» What to expect from the Trump administration on cybersecurity
[22 Feb 2017 12:39pm]

» New macOS ransomware spotted in the wild
[22 Feb 2017 12:09pm]

» What’s up with Windows patching, Microsoft?
[22 Feb 2017 09:36am]

» Microsoft pushes out critical Flash Player patches after one-week delay
[22 Feb 2017 08:29am]

» LinkedIn will help people in India train for semi-skilled jobs
[22 Feb 2017 05:18am]

» 7 Wi-Fi vulnerabilities beyond weak passwords
[22 Feb 2017 04:00am]

***
Microsoft Security Advisories

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3123479 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 1.0
[12 Jan 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

» 3118753 - Updates for ActiveX Kill Bits 3118753 - Version: 1.0
[12 Jan 2016 11:00am]

» 2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge - Version: 53.0
[05 Jan 2016 11:00am]

» 3123040 - Inadvertently Disclosed Digital Certificate Could Allow Spoofing - Version: 1.0
[08 Dec 2015 11:00am]

***
WIRED

» A Super-Common Crypto Tool Turns Out to Be Super-Insecure
[23 Feb 2017 06:00am]

» Now Anyone Can Deploy Google’s Troll-Fighting AI
[23 Feb 2017 05:00am]

» Malware Lets a Drone Steal Data by Watching a Computer’s Blinking LED
[22 Feb 2017 05:00am]

» An Arms Dealer Says Life Under Trump Is a ‘Win-Win’
[20 Feb 2017 05:00am]

» Smart City Tech Would Make Military Bases Safer
[19 Feb 2017 07:30am]

» The Former Secretary of Defense Outlines the Future of Warfare
[19 Feb 2017 05:00am]

» Security News This Week: Yahoo Got Hacked Again. No, Seriously
[18 Feb 2017 08:00am]

» Finding the Right National Security Adviser Won’t Be Easy
[17 Feb 2017 04:46pm]

» Android Phone Hacks Could Unlock Millions of Cars
[16 Feb 2017 03:30pm]

» Leaks Are Totally American—They’re Just Easier Now
[16 Feb 2017 12:17pm]

***
Network World Security

» Stop using SHA1: It’s now completely unsafe
[23 Feb 2017 03:35pm]

» How to assess security automation tools
[23 Feb 2017 01:15pm]

» New York State cybersecurity regulations: Who wins?
[23 Feb 2017 11:59am]

» Ethernet 2.5GBASE-T and 5GBASE-T grows, testing on tap from UNH lab
[23 Feb 2017 09:32am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Review: Samsung SmartCam PT network camera
[15 Feb 2017 07:00am]

» Review: Arlo Pro cameras offer true flexibility for home security
[09 Feb 2017 07:01am]

» Face-off: Oracle vs. CA for identity management
[26 Jan 2017 10:30am]

» 6 steps to secure a home security camera
[23 Jan 2017 04:00am]

» REVIEW: Home security cameras fall short on security
[23 Jan 2017 04:00am]

» Review: Microsoft Windows Defender comes up short
[03 Jan 2017 10:48am]

» Inside 3 top threat hunting tools
[19 Dec 2016 04:00am]

» Review: Threat hunting turns the tables on attackers
[19 Dec 2016 04:00am]

» How to assess security automation tools
[23 Feb 2017 01:15pm]

» New York State cybersecurity regulations: Who wins?
[23 Feb 2017 11:59am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Welcome
Username:

Password:




Remember me

[ ]

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}