Original release date: December 28, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…
Original release date: December 24, 2020CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool…
Original release date: December 23, 2020CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor…
Original release date: December 21, 2020 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adremsoft -- netcrunch AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL…
Original release date: December 19, 2020CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that…
Original release date: December 17, 2020The National Security Agency (NSA) has released a cybersecurity advisory on detecting abuse of authentication mechanisms. This advisory describes tactics, techniques, and procedures used by…
Original release date: December 17, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced…
Original release date: December 14, 2020 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acdsee -- photo_studio_2021 PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional…
Original release date: December 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020…
Original release date: December 11, 2020Cisco has released security updates to address vulnerabilities in Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms. A remote attacker could exploit…
