Monthly Archives: September 2020

Current Activity

CISA and MS-ISAC Release Ransomware Guide

Original release date: September 30, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices…

Comments Off on CISA and MS-ISAC Release Ransomware Guide
September 30, 2020
Current Activity

CISA Releases Telework Essentials Toolkit

Original release date: September 30, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized…

Comments Off on CISA Releases Telework Essentials Toolkit
September 30, 2020
Bulletins

Vulnerability Summary for the Week of September 21, 2020

Original release date: September 28, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info aveva -- edna_enterprise_data_historian An SQL injection vulnerability exists in the…

Comments Off on Vulnerability Summary for the Week of September 21, 2020
September 29, 2020
Analysis Reports

AR20-268A: Federal Agency Compromised by Malicious Cyber Actor

Original release date: September 24, 2020SummaryThis Analysis Report uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor…

Comments Off on AR20-268A: Federal Agency Compromised by Malicious Cyber Actor
September 24, 2020
Alerts

AA20-266A: LokiBot Malware

Original release date: September 22, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise frameworks for all referenced threat actor techniques.…

Comments Off on AA20-266A: LokiBot Malware
September 22, 2020
Bulletins

Vulnerability Summary for the Week of September 14, 2020

Original release date: September 21, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- struts Apache Struts 2.0.0 to 2.5.20 forced double…

Comments Off on Vulnerability Summary for the Week of September 14, 2020
September 22, 2020
Current Activity

Samba Releases Security Update for CVE-2020-1472

Original release date: September 21, 2020The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to…

Comments Off on Samba Releases Security Update for CVE-2020-1472
September 21, 2020
Current Activity

CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

Original release date: September 18, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated…

Comments Off on CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol
September 19, 2020
Current Activity

CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol

Original release date: September 17, 2020The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability…

Comments Off on CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol
September 17, 2020