Vulnerability Summary for the Week of December 28, 2020

Original release date: January 4, 2021 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…

Comments Off on Vulnerability Summary for the Week of December 28, 2020

Vulnerability Summary for the Week of December 21, 2020

Original release date: December 28, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…

Comments Off on Vulnerability Summary for the Week of December 21, 2020

CISA Releases Free Detection Tool for Azure/M365 Environment

Original release date: December 24, 2020CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool…

Comments Off on CISA Releases Free Detection Tool for Azure/M365 Environment

Vulnerability Summary for the Week of December 14, 2020

Original release date: December 21, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adremsoft -- netcrunch AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL…

Comments Off on Vulnerability Summary for the Week of December 14, 2020

CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

Original release date: December 19, 2020CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that…

Comments Off on CISA Updates Alert and Releases Supplemental Guidance on Emergency Directive for SolarWinds Orion Compromise

AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Original release date: December 17, 2020SummaryThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced…

Comments Off on AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

Vulnerability Summary for the Week of December 7, 2020

Original release date: December 14, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info acdsee -- photo_studio_2021 PlugInsIDE_ACDStd.apl in ACDSee Photo Studio Studio Professional…

Comments Off on Vulnerability Summary for the Week of December 7, 2020

Active Exploitation of SolarWinds Software

Original release date: December 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, released between March 2020…

Comments Off on Active Exploitation of SolarWinds Software