NCSC Releases Alert on Microsoft SharePoint Vulnerability

Original release date: October 16, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this…

Comments Off on NCSC Releases Alert on Microsoft SharePoint Vulnerability

Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

Original release date: October 14, 2020Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6…

Comments Off on Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability

Adobe Releases Security Updates for Flash Player

Original release date: October 14, 2020Adobe has released security updates to address a vulnerability affecting Flash Player. An attacker could exploit this vulnerability to take control of an affected system.…

Comments Off on Adobe Releases Security Updates for Flash Player

Apache Releases Security Updates for Apache Tomcat

Original release date: October 14, 2020The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive…

Comments Off on Apache Releases Security Updates for Apache Tomcat

Microsoft Releases October 2020 Security Updates

Original release date: October 13, 2020Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected…

Comments Off on Microsoft Releases October 2020 Security Updates

SAP Releases October 2020 Security Updates

Original release date: October 13, 2020SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected…

Comments Off on SAP Releases October 2020 Security Updates

Vulnerability Summary for the Week of October 5, 2020

Original release date: October 12, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not…

Comments Off on Vulnerability Summary for the Week of October 5, 2020

CISA and FBI Release Joint Advisory Regarding APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Original release date: October 9, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity advisory regarding advanced persistent threat (APT) actors…

Comments Off on CISA and FBI Release Joint Advisory Regarding APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

Original release date: October 9, 2020SummaryThis joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat…

Comments Off on AA20-283A: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations

QNAP Releases Security Updates for QNAP Helpdesk

Original release date: October 8, 2020QNAP Systems has released security updates to address vulnerabilities in QNAP Helpdesk. An attacker could exploit these vulnerabilities to take control of an affected QNAP…

Comments Off on QNAP Releases Security Updates for QNAP Helpdesk