apple

Apple Releases Security Update

Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security page for GarageBand (link is external) and apply the necessary update.

Source: https://www.us-cert.gov/ncas/current-activity/2017/02/14/Apple-Releases-Security-Update

adobe_logo

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04 (link is external), APSB17-05 (link is external), and APSB17-06 (link is external)and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2017/02/14/Adobe-Releases-Security-Updates

Security on Dark Digital Background.

Cisco Clock Signal Component Failure Advisory

Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use.

US-CERT encourages users and administrators to review the Cisco advisory (link is external) for more information and replacement guidance

Source: https://www.us-cert.gov/ncas/current-activity/2017/02/06/Cisco-Clock-Signal-Component-Failure-Advisory

TechSummary

Vulnerability Summary for the Week of January 30, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.  Please click the link below to view the full summary.

Source: https://www.us-cert.gov/ncas/bulletins/SB17-037

TechSummary

Vulnerability Summary for the Week of January 9, 2017

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.  Please click below to see the full bulletin.

Source: https://www.us-cert.gov/ncas/bulletins/SB17-016

TechTips

SMB Security Best Practices

In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.

US-CERT recommends that users and administrators consider:

  • disabling SMB v1 and
  • blocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.

US-CERT cautions users and administrators that disabling or blocking SMB may create problems by obstructing access to shared files, data, or devices. The benefits of mitigation should be weighed against potential disruptions to users. For more information on SMB, please review Microsoft Security Advisories 2696547 (link is external) and 204279 (link is external).

Source: https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for January 2017 to address 270 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle January 2017 Critical Patch Update (link is external) and apply the necessary updates

Source: https://www.us-cert.gov/ncas/current-activity/2017/01/18/Oracle-Releases-Security-Bulletin