The Federal Trade Commission (FTC) has released an announcement about its new website devoted to protecting small businesses. This resource aims to help business owners avoid scams, protect their computers and networks, and keep their customers’ and employees’ data safe.
Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Apple security page for GarageBand (link is external) and apply the necessary update.
Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use.
US-CERT encourages users and administrators to review the Cisco advisory (link is external) for more information and replacement guidance
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. Please click the link below to view the full summary.
Oracle has released its Critical Patch Update for January 2017 to address 270 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review the Oracle January 2017 Critical Patch Update (link is external) and apply the necessary updates
Microsoft has released four updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Meeting Server Client Authentication Bypass Vulnerability [cisco-sa-20161012-msc (link is external)]
- Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability [cisco-sa-20161012-waas (link is external)]
- Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability [cisco-sa-20161012-ucm (link is external)]
- Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability [cisco-sa-20161012-prime (link is external)]
- Cisco Finesse Cross-Site Request Forgery Vulnerability [cisco-sa-20161012-fin (link is external)]
- Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability [cisco-sa-20161012-cbr-8 (link is external)]