Mozilla Releases Security Update – Updated October 21, 2020
October 21, 2020
Cybersecurity
VMware Releases Security Updates - Updated October 20, 2020
October 20, 2020
CISA Launches Webpage to Help Partners Understand and Address Disinformation and Misinformation
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has just launched a #Protect2020 Rumor vs. Reality webpage, in which it addresses some common disinformation and misinformation rumors that can undermine public confidence in the electoral process. The webpage lists the disinformation or misinformation rumors, provides factual information to counteract this information, and offers resources to support these facts.
NSA Releases Advisory on Chinese State-sponsored Actors Exploiting Publicly Known Vulnerabilities
The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks. Read the NSA advisory.
Rockwell Automation 1794-AENT Flex I/O Series B (ICSA-20-294-01)
CISA has published an advisory on a classic buffer overflow vulnerability in Rockwell Automation 1794-AENT Flex I/O Series B. Versions 4.003 and prior are affected. Successful exploitation of these vulnerabilities could crash the device being accessed, resulting in a buffer overflow condition that may allow remote code execution. Rockwell Automation recommends affected users ensure they are employing proper network segmentation and security controls when implementing the affected product. CISA also recommends a series of measures to mitigate this vulnerability.
Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer (ICSA-20-294-02) - Products Used in the Energy Sector
CISA has published an advisory on an improper authentication vulnerability in Hitachi ABB Power Grids XMC20 Multiservice-Multiplexer. XMC20 R4 using COGE5 versions older than co5ne_r1h07_12.esw and XMC20 R6 using COGE5 versions older than co5ne_r2d14_03.esw are affected. Successful exploitation of this vulnerability could allow an attacker to remotely take control of the product. Hitachi ABB Power Grids has corrected the problem in the different product versions and recommends users apply the firmware update at the earliest availability.
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system.
NCSC Releases Alert on Microsoft SharePoint Vulnerability
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises the United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability - CVE-2020-16952 - affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system.
15CFAM – What’s so FUN about Addressing All the Things (Internet-of-Things) and the Supply Chain Too?
In keeping with this week’s NCSAM theme of internet-connected devices (in healthcare), we decided to jump way ahead in our ‘15 Cybersecurity Fundamentals Awareness Month’ (15CFAM) series to #14 (Address All Smart Devices) and #13 (Secure the Supply Chain) from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities guide.
Pages
