Cybersecurity

The FBI’s Portland, Oregon office has published an advisory discussing the threat of calendar fraud and providing some steps for combating it. Scammers have started sending online users calendar invites, a form of phishing. In many cases, the calendar’s default settings allow the invitation to simply appear on your account. The fraudster could be offering you a prize or an invitation to some special event. Just click on the link and you can register, or click, put in your credit card number, and you are on your way to winning the jackpot.

The National Security Agency (NSA) has released a cyber advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. CISA encourages users and administrators to review the advisory and apply the information, as appropriate.

Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. Read the advisory at CISA.

CISA has published an advisory on improper input validation and memory corruption vulnerabilities in Flexera FlexNet Publisher. Versions 2018 R3 and prior are affected. These vulnerabilities could allow an attacker to deny the acquisition of a valid license for legal use of the product. The memory corruption vulnerability could allow remote code execution. Flexera recommends all users using affected versions of FlexNet Publisher upgrade to Version 2018 R4 or newer as soon as possible. CISA also recommends a series of measures to mitigate the vulnerabilities.