Author Archives: edgeadmin

Are Penetration Tests Confusing?

Many self-proclaimed experts are incredible at selling a solutions or services that claim to solve all your cyber risks. Unfortunately, a magic bullet, two-birds-one-stone, or all-in-on-solutions often end up becoming inefficient, ineffective, complex, or often expensive for complete adoption.


The Yahoo Cyber Security Breach Costs Shareholders $55 Billion

This cyber breach could have been avoided with an access management patch costing $180,000.00 but management deferred this patching to the following fiscal year! The Yahoo 2016 sale included all real estate and investment assets including:


ISC Releases Security Advisories for DHCP, BIND

Original release date: January 16, 2018 The Internet Systems Consortium (ISC) has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol (DHCP) and Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01541 and AA-01542 and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use …
Read More »


Oracle Releases January 2018 Security Bulletin

Original release date: January 16, 2018 Oracle has released its Critical Patch Update for January 2018 to address 237 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Oracle January 2018 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


SB18-015: Vulnerability Summary for the Week of January 8, 2018

Original release date: January 15, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


VMware Releases Security Updates for Workstation, Fusion

Original release date: January 11, 2018 VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0005 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Juniper Networks Releases Security Updates

Original release date: January 11, 2018 Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates: ScreenOS: Etherleak vulnerability found on ScreenOS device (CVE-2018-0014) Junos Space Security Director and Log Collector: Multiple vulnerabilities resolved in 17.2R1 release CTPView: Multiple Linux kernel vulnerabilities Junos Space: Multiple vulnerabilities resolved …
Read More »


Microsoft Releases January 2018 Security Updates

Original release date: January 09, 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft’s January 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates for Flash Player

Original release date: January 09, 2018 Adobe has released security updates to address a vulnerability in Flash Player. A remote attacker could exploit this vulnerability to obtain sensitive information.                  NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-01 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


MS-ISAC Releases Advisory on PHP Vulnerabilities

Original release date: January 09, 2018 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review MS-ISAC Advisory 2018-003 and the PHP Downloads page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.