Alerts

Apache Releases Security Updates for Tomcat Native

Original release date: August 17, 2018 The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Google Expands Bug-Bounty Program to Battle Abuse Methods

The program focuses on potential abuse methods across Google’s product-specific channels like Google+, Youtube, Gmail and Blogger.


Google Chrome Bug Opens Access to Private Facebook Information

The method could be used to deduce the age, sex, likes or the location history of a user – essentially, the attacker can play “20 questions” to profile the victim.


ATM Heists Only Set to Accelerate After $13M Break-In

The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.


Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw

The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.


Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.


Intel CPUs Undermined By Fresh Speculative Execution Flaws

‘Foreshadow” and other vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds.


Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup

Microsoft rolled out 60 patches for its Patch Tuesday release, impacting 19 critical flaws and 39 important flaws.


FBI Releases Guidance on Defending Against Travel Scams

Original release date: August 14, 2018 The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with “free” vacation ploys. These offers may be fake or involve hidden fees. Legitimate companies will not ask prize winners to pay to claim their reward. NCCIC encourages consumers to review the FBI Article, the Federal Trade Commission’s Travel Tips, and NCCIC’s Tip on Avoiding Social Engineering and Phishing Attacks …
Read More »


VMware Releases Security Updates

Original release date: August 14, 2018 VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020 and VMSA-2018-0021 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.