Original release date: August 17, 2018 The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
The program focuses on potential abuse methods across Google’s product-specific channels like Google+, Youtube, Gmail and Blogger.
The method could be used to deduce the age, sex, likes or the location history of a user – essentially, the attacker can play “20 questions” to profile the victim.
The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.
The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.
‘Foreshadow” and other vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds.
Microsoft rolled out 60 patches for its Patch Tuesday release, impacting 19 critical flaws and 39 important flaws.
Original release date: August 14, 2018 The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against travel scams. FBI explains how scammers trick consumers with “free” vacation ploys. These offers may be fake or involve hidden fees. Legitimate companies will not ask prize winners to pay to claim their reward. NCCIC encourages consumers to review the FBI Article, the Federal Trade Commission’s Travel Tips, and NCCIC’s Tip on Avoiding Social Engineering and Phishing Attacks …
Read More »
Original release date: August 14, 2018 VMware has released security updates to address vulnerabilities in vSphere, Workstation, Fusion, and Virtual Appliances. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review VMware Security Advisories VMSA-2018-0020 and VMSA-2018-0021 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.