Alerts

DHS Email Phishing Scam

Original release date: June 18, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment. CISA encourages users and administrators take the following actions to avoid becoming a …
Read More »


Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: June 18, 2019 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates. This product is provided subject to this Notification and …
Read More »


SB19-168: Vulnerability Summary for the Week of June 10, 2019

Original release date: June 17, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


Microsoft Pushes Azure Users to Patch Linux Systems

Microsoft is urging users to patch every Exim installation in their organization and make sure that they are updated to the most recent version, Exim version 4.92.


AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability

Original release date: June 17, 2019 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions: Windows 2000 Windows Vista Windows XP Windows 7 Windows Server 2003 Windows Server 2003 R2 Windows Server 2008 Windows Server 2008 R2 An attacker can exploit this vulnerability to …
Read More »


News Wrap: Amazon Privacy and Telegram DDoS Attack

Threatpost editors Tara Seals and Lindsey O’Donnell discuss a recent lawsuit against Amazon for its privacy policies, a Telegram DDoS attack and more.


Millions of Linux Servers Under Worm Attack Via Exim Flaw

Attackers are exploiting a Linux Exim critical flaw to execute remote commands, download crypto miners and sniff out other vulnerable servers.


Max-Severity Bug in Infusion Pump Gateway Puts Lives at Risk

The critical bug in a connected medical device can allow an attacker to remotely manipulate hospital pumps, either to withhold meds or dispense too much.


Evernote Critical Flaw Opened Personal Data of Millions to Attack

Evernote’s web clipper extension for Chrome is vulnerable to a critical flaw that could have exposed the data of more than 4.6 million users.


Exim Releases Security Patches

Original release date: June 13, 2019 Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches. This product is provided subject to this Notification and this …
Read More »