Alerts

Major Container Security Flaw Threatens Cascading Attacks

A fundamental component of container technologies like Docker, cri-o, containerd and Kubernetes contains an important vulnerability that could cause cascading attacks.


New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: February 12, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provide a background on the identified cyber activity and mitigation techniques. Click here to register. This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Fixes 43 Critical Acrobat and Reader Flaws

Overall, Adobe patched 75 important and critical vulnerabilities – including a flaw that could allow bad actors to steal victims’ hashed password values.


SB19-042: Vulnerability Summary for the Week of February 4, 2019

Original release date: February 11, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


runc Open-Source Container Vulnerability

Original release date: February 11, 2019 The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that leverage runc. NCCIC encourages users and administrators to review the runc security advisory, and the RedHat and Amazon Web Services blogs; and refer to OS and application vendors for mitigations and updates as they become available. This product is provided subject to this Notification and …
Read More »


Temporary Patch Released For Adobe Reader Zero-Day

The zero-day flaw in Adobe Reader DC could allow bad actors to steal victims’ NTLM hashes.


FireOS Flaw Allowed Limited Content Injection in Amazon Tablets

A vulnerability in FireOS, the Amazon Fire Tablet’s operating system, has been patched.


Apple Fixes Pesky FaceTime Bug in iOS 12.1.4 Update

Apple’s iOS 12.1.4 fixes a FaceTime bug that made headlines last week.


Flaw in Multiple Airline Systems Exposes Passenger Data

Up to eight airlines do not encrypt e-ticketing booking systems – leaving personal customer data open for the taking.


MacOS Zero-Day Exposes Apple Keychain Passwords

A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.