Alerts

Firmware Bugs Plague Server Supply Chain, 7 Vendors Impacted

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.


LenovoEMC Storage Gear Leaks Sensitive Financial Data

Lenovo patches enterprise and SMB network attached storage devices for a vulnerability that leaked data to the public internet.


NCSC Releases 2019 Active Cyber Defence Report

Original release date: July 16, 2019 The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce harm from commodity cyberattacks against the United Kingdom. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NCSC’s report for more information. This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases Security Updates for PowerShell Core

Original release date: July 16, 2019 Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases July 2019 Security Bulletin

Original release date: July 16, 2019 Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


DHS Webinar: Cybersecurity Threats to the Healthcare Sector

Original release date: July 16, 2019 The Department of Homeland Security (DHS) and the American Hospital Association (AHA) are conducting a webinar focused on current cybersecurity threats to the healthcare sector. The webinar will be held on Wednesday, July 17, 2019, at 1 p.m. ET. The Cybersecurity and Infrastructure Security Agency (CISA) encourages healthcare professionals and their customers to register for the webinar to learn more about ransomware and best practices for securing medical devices. This product is provided subject …
Read More »


IRS Releases Six Cybersecurity Safeguards

Original release date: July 16, 2019 The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals and taxpayers to review the IRS news release and CISA’s Tip on Safeguarding Your Data for more information. This product is …
Read More »


WhatsApp, Telegram Coding Blunders Can Expose Personal Media Files

The issue, present on Android versions, is similar to the known man-in-the-disk attack vector.


Researcher Bypasses Instagram 2FA to Hack Any Account

An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process.


Vulnerability Summary for the Week of July 8, 2019

Original release date: July 15, 2019   The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit the NIST NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info contao — contao Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 …
Read More »