Alerts

Microsoft Confirms Serious ‘PrivExchange’ Vulnerability

The elevated privilege flaw exists in Microsoft Exchange and would allow a remote attacker to impersonate an administrator.


Microsoft Releases Security Advisory for Exchange Server

Original release date: February 05, 2019 Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center’s Vulnerability Note VU#465632 and consider the workarounds until an update is available. This product …
Read More »


Marvell Avastar Wi-Fi Vulnerability

Original release date: February 05, 2019 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Note VU#730261 for more information and refer to vendors for appropriate updates, when available. This product …
Read More »


Google Patches Critical .PNG Image Bug

Eleven critical bugs will be patched as part of the February Android Security Bulletin.


Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws

Several flaws in both open-source RDP clients and in Microsoft’s own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.


SB19-035: Vulnerability Summary for the Week of January 28, 2019

Original release date: February 04, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


NSA Releases Updated Guidance on Side-Channel Vulnerabilities

Original release date: February 01, 2019 The National Security Agency has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to obtain sensitive information. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the NSA Cybersecurity Advisory on Updated Guidance for Vulnerabilities Affecting Modern Processors and Hardware and Firmware Security Guidance GitHub website for more information …
Read More »


Prepare to Defend Your Network Against Swarm-as-a-Service

Swarm technology may be a game changer for the bad guys if organizations don’t change their tactics.


NCCIC Awareness Briefing on Chinese Malicious Cyber Activity

Original release date: January 30, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below: Wednesday, February 6 Friday, February 22 CISA encourages MSPs and their customers to register for the briefing by clicking on one of the dates listed above. The briefing will provide a background on the identified cyber …
Read More »


MS-ISAC Releases Advisory on DNS Flag Day

Original release date: January 30, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms Protocol for DNS (EDNS). While the updates will improve DNS operations, some domains served by DNS servers operating out-of-date software may become unavailable. The National …
Read More »