Logo Kaycee Smith Computer Repair, Redding CA Call 530-356-4652
Kaycee Smith Computer Angels BBB Business Review

Kaycee Smith Computer Angel - Security Alerts


If you are experiencing problems with any of the following.

Call Kaycee Smith Computer Angel for assistance.

530-356-4652

    
 

CISA Current Activity

A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Update to Alert on Mitigating Microsoft Exchange Server Vulnerabilities 4 Mar 2021, 9:08 pm

Original release date: March 4, 2021

CISA is aware of threat actors using open source tools to search for vulnerable Microsoft Exchange Servers and advises entities to investigate for signs of a compromise from at least September 1, 2020. CISA has updated the Alert on the Microsoft Exchange server vulnerabilities with additional detailed mitigations. 
 
CISA encourages administrators to review the updated Alert and the Microsoft Security Update and apply the necessary updates as soon as possible or disconnect vulnerable Exchange servers from the internet until the necessary patch is made available.

This product is provided subject to this Notification and this Privacy & Use policy.

Joint NSA and CISA Guidance on Strengthening Cyber Defense Through Protective DNS 4 Mar 2021, 6:50 pm

Original release date: March 4, 2021

The National Security Agency (NSA) and CISA have released a Joint Cybersecurity Information (CSI) sheet with guidance on selecting a protective Domain Name System (PDNS) service as a key defense against malicious cyber activity. Protective DNS can greatly reduce the effectiveness of ransomware, phishing, botnet, and malware campaigns by blocking known-malicious domains. Additionally organizations can use DNS query logs for incident response and threat hunting activities.

CISA encourages users and administrators to consider the benefits of using a protective DNS service and review NSA and CISA’s CSI sheet on Selecting a Protective DNS Service for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates 4 Mar 2021, 4:13 pm

Original release date: March 4, 2021

Cisco has released security updates to address a vulnerability in multiple Cisco products. An attacker could exploit this vulnerability to cause a denial-of-service condition. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review Cisco Advisory cisco-sa-snort-ethernet-dos-HGXgJH8n and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Update 4 Mar 2021, 4:12 pm

Original release date: March 4, 2021

VMware has released a security update to address a vulnerability in View Planner. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0003 and apply the necessary update.  

This product is provided subject to this Notification and this Privacy & Use policy.

CISA Issues Emergency Directive and Alert on Microsoft Exchange Vulnerabilities 3 Mar 2021, 8:14 pm

Original release date: March 3, 2021

CISA has issued Emergency Directive (ED) 21-02 and Alert AA21-062A addressing critical vulnerabilities in Microsoft Exchange products. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange servers, enabling them to gain persistent system access and control of an enterprise network. 

CISA strongly recommends organizations examine their systems to detect any malicious activity detailed in Alert AA21-062A. Review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome 3 Mar 2021, 5:10 pm

Original release date: March 3, 2021

Google has released Chrome version 89.0.4389.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. 

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Out-of-Band Security Updates for Exchange Server 2 Mar 2021, 10:41 pm

Original release date: March 2, 2021

Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and 2019. A remote attacker can exploit three remote code execution vulnerabilities—CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—to take control of an affected system and can exploit one vulnerability—CVE-2021-26855—to obtain access to sensitive information. These vulnerabilities are being actively exploited in the wild.

CISA encourages users and administrators to review the Microsoft blog post and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

NSA Releases Guidance on Zero Trust Security Model 26 Feb 2021, 1:47 pm

Original release date: February 26, 2021

The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred.

CISA encourages administrators and organizations review NSA’s guidance on Embracing a Zero Trust Security Model to help secure sensitive data, systems, and services.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates  25 Feb 2021, 12:08 pm

Original release date: February 25, 2021

Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla Releases Security Updates for Thunderbird, Firefox ESR, and Firefox 24 Feb 2021, 3:54 pm

Original release date: February 24, 2021

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the Mozilla security advisories for Firefox 86, Firefox ESR 78.8, and Thunderbird 78.8 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.