Mozilla Releases Security Update for Thunderbird 14 Jun 2019, 2:34 am

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome 13 Jun 2019, 10:27 pm

Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Exim Releases Security Patches 13 Jun 2019, 7:41 pm

Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches.

This product is provided subject to this Notification and this Privacy & Use policy.

FTC Releases Alert on Updating Software 13 Jun 2019, 7:37 pm

The Federal Trade Commission (FTC) has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and FTC’s OnGuardOnline for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Update for Cisco IOS XE 12 Jun 2019, 9:19 pm

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Intel Releases Security Updates, Mitigations for Multiple Products 11 Jun 2019, 7:23 pm

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

• NUC Firmware Advisory INTEL-SA-00264
• RAID Web Console 3 for Windows Advisory INTEL-SA-00259
• Omni-Path Fabric Manager GUI Advisory INTEL-SA-00257
• Open Cloud Integrity Technology and OpenAttestation Advisory INTEL-SA-00248
• Partial Physical Address Leakage Advisory INTEL-SA-00247
• Turbo Boost Max Technology 3.0 Advisory INTEL-SA-00243
• SGX for Linux Advisory INTEL-SA-00235
• PROSet/Wireless WiFi Software Advisory INTEL-SA-00232
• Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory INTEL-SA-00226
• Chipset Device Software (INF Update Utility) Advisory INTEL-SA-00224
• ITE Tech Consumer Infrared Driver for Windows 10 Advisory INTEL-SA-00206

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases June 2019 Security Updates 11 Jun 2019, 6:03 pm

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates 11 Jun 2019, 2:14 pm

Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CIS Releases 2018 Year in Review 11 Jun 2019, 1:47 am

The Center for Internet Security (CIS) has released its 2018 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights the creation of the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC), the collaborative production of “A Handbook for Elections Infrastructure Security,” and MS-ISAC's advances.

This product is provided subject to this Notification and this Privacy & Use policy.

IC3 Issues Alert on HTTPS Phishing 10 Jun 2019, 9:23 pm

The Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.