NCSC Releases 2018 Annual Review 20 Oct 2018, 12:13 am

The United Kingdom's (UK) National Cyber Security Centre (NCSC) has released its Annual Review for 2018, which provides a snapshot of their work from September 1, 2017, to August 31, 2018. NCSC provides enhanced services to protect the UK against cybersecurity threats.

NCCIC encourages users and administrators to review NCSC’s 2018 Annual Review for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

libssh Releases Security Updates 19 Oct 2018, 9:43 pm

libssh has released security updates addressing a vulnerability affecting libssh versions 0.6 and above. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the libssh Security Release for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases Security Update for Yammer 19 Oct 2018, 9:09 pm

Microsoft has released a security update to address a vulnerability in the Yammer desktop application. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal Releases Security Updates 18 Oct 2018, 10:00 pm

Drupal has released security updates addressing multiple vulnerabilities in Drupal 7.x and 8.x. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Releases Security Updates 17 Oct 2018, 6:53 pm

Cisco has released security updates to address multiple vulnerabilities affecting Cisco products. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts webpage and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

FBI Releases Article on Defending Against Payroll Phishing Scams 16 Oct 2018, 11:14 pm

The Federal Bureau of Investigation (FBI) has released an article on building a digital defense against phishing scams targeting electronically deposited paychecks. In these schemes, scammers use phishing emails to direct employees to fraudulent websites and collect their work credentials. Scammers then use victims’ credentials to replace legitimate direct deposit information with their own account details.

NCCIC encourages users to review the FBI Article and NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of these scams, report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates 16 Oct 2018, 9:08 pm

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Update for Chrome 16 Oct 2018, 8:44 pm

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases October 2018 Security Bulletin 16 Oct 2018, 8:30 pm

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

National Cybersecurity Awareness Month: Workplace Cybersecurity 16 Oct 2018, 3:52 pm

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources, including standards, guidelines, and best practices, to help organizations of all sizes to strengthen their cyber resilience.

NCCIC encourages organizations and employees to review the following resources:

• NIST Cybersecurity Framework,
• DHS Stop.Think.Connect. Toolkit,
• National Cyber Security Alliance workplace tips,
• NCCIC Home and Business Networks page, and
• NCCIC Resources for Small and Midsize Businesses.

This product is provided subject to this Notification and this Privacy & Use policy.