Original release date: January 27, 2021Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users to review the Apple security pages for the following products and apply the necessary updates. Xcode 12.4 iCloud for windows […]

Original release date: January 27, 2021Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Mozilla Security Advisories for Firefox 85, Firefox ESR 78.7, and Thunderbird 78.7 and apply

Original release date: January 26, 2021The Federal Trade Commission (FTC) has released information on scammers attempting to impersonate the FTC. The scammers operate an FTC-spoofed website that claims to provide instant cash payments and tries to trick consumers into disclosing their financial information. The real FTC does not require such information and scammers can use

Original release date: January 21, 2021Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle January 2021 Critical Patch Update and apply the

Original release date: January 21, 2021Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.   This product is provided subject to this

Original release date: January 21, 2021CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these

Original release date: January 21, 2021Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations. This product is provided subject to this Notification and

Original release date: January 15, 2021The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and

Original release date: January 15, 2021The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.    CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122 and upgrade to the appropriate version.  

Original release date: January 14, 2021Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates. This product is provided