Original release date: December 21, 2020  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adremsoft — netcrunch AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers’ installations when no other SSL certificate […]

Original release date: December 19, 2020CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update

Original release date: December 17, 2020The National Security Agency (NSA) has released a cybersecurity advisory on detecting abuse of authentication mechanisms. This advisory describes tactics, techniques, and procedures used by malicious cyber actors to access protected data in the cloud and provides guidance on defending against and detecting such activity. CISA encourages users and administrators

Original release date: December 17, 2020This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework. See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private

Original release date: December 16, 2020Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.   CISA encourages users and administrators to review the Mozilla Security Advisories for Firefox 84, Firefox ESR 78.6, and Thunderbird 78.6

Original release date: December 15, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iOS 14.3 and iPadOS

Original release date: December 13, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of active exploitation of SolarWinds Orion Platform software versions 2019.4 through 2020.2.1, which was released between March 2020 through June 2020. CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures: SolarWinds Security

Original release date: December 10, 2020Adobe has released security updates to address a vulnerability in Acrobat and Reader. An attacker could exploit this vulnerability to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-75 and apply the necessary updates. This product is provided subject to

Original release date: December 10, 2020This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The FBI, CISA, and MS-ISAC assess malicious cyber actors are targeting kindergarten through twelfth grade (K-12) educational institutions, leading to ransomware

Original release date: December 9, 2020The Australian Cyber Security Centre (ACSC) has launched a new cyber security campaign encouraging all Australians to protect themselves against online threats. The initial focus of the campaign is ransomware threats, and the ACSC provides easy-to-follow security advice at cyber.gov.au to help Australians act now and stay secure.   The