Original release date: October 16, 2020The United Kingdom (UK) National Cyber Security Centre (NCSC) has released an Alert to address a vulnerability—CVE-2020-16952—affecting Microsoft SharePoint server. An attacker could exploit this vulnerability to take control of an affected system. Applying patches from Microsoft’s October 2020 Security Advisory for CVE-2020-16952 can prevent exploitation of this vulnerability. The […]

Original release date: October 16, 2020Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Magento Open Source. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-59 and apply the

Original release date: October 15, 2020Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

Original release date: October 14, 2020Microsoft has released a security update to address a protocol vulnerability—CVE-2020-16898—in Windows Transmission Control Protocol (TCP)/IP stack handling of Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement packets. A remote attacker could exploit this vulnerability to take control of an affected system or cause a denial-of-service condition.   The

Original release date: October 14, 2020The Apache Software Foundation has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.  The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Apache Security Advisory for CVE-2020-13943 and upgrade to the appropriate version. This

Original release date: October 14, 2020Adobe has released security updates to address a vulnerability affecting Flash Player. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-58 and apply the necessary update. This product is provided

Original release date: October 13, 2020Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s October 2020 Security Update Summary and Deployment Information and apply

Original release date: October 13, 2020SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes an OS command injection vulnerability (CVE-2020-6364) affecting SAP Solution Manager and SAP Focused Run.   The Cybersecurity and Infrastructure Security Agency (CISA)

Original release date: October 9, 2020This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint cybersecurity advisory is ongoing, and the information provided should not be considered comprehensive. The Cybersecurity and Information

Original release date: October 9, 2020The Cybersecurity and Information Security Agency (CISA) and the Federal Bureau of Information (FBI) have released a joint cybersecurity advisory regarding advanced persistent threat (APT) actors chaining vulnerabilities—a commonly used tactic exploiting multiple vulnerabilities in the course of a single intrusion—in an attempt to compromise federal and state, local, tribal,