Original release date: October 8, 2020QNAP Systems has released security updates to address vulnerabilities in QNAP Helpdesk. An attacker could exploit these vulnerabilities to take control of an affected QNAP network-attached storage (NAS) device. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review QNAP Security Advisory QSA-20-08 and apply the necessary updates. […]

Original release date: October 7, 2020Google has released Chrome version 86.0.4240.75 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary changes.   This

Original release date: October 7, 2020The Cybersecurity and Information Security Agency (CISA) has released an infographic mapping analysis of 44 of its Risk and Vulnerability Assessments (RVAs) conducted in Fiscal Year 2019 to the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework. The infographic identifies routinely successful attack paths CISA observed during RVAs conducted

Original release date: October 6, 2020This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). Emotet—a sophisticated Trojan commonly

Original release date: October 5, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor

Original release date: October 2, 2020The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has released an [Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments]. Financial institutions, cyber insurance firms, and companies that facilitate payments on behalf of victims may be violating OFAC regulations. CISA encourages organizations to review the OFAC

Original release date: October 1, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DOD) Cyber National Mission Force (CNMF) have identified a malware variant—referred to as SLOTHFULMEDIA—used by a sophisticated cyber actor. In addition, U.S. Cyber Command has released the malware sample to the malware aggregation tool and repository, VirusTotal. CISA

Original release date: October 1, 2020   Notification This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document

Original release date: October 1, 2020This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. In light of heightened tensions between the United States and China, the Cybersecurity and Infrastructure Security Agency (CISA) is providing specific Chinese government and affiliated

Original release date: October 1, 2020October is National Cybersecurity Awareness Month (NCSAM), which is a collaborative effort between the Cybersecurity and Infrastructure Security Agency (CISA) and its public and private partners—including the National Cyber Security Alliance—to ensure every American has the resources they need to stay safe and secure online. This year’s theme, “Do your