Original release date: September 21, 2020The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2020-1472 […]

Original release date: September 18, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for

Original release date: September 17, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the

Original release date: September 17, 2020Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal

Original release date: September 17, 2020The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious

Original release date: September 16, 2020Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletin and apply the necessary update. This product is provided subject to

Original release date: September 15, 2020The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory on an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. This Advisory analyzes the threat actor’s indicators of compromise (IOCs); and tactics, techniques, and

Original release date: September 15, 2020 Notification This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is

Original release date: September 15, 2020This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and Infrastructure Security Agency (CISA) with contributions from the Federal Bureau of Investigation (FBI). CISA and FBI are

Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain