Original release date: August 14, 2020This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) […]

Original release date: August 14, 2020The Apache Software Foundation has released a security advisory to address vulnerabilities in Struts in the version range 2.0.0—2.5.20. An attacker could exploit one of these vulnerabilities to take control of an affected system. The current version, Struts 2.5.22, is not affected. The Cybersecurity and Infrastructure Security Agency (CISA) encourages

Original release date: August 14, 2020The U.S. Small Business Administration (SBA) is aware of fraudulent schemes and scams targeting its ongoing economic relief efforts. The SBA requests that suspected SBA-related spoofing or phishing fraud be reported to the SBA Office of the Inspector General (OIG) Hotline at 800-767-0385 or online at SBA OIG Hotline. The

Original release date: August 19, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as BLINDINGCAN—used by North Korean actors. CISA encourages users and administrators to review Malware Analysis Report MAR-10295134-1.v1 and CISA’s North Korean Malicious Cyber Activity page for more information. This product

Original release date: August 19, 2020 Notification This report is provided “as is” for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise. This document is

Original release date: August 19, 2020Google has released Chrome version 84.0.4147.135 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

Original release date: August 20, 2020The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent

Original release date: August 21, 2020The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following ISC