Entries by

Are You Vulnerable to Supply Chain Attacks?

A supply chain attack, sometimes referred to as a “value-chain” or “third-party attack”, occurs when someone penetrates your systems via an external partner or supplier who already has access to your systems, information and data. Due to the number of suppliers that companies are working with, as well as the recent increase in remote working across supply chains, the attack surface has increased drastically.

Adobe Releases Security Updates

Original release date: February 9, 2021 Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Magento APSB21-08  Acrobat and Reader […]

Apple Releases Security Updates

Original release date: February 9, 2021 Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the Apple security update and apply the necessary updates.  This […]

Microsoft Releases February 2021 Security Updates

Original release date: February 9, 2021 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and Deployment Information and apply the necessary updates. This […]

Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

Original release date: February 10, 2021 Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) […]

Verify Your Valentine

Original release date: February 11, 2021 This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked […]

Compromise of U.S. Water Treatment Facility

Original release date: February 11, 2021 In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center have released joint […]

VMware Releases Security Update

Original release date: February 12, 2021 VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update. This product is provided subject to this […]