SonicWall Releases Additional Patches

/in ,

Original release date: February 23, 2021

SonicWall has released firmware patches for SMA 100 series products in an update to its previous alert from February 3, 2021. A remote attacker could exploit a vulnerability in versions of SMA 10 prior to 10.2.0.5-29sv to take control of an affected system.

CISA encourages users and administrators to review the updated SonicWall alert and apply the necessary patches as soon as possible.

This product is provided subject to this Notification and this Privacy & Use policy.

Apple Releases Security Updates

/in ,

Original release date: February 9, 2021

Apple has released security updates to address vulnerabilities in macOS Big Sur 11.2, macOS Catalina 10.15.7, and macOS Mojave 10.14.6. An attacker could exploit these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the Apple security update and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.

Adobe Releases Security Updates

/in ,

Original release date: February 9, 2021

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Launches Phase 2 Mitigation for Netlogon Remote Code Execution Vulnerability (CVE-2020-1472)

/in ,

Original release date: February 10, 2021

Microsoft addressed a critical remote code execution vulnerability affecting the Netlogon protocol (CVE-2020-1472) on August 11, 2020. Beginning with the February 9, 2021 Security Update release, Domain Controllers will be placed in enforcement mode. This will require all Windows and non-Windows devices to use secure Remote Procedure Call (RPC) with Netlogon secure channel or to explicitly allow the account by adding an exception for any non-compliant device.

CISA encourages users and administrators to review the Microsoft security update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft Releases February 2021 Security Updates

/in ,

Original release date: February 9, 2021

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s February 2021 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

North Korean Malicious Cyber Activity: AppleJeus

/in ,

Original release date: February 17, 2021

CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.”

The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the following resources for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Update

/in ,

Original release date: February 12, 2021

VMware has released a security update to address a vulnerability in vSphere Replication. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-0001 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Compromise of U.S. Water Treatment Facility

/in ,

Original release date: February 11, 2021

In response to recent events where unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility, CISA, the Federal Bureau of Investigation, the Environmental Protection Agency, and the Multi-State Information Sharing and Analysis Center have released joint Cybersecurity Advisory AA21-042A: Compromise of U.S. Water Treatment Facility. This advisory outlines how cyber criminals exploit desktop sharing software and end-of-life operating systems to gain unauthorized access to systems.

This product is provided subject to this Notification and this Privacy & Use policy.

Verify Your Valentine

/in ,

Original release date: February 11, 2021

This Valentine’s Day, before you go looking for love in all the wrong chat rooms, CISA reminds users to be wary of internet romance scams. At first, cyber criminals promise the reward of romance after adopting an alias to appear as a potential partner. Once your heart is hooked on hope, they turn the tables. The scammer with the illusive identity will ask for money, making promises of phony matrimony, as they finagle funds from you as a fake fiancée.

If you don’t know who you are doting on when you are dating, be cautious with your cash and keep it.    

For more information, review CISA’s Tip on Staying Safe on Social Networking Sites. If you believe you have been a victim of a romance scam, file a report with:

This product is provided subject to this Notification and this Privacy & Use policy.

Google Releases Security Updates for Chrome

/in ,

Original release date: February 17, 2021

Google has released Chrome version 88.0.4324.182 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.