Good Morning wb_sunny

Welcome user! NYC Geeks is the premier computer repair and technology service provider for homes and businesses in the New York metropolitan area.

Request Support live_help
Technology News view_quilt
Security Alerts https
  • Cisco Releases Security Updates:
    Original release date: January 24, 2020

    Cisco has released security updates to address a vulnerability affecting Cisco Webex Meetings Suite and Cisco Webex Meetings Online. A remote attacker could exploit this vulnerability to obtain sensitive information.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisory cisco-sa-20200124-webex-unauthjoin for more information.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • NSA Releases Guidance on Mitigating Cloud Vulnerabilities:
    Original release date: January 24, 2020

    The National Security Agency (NSA) has released an information sheet with guidance on mitigating cloud vulnerabilities. NSA identifies cloud security components and discusses threat actors, cloud vulnerabilities, and potential mitigation measures.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and users to review NSA's guidance on Mitigating Cloud Vulnerabilities and CISA’s page on APTs Targeting IT Service Provider Customers and Analysis Report on Microsoft Office 365 and other Cloud Security Observations for information on implementing a defense-in-depth strategy to protect infrastructure assets.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Citrix Releases Security Updates for SD-WAN WANOP:
    Original release date: January 23, 2020

    Citrix has released security updates to address the CVE-2019-19781 vulnerability in Citrix SD-WAN WANOP. An attacker could exploit this vulnerability to take control of an affected system. Citrix has also released an Indicators of Compromise Scanner that aims to identify evidence of successful exploitation of CVE-2019-19781.

    The Cybersecurity and Infrastructure Security Agency (CISA) strongly recommends users and administrators review the Citrix Security Bulletin CTX267027 and apply the necessary updates. CISA also recommends users and administrators:

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Cisco Releases Security Updates :
    Original release date: January 23, 2020

    Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

     

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Increased Emotet Malware Activity:
    Original release date: January 22, 2020

    The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information. Such an attack could result in proprietary information and financial loss as well as disruption to operations and harm to reputation.

    CISA recommends users and administrator adhere to the following best practices to defend against Emotet. See CISA’s Alert on Emotet Malware for detailed guidance.

    • Block email attachments commonly associated with malware (e.g.,.dll and .exe).
    • Block email attachments that cannot be scanned by antivirus software (e.g., .zip files).
    • Implement Group Policy Object and firewall rules.
    • Implement an antivirus program and a formalized patch management process.
    • Implement filters at the email gateway, and block suspicious IP addresses at the firewall.
    • Adhere to the principle of least privilege.
    • Implement a Domain-Based Message Authentication, Reporting & Conformance (DMARC) validation system.
    • Segment and segregate networks and functions. 
    • Limit unnecessary lateral communications.

    CISA encourages users and administrators to review the following resources for information about defending against Emotet and other malware.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • IC3 Issues Alert on Employment Scams:
    Original release date: January 22, 2020

    The Internet Crime Complaint Center (IC3) has issued an alert warning consumers of fake jobs and hiring scams targeting applicants’ personally identifiable information (PII). Cyber criminals posing as legitimate employers spoof company websites and post fake job openings to lure victims. Cyber criminals will conduct fake interviews and even offer positions to victims before requesting PII such as Social Security numbers and bank account information.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and CISA’s Tips on Avoiding Social Engineering and Phishing Attacks and Website Security for more information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Reminder: Safeguard Websites from Cyberattacks :
    Original release date: January 21, 2020

    Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.   

    For more information, review:

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Samba Releases Security Updates:
    Original release date: January 21, 2020

    The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.

     

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory:
    Original release date: January 17, 2020

    Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citrix ADC and Citrix Gateway Release 12.1 build 50.28. An attacker could exploit CVE-2019-19781 to take control of an affected system. Citrix plans to begin releasing security updates for affected software starting January 20, 2020.

    The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators:

    This product is provided subject to this Notification and this Privacy & Use policy.

  • Microsoft Releases Security Advisory on Internet Explorer Vulnerability:
    Original release date: January 17, 2020

    Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.”

    The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.

    This product is provided subject to this Notification and this Privacy & Use policy.

  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • Security Alerts