Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.

• Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptv
• Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudos
• Cisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipab
• Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rce
• Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf
   

This product is provided subject to this Notification and this Privacy & Use policy.

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:

• Technical support for any issues
• Software updates
• Security updates or fixes

Computers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ.

This product is provided subject to this Notification and this Privacy & Use policy.

The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs).   

CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

In the wake of the recent New Zealand mosque shootings, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:

• Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.
• Review CISA’s Tip on Staying Safe on Social Networking Sites.
• Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.
• Review the information from the Federal Trade Commission on Before Giving to a Charity.

This product is provided subject to this Notification and this Privacy & Use policy.

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.