Good Morning wb_sunny

Welcome user! NYC Geeks is the premier computer repair and technology service provider for homes and businesses in the New York metropolitan area.

Request Support live_help
Technology News view_quilt
Security Alerts https
  • Mozilla Releases Security Updates for Firefox and Firefox ESR:
    Original release date: September 22, 2020<br/><p>Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/">Firefox 81</a> and <a href="https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/">Firefox ESR 78.3</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Google Releases Security Updates for Chrome:
    Original release date: September 22, 2020<br/><p>Google has updated the stable channel for Chrome to 85.0.4183.121 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html">stable channel update</a> and apply the necessary changes.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Samba Releases Security Update for CVE-2020-1472:
    Original release date: September 21, 2020<br/><p>The Samba Team has released a security update to address a critical vulnerability—CVE-2020-1472—in multiple versions of Samba. This vulnerability could allow a remote attacker to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for <a href="https://www.samba.org/samba/security/CVE-2020-1472.html">CVE-2020-1472</a> and apply the necessary updates or workaround.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol:
    Original release date: September 18, 2020<br/><p>The Cybersecurity and Infrastructure Security Agency (CISA) has released <a href="https://cyber.dhs.gov/ed/20-04/ ">Emergency Directive (ED) 20-04</a> addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services.</p> <p>Earlier this month, <a href="https://us-cert.cisa.gov/ncas/current-activity/2020/09/14/exploit-netlogon-remote-protocol-vulnerability-cve-2020-1472">exploit code for this vulnerability was publicly released</a>. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild.</p> <p>ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information:</p> <ul> <li><a href="https://cyber.dhs.gov/ed/20-04/">CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday</a></li> <li><a href="https://www.kb.cert.org/vuls/id/490028">CERT/CC Vulnerability Note [VU#490028]</a></li> <li><a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472">Microsoft Security Vulnerability Information for CVE-2020-1472</a></li> <li>Microsoft’s guidance on <a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol:
    Original release date: September 17, 2020<br/><p>The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround.</p> <ul> <li>CERT/CC Vulnerability Note <a href="https://www.kb.cert.org/vuls/id/490028">VU#490028</a></li> <li>Microsoft’s Security Advisory for <a href="https://us-cert.cisa.gov https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472">CVE-2020-1472</a></li> <li>Microsoft’s guidance on <a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Drupal Releases Security Updates:
    Original release date: September 17, 2020<br/><p>Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates:</p> <ul> <li><a href="https://www.drupal.org/sa-core-2020-007">SA-CORE-2020-007</a></li> <li><a href="https://www.drupal.org/sa-core-2020-008">SA-CORE-2020-008</a></li> <li><a href="https://us-cert.cisa.gov https://www.drupal.org/sa-core-2020-009">SA-CORE-2020-009</a></li> <li><a href="https://www.drupal.org/sa-core-2020-010">SA-CORE-2020-010</a></li> <li><a href="https://us-cert.cisa.gov https://www.drupal.org/sa-core-2020-011">SA-CORE-2020-011</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Apple Releases Security Updates:
    Original release date: September 17, 2020<br/><p>Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:</p> <ul> <li><a href="https://support.apple.com/en-us/HT211845">Safari 14.0</a></li> <li><a href="https://support.apple.com/en-us/HT211843 ">tvOS 14.0</a></li> <li><a href="https://us-cert.cisa.gov https://support.apple.com/en-us/HT211844 ">watchOS 7.0</a></li> <li><a href="https://us-cert.cisa.gov https://support.apple.com/en-us/HT211850 ">iOS 14.0 and iPadOS 14.0</a></li> <li><a href="https://support.apple.com/en-us/HT211848">Xcode 12.0</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Adobe Releases Security Update for Media Encoder:
    Original release date: September 16, 2020<br/><p>Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe <a href="https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html">Security Bulletin</a> and apply the necessary update.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Iran-Based Threat Actor Exploits VPN Vulnerabilities:
    Original release date: September 15, 2020<br/><p>The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory on an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. This Advisory analyzes the threat actor’s indicators of compromise (IOCs); and tactics, techniques, and procedures (TTPs); and exploited Common Vulnerabilities and Exposures (CVEs).</p> <p>CISA encourages users and administrators to review the following resources for more information.</p> <ul> <li><a href="https://us-cert.cisa.gov/ncas/alerts/aa20-259a">Joint Cybersecurity Advisory: Iran-Based Threat Actor Exploits VPN Vulnerabilities</a></li> <li><a href="https://us-cert.cisa.gov/ncas/analysis-reports/ar20-259a">MAR-10297887-1.v1: Iranian Web Shells</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472:
    Original release date: September 14, 2020<br/><p>The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access.</p> <p>CISA encourages users and administrators to review Microsoft’s August Security Advisory for <a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 ">CVE-2020-1472</a> and <a href="https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc">Article</a> for more information and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://us-cert.cisa.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy &amp; Use</a> policy.</p> </div>
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • Security Alerts