Good Morning wb_sunny

Welcome user! NYC Geeks is the premier computer repair and technology service provider for homes and businesses in the New York metropolitan area.

Request Support live_help
Technology News view_quilt
Security Alerts https
  • Drupal Releases Security Updates:
    Original release date: April 18, 2018

    Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information.

    NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Cisco Releases Security Updates for Multiple Products:
    Original release date: April 18, 2018

    Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Google Releases Security Update for Chrome:
    Original release date: April 18, 2018

    Google has released Chrome version 66.0.3359.117 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system.

    NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Oracle Releases April 2018 Security Bulletin:
    Original release date: April 17, 2018

    Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC encourages users and administrators to review the Oracle April 2018 Critical Patch Update and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Russian Malicious Cyber Activity:
    Original release date: April 16, 2018

    The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE.

    NCCIC encourages users and administrators to review the GRIZZLY STEPPE - Russian Malicious Cyber Activity page, which links to TA18-106A - Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, for more information.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • VMware Releases Security Updates :
    Original release date: April 13, 2018

    VMware has released security updates to address a vulnerability in vRealize Automation. An attacker could exploit this vulnerability to take control of an affected system.

    NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0009 and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Juniper Networks Releases Security Updates:
    Original release date: April 12, 2018

    Juniper Networks has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC encourages users and administrators to review the following Juniper Security Advisories and apply necessary updates:

    • Junos OS: Kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016)
    • SRX Series: Denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017)
    • SRX Series: Crafted packet may lead to information disclosure and firewall rule bypass during compilation of IDP policies (CVE-2018-0018)
    • Junos: Denial-of-service vulnerability in SNMP MIB-II subagent daemon (mib2d) (CVE-2018-0019)
    • Junos OS: rpd daemon cores due to malformed BGP UPDATE packet (CVE-2018-0020)
    • Steel-Belted Radius Carrier: Eclipse Jetty information disclosure vulnerability (CVE-2015-2080)
    • NorthStar: Return of Bleichenbacher’s Oracle Threat (ROBOT) RSA SSL attack (CVE-2017-1000385)
    • OpenSSL: Multiple vulnerabilities resolved in OpenSSL
    • Junos OS: Multiple vulnerabilities in stunnel 5.38
    • NSM Appliance: Multiple vulnerabilities resolved in CentOS 6.5-based 2012.2R12 release
    • Junos OS: Short MacSec keys may allow man-in-the-middle attacks
    • Junos OS: Mbuf leak due to processing MPLS packets in VPLS networks (CVE-2018-0022)
    • Junos Snapshot Administrator (JSNAPy) world writeable default configuration file permission (CVE-2018-0023)

    This product is provided subject to this Notification and this Privacy & Use policy.


  • Microsoft Releases April 2018 Security Updates:
    Original release date: April 10, 2018

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC encourages users and administrators to review Microsoft's April 2018 Security Update Summary and Deployment Information and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Adobe Releases Security Updates:
    Original release date: April 10, 2018

    Adobe has released security updates to address vulnerabilities in Adobe PhoneGap Push Plugin, Adobe Digital Editions, Adobe InDesign, Adobe Experience Manager, and Adobe Flash Player. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  

    NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-15, APSB18-13, APSB18-11, APSB18-10, and APSB18-08, and apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • Ongoing Threat of Ransomware:
    Original release date: April 09, 2018

    NCCIC has observed an increase in ransomware attacks across the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.

    Ransomware can be devastating to an individual or an organization. Anyone with important data stored on their computer or network is at risk, including government or law enforcement agencies and healthcare systems or other critical infrastructure entities. Throughout different ransomware events, NCCIC's best practices and guidance remain the same:

    • create system back-ups
    • be wary of opening emails and attachments from unknown or unverified senders
    • ensure that systems are updated with the latest patches

    NCCIC encourages users and administrators to review its Ransomware page and the U.S. Government Interagency Joint Guidance for further information.


    This product is provided subject to this Notification and this Privacy & Use policy.


  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • :
  • Security Alerts