Results 1 to 26 of 26

Thread: Computer System/Cyber & Related Security Alerts

  1. #1
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Computer System/Cyber & Related Security Alerts


    Subscribe to this news thread for continued updates to computer system
    and cyber threat alerts. This thread will be updated when new alerts are issued.
    John Sanderson

    Task Force Investigations
    Logistics Department

  2. #2
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)



    Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)

    Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager (DCNM). These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected device. These vulnerabilities can be exploited independently on the same device; however, a release that is affected by one of the vulnerabilities may not be affected by the others.

    Cisco has released software updates to address the following vulnerabilities:



    US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates to help mitigate the risk.

  3. #3
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Re: Computer System/Cyber & Related Security Alerts

    Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

    Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes eight Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or a device reload.

    US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates or workarounds to help mitigate these vulnerabilities.

    Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publication

  4. #4
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Bulletin (SB13-273)

    Bulletin (SB13-273)
    Vulnerability Summary for the Week of September 23, 2013

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    •High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

    •Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

    •Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    To view the summary, please follow this link: https://www.us-cert.gov/ncas/bulletins/SB13-273

  5. #5
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Cisco Releases Security Advisory for Cisco IOS XR



    Cisco Releases Security Advisory for Cisco IOS XR
    10/02/2013 04:48 PM EDT
    Original release date: October 02, 2013

    Cisco has released a security advisory to address a vulnerability in Cisco IOS XR Software version 4.3.1. If successful, this exploitation could result in complete packet memory exhaustion, rendering critical services on the affected device unable to allocate packets, resulting in a denial of service (DoS) condition.

    US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply any necessary updates or workarounds to help mitigate the risk.

  6. #6
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Adobe Customer Information and Source Code Compromises



    Adobe Customer Information and Source Code Compromises

    US-CERT is aware of the public acknowledgement of a compromise of up to 3 million Adobe customers' information, including names and detailed account information. The source code for multiple Adobe products may also have been compromised.

    US-CERT advises that Adobe customers be aware of possible fraudulent account activity. US-CERT will provide additional details as they become available.

  7. #7
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    TA13-207A: Risks of Using the Intelligent Platform Management Interface (IPMI)

    TA13-207A: Risks of Using the Intelligent Platform Management Interface (IPMI)


    Systems Affected
    Any system connected to the internet running the Intelligent Platform Management Interface (IPMI) may be affected. IPMI is resident on many server platforms, and provides low-level access to a system that can override operating system controls.

    Overview
    Attackers can easily identify and access systems that run IPMI and are connected to the Internet. It is important to restrict IPMI access to specific management IP addresses within an organization and preferably separated into a separate LAN segment.

    Description
    What is the Intelligent Platform Management Interface (IPMI)?

    IPMI is a low level interface specification that has been adopted by many hardware vendors. It allows a system administrator to remotely manage servers at the hardware level. IPMI runs on the Baseboard Management Controller (BMC) and provides access to the BIOS, disks, and other hardware. It also supports remote booting from a CD or through the network, and monitoring of the server environment. The BMC itself also runs a limited set of network services to facilitate management and communications amongst systems.

    What Is the Risk?

    Attackers can use IPMI to essentially gain physical-level access to the server. An attacker can reboot the system, install a new operating system, or compromise data, bypassing any operating system controls. Some issues identified by Dan Farmer:
    • Passwords for IPMI authentication are saved in clear text.
    • Knowledge of one IPMI password gives you the password for all computers in the IPMI managed group.
    • Root access on an IPMI system grants complete control over hardware, software, firmware on the system.
    • BMCs often run excess and older network services that may be vulnerable.
    • IPMI access may also grant remote console access to the system, resulting in access to the BIOS.
    • There are few, if any, monitoring tools available to detect if the BMC is compromised.
    • Certain types of traffic to and from the BMC are not encrypted.
    • Unclear documentation on how to sanitize IPMI passwords without destruction of the motherboard.


    Attackers can easily search and identify internet-connected target systems, and IPMI is no exception.

    Impact
    An attacker with knowledge of IPMI can search for, and find, open management interfaces. Many of these interfaces utilize default or no passwords, or weak encryption. Further consequences depend on the type and use of the compromised system. At the very least, an attacker can compromise confidentiality, integrity, and availability of the server once gaining access to the BMC.


    Solution
    Restrict IPMI to Internal Networks

    Restrict IPMI traffic to trusted internal networks. Traffic from IPMI (usually UDP port 623) should be restricted to a management VLAN segment with strong network controls. Scan for IPMI usage outside of the trusted network and monitor the trusted network for abnormal activity.

    Utilize Strong Passwords

    Devices running IPMI should have strong, unique passwords set for the IPMI service. See US-CERT Security Tip ST04-002 and Password Security, Protection, and Management for more information on password security.

    Encrypt Traffic

    Enable encryption on IPMI interfaces, if possible. Check your manufacturer manual for details on how to set up encryption.

    Require Authentication

    "cipher 0" is an option enabled by default on many IPMI enabled devices that allows authentication to be bypassed. Disable "cipher 0" to prevent attackers from bypassing authentication and sending arbitrary IPMI commands. Anonymous logins should also be disabled.

    Sanitize Flash Memory at End of Life

    Follow manufacturer recommendations for sanitizing passwords. If none exists, destroy the flash chip, motherboard, or other areas the IPMI password may be stored.

    Identify Affected Products
    • Most server products
    • HP Integrated Lights Out
    • Dell DRAC
    • IBM Remote Supervisor Adapter

  8. #8
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Re: Computer System/Cyber & Related Security Alerts



    Google Releases Google Chrome 30

    Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information.

    US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practice security policies to determine which updates should be applied.

  9. #9
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Microsoft Releases Advance Notification for October Security Bulletin


    Microsoft Releases Advance Notification for October Security Bulletin


    Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight. These bulletins are scheduled for release on October 8, 2013.

  10. #10
    Join Date
    Apr 2002
    Location
    National Office
    Posts
    125

    Re: Computer System/Cyber & Related Security Alerts

    Thanks John, for your alerts.

    Lance

  11. #11
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Apple Releases OS X Mountain Lion v10.8.5 Supplemental Update


    Apple Releases OS X Mountain Lion v10.8.5 Supplemental Update


    Apple has released an OS X Mountain Lion v10.8.5 Supplemental Update to address a vulnerability. This vulnerability could potentially allow a local attacker to bypass authentication controls.

    US-CERT encourages users and administrator to review Apple Security Article HT5964 and apply any necessary updates to help mitigate the risk.

  12. #12
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Bulletin (SB13-280) Vulnerability Summary for the Week of September 30, 2013


    Bulletin (SB13-280)
    Vulnerability Summary for the Week of September 30, 2013


    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9


    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    To view the extensive list, click this link:
    https://www.us-cert.gov/ncas/bulletins/SB13-280

  13. #13
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Microsoft Releases October 2013 Security Bulletin



    Microsoft Releases October 2013 Security Bulletin

    Original release date: October 03, 2013 | Last revised: October 08, 2013
    Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight as part of the Microsoft Security Bulletin Summary for October 2013. These vulnerabilities could allow remote code execution or information disclosure.

    US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.

  14. #14
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Adobe Security Bulletin APSB13-25


    Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.04) for Windows. These updates address a regression that occurred in version 11.0.04 affecting Javascript security controls.

    US-CERT recommends that users and administrators review Adobe Security Bulletin APSB13-25 and follow best practice security policies to determine which updates should be applied.

  15. #15
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    BlackBerry Security Advisory BSRT-2013-011


    BlackBerry Releases Security Advisory

    Original release date: October 09, 2013
    BlackBerry has released a security advisory to address a vulnerability that affects the BlackBerry Universal Device Service installed by default with BlackBerry® Enterprise Service (BES) versions 10.0 to 10.1.2. This vulnerability could potentially allow an attacker to obtain escalation of privilege and then execute arbitrary code.

    US-CERT recommends users and administrators to review the BlackBerry Security Advisory BSRT-2013-011 and follow best practice security policies to determine which updates should be applied.

  16. #16
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Bulletin (SB13-287) Vulnerability Summary for the Week of October 7, 2013



    Bulletin (SB13-287)
    Vulnerability Summary for the Week of October 7, 2013

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9


    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    To view the extensive list, click this link: https://www.us-cert.gov/ncas/bulletins/SB13-287

  17. #17
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Alert (TA13-288A) Microsoft Updates for Multiple Vulnerabilities



    Alert (TA13-288A)
    Microsoft Updates for Multiple Vulnerabilities

    Systems Affected:

    • Windows Operating System and Components
    • Microsoft .NET Framework
    • Microsoft Server Software
    • Microsoft Office
    • Microsoft Silverlight
    • Internet Explorer


    Description:

    • The Microsoft Security Bulletin Summary for October 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities.


    Impact

    • These vulnerabilities could allow remote code execution or information disclosure.


    Solution:

    • Apply Updates
      Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for October 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.


    References:


    - - - Updated - - -



    Apple Releases Security Update for Java on OS X

    OS X Lion Server v10.7 or later, and OS X Mountain Lion 10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code with the privileges of the current user.

    US-CERT encourages users and administrators to review Apple Support Article HT5982 and follow best-practice security policies to determine which updates should be applied.

  18. #18
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Oracle Releases October 2013 Security Advisory


    Oracle Releases October 2013 Security Advisory

    Oracle has released its Critical Patch Update for October 2013 to address 127 vulnerabilities across multiple products. This update contains the following security fixes:

    • 2 for Oracle Database Server
    • 17 for Oracle Fusion Middleware
    • 4 for Oracle Enterprise Manager Grid Control
    • 1 for Oracle E-Business Suite
    • 2 for Oracle Supply Chain Products Suite
    • 8 for Oracle PeopleSoft Products
    • 9 for Oracle Siebel CRM
    • 2 for Oracle iLearning
    • 6 for Oracle Industry Applications
    • 1 for Oracle Financial Services Software
    • 2 for Oracle Primavera Products Suite
    • 51 for Oracle Java SE
    • 12 for Oracle and Sun Systems Products Suite
    • 2 for Oracle Virtualization
    • 8 for Oracle MySQL

    US-CERT encourages users and administrators to review the October 2013 Critical Patch Update and follow best practice security policies to determine which updates should be applied.

  19. #19
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Google Releases Google Chrome 30.0.1599.101



    Google Releases Google Chrome 30.0.1599.101

    Google has released Google Chrome 30.0.1599.101 for Windows, Mac, Linux and Chrome Frame operating systems to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition or trigger multiple conflicting uses of the same object.

    US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 30.0.1599.101.

  20. #20
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Cisco Releases Additional Security Advisories



    Cisco Releases Additional Security Advisories

    Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to successfully execute arbitrary code, authentication bypass, or cause a denial-of-service (DoS) condition.

    US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.


  21. #21
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Apple Announcements



    Apple Releases Apple Remote Desktop 3.7

    Apple has released Apple Remote Desktop 3.7 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or obtain sensitive information.

    US-CERT encourages users and administrators to review Apple Support Article HT5998 and follow best practice security policies to determine which updates should be applied.






    Apple Releases OS X Mavericks v10.9

    Apple has released OS X Mavericks v10.9 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass security restrictions, cause a denial-of-service condition, or execute arbitrary code.

    US-CERT encourages users and administrators to review Apple Support Article HT6011 and apply any necessary

  22. #22
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Re: Bulletin (SB13-287) Vulnerability Summary for the Week of October 7, 2013



    SB13-301: Vulnerability Summary for the Week of October 21, 2013

    The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

    The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

    • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
    • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
    • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9


    Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

    To view the extensive list, click this link: https://www.us-cert.gov/ncas/bulletins/SB13-301

  23. #23
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    WordPress Releases Update for WordPress 3.7


    WordPress Releases Update for WordPress 3.7

    Original release date: October 26, 2013 | Last revised: October 28, 2013
    WordPress has released WordPress 3.7 “Basie” for all previous versions. This version has been devised to automatically update with the latest maintenance and security releases, making the process more reliable and secure, with dozens of new checks and safeguards. WordPress 3.7 also updates the password meter to recognize common mistakes that can weaken your password.

    US-CERT recommends users and administrators review the WordPress Maintenance and Security Release blog and follow best practice security policies to determine which updates should be applied.

  24. #24
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Re: Computer System/Cyber & Related Security Alerts



    Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey

    The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities:



    These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access restrictions, cause a denial-of-service condition, or obtain sensitive information.

    US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 25, Firefox ESR 24.1, Firefox ESR 17.0.10, Thunderbird 24.1, Thunderbird ESR 17.0.10, and Seamonkey 2.22 and apply any necessary updates to help mitigate the risk.

  25. #25
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Re: Computer System/Cyber & Related Security Alerts



    Cisco Releases Security Advisory

    Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR). These vulnerabilities, which are independent of each other, could allow an unauthenticated remote attacker to cause a denial-of-service condition.

    Cisco has released software updates that address these vulnerabilities.

    US-CERT encourages administrators of this software to review Cisco Security Advisory 20131030-ASR1000 and follow best practice security policies to determine if their organization is affected and the appropriate response.

  26. #26
    John Sanderson is offline Lifetime Member

    Corporate Agency Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Dec 2008
    Location
    Massachusetts
    Posts
    4,492

    Re: Computer System/Cyber & Related Security Alerts

    To subscribe and receive the alerts I post here, please visit the US CERT website.

    http://www.us-cert.gov/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •