ACSC Releases Fundamentals of Cross Domain Solutions

Original release date: December 5, 2019 The Australian Cyber Security Centre (ACSC) has released a cybersecurity guide outlining the fundamentals of cross domain solution (CDS) technologies. This guidance provides cross domain security principles to enable organizations to share information securely across separated networks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations with information sharing

[ Read More ]

Microsoft Releases Security Advisory for Windows Hello for Business

Original release date: December 5, 2019 Microsoft has released a Security Advisory to address an issue in Windows Hello for Business (WHfB). An attacker could exploit this issue on devices that were affected by CVE-2017-15361, also known as Return of Coppersmith’s Attack (ROCA), to take control of an affected system. The Cybersecurity and Infrastructure Security

[ Read More ]

NCSC-NZ Releases Cyber Governance Resource for Leaders

Original release date: December 5, 2019 The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance—a series of documents with practical advice and simple steps—following a cybersecurity

[ Read More ]

USN-4214-1: RabbitMQ vulnerability

librabbitmq vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 19.04 Ubuntu 14.04 ESM Summary RabbitMQ could be made to execute arbitrary code if it received a specially crafted input. Software Description librabbitmq – Command-line utilities for interacting with AMQP servers Details It was discovered that RabbitMQ incorrectly handled

[ Read More ]

Dridex Malware

Original release date: December 5, 2019 This Alert is the result of recent collaboration between Department of the Treasury Financial Sector Cyber Information Group (CIG) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) to identify and share information with the financial services sector. Treasury and the Cybersecurity and Infrastructure Security Agency (CISA)

[ Read More ]