Category Archives: Security

ICSJWG Spring Meeting April 23–25

This post was originally published on this site

Original release date: April 17, 2019

The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. ICSJWG facilitates information sharing to reduce the risk to the Nation’s industrial control systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages interested participants to visit the ICSJWG website to register for the Spring Meeting by April 17, 2019, and for additional information.

 


This product is provided subject to this Notification and this Privacy & Use policy.

Special Webcast: Simplifying Application Security with Software-Defined Security – April 17, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Matt DeVincentis and Dave Shackleford

The traditional approach to securing applications isnt working. As an industry, were spending more money than ever on security, yet breaches continue to occur. Chasing threats is like trying to find a needle in a haystack, and new threats continue to emerge every day.

Join this live webinar with SANS Analyst and security expert, Dave Shackleford and Matt De Vincentis, Director, Networking and Security Product Marketing at VMware, as they explore why traditional security approaches are failing. Dave and Matt will describe how you can leverage a unified software-defined infrastructure control plane to improve visibility around application behavior, and use VMware AppDefense to leverage the unique properties of virtualization to flip the security model on its head by focusing on validating “known good” application behavior, rather than “chasing bad”.

Attendees will learn:

  • Why a new approach to securing applications is needed
  • What VMware AppDefense does and how it works
  • How one VMware customer has transformed their security posture
  • And more!

Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers

This post was originally published on this site

Original release date: April 17, 2019

The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom Wi-Fi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.


This product is provided subject to this Notification and this Privacy & Use policy.

Oracle Releases April 2019 Security Bulletin

This post was originally published on this site

Original release date: April 16, 2019

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Special Webcast: Cryptojacking – What is it? Where is it? How to protect against it? – April 16, 2019 1:00pm US/Eastern

This post was originally published on this site

With the recent rise of cryptocurrency you can bet that malicious actors have found a way to exploit it for their gain. The minimal regulation and architecture built on true anonymity is a breeding ground for malicious actors. In modern ransomware campaigns, cryptocurrency has been used to broken currency exchange to unlock files. So the use of cryptocurrency is nothing new, but cryptojacking, thats new. Cryptojacking is the process of loading malicious code onto endpoints and jacking their compute power to mine for cryptocurrency, in turn, generating revenue for the malicious actors with nobody being the wiser. Join us to discuss the challenges around detecting cryptojacking, and some recent campaigns and how to defend your networks against them.

Apache Releases Security Updates for Apache Tomcat

This post was originally published on this site

Original release date: April 14, 2019

The Apache Software Foundation has released Apache Tomcat versions 7.0.94 and 8.5.40 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-0232 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Multiple Vulnerabilities in WPA3 Protocol

This post was originally published on this site

Original release date: April 12, 2019

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities—referred to as Dragonblood—in WPA3 protocol. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#871675 for more information and refer to vendors for appropriate updates, when available.


This product is provided subject to this Notification and this Privacy & Use policy.

VMware Releases Security Updates

This post was originally published on this site

Original release date: April 12, 2019

VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0006 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Vulnerability in Multiple VPN Applications

This post was originally published on this site

Original release date: April 12, 2019

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for more information and refer to vendors for appropriate updates, when available.


This product is provided subject to this Notification and this Privacy & Use policy.

Analyst Webcast: How to Build a Security Visibility Strategy in the Cloud – April 11, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Dave Shackleford and David Aiken

True accountability for the security of cloud-based assets requires visibility into the events and behaviors that move into and through your cloud environment. Security today relies on visibility in several areas: networks, systems, storage and applications.

In this recorded webcast, SANS Analyst and cloud security expert Dave Shackleford explains how visibility in the cloud differs from more traditional security visibility and suggests how organizations can move toward establishing a cloud visibility strategy, using practical examples to illustrate the process.

Attendees will learn about:

  • Types of visibility needed today
  • Event data and information available in the cloud
  • Cloud-native controls offered by services providers
  • Third-party options to enhance monitoring and visibility strategies
  • How to tie event monitoring, vulnerability scanning and control planes together to enhance visibility

Register for this webcast to be among the first to receive the associated whitepaper written by Dave Shackleford.