NSA Releases Guidance on Encrypted DNS in Enterprise Environments  

Original release date: January 15, 2021The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent...

2d

Apache Releases Security Advisory for Tomcat

Original release date: January 15, 2021The Apache Software Foundation has released a security advisory to address a vulnerability affecting multiple versions of Apache Tomcat. An attacker could exploit this vulnerability to obtain sensitive information.    CISA encourages users and administrators to review the Apache security advisory for CVE-2021-24122...

2d

RCE Vulnerability Affecting Microsoft Defender

Original release date: January 14, 2021Microsoft has released a security advisory to address a remote code execution vulnerability, CVE-2021-1647, in Microsoft Defender. A remote attacker can exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild. CISA encourages users and administrators...

3d

Cisco Releases Security Updates for Multiple Products

Original release date: January 14, 2021Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. CISA encourages users and administrators...

3d

Juniper Networks Releases Security Updates for Multiple Products

Original release date: January 14, 2021Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to cause take control of an affected system. CISA encourages users and administrators to review the Juniper Networks security advisories page and apply...

3d

Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services

Original release date: January 13, 2021 | Last revised: January 14, 2021Background These types of attacks frequently occurred when victim organizations’ employees worked remotely and used a mixture of corporate laptops and personal devices to access their respective cloud services. Despite the use of security tools, affected organizations typically...

4d

Attackers Exploit Poor Cyber Hygiene to Compromise Cloud Security Environments

Original release date: January 13, 2021CISA is aware of several recent successful cyberattacks against various organizations’ cloud services. Threat actors used a variety of tactics and techniques, including phishing and brute force logins, to attempt to exploit weaknesses in cloud security practices. In response, CISA has released Analysis Report...

4d

Microsoft Releases January 2021 Security Updates

Original release date: January 12, 2021Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s January 2021 Security Update Summary and Deployment Information...

5d

NSA Cybersecurity Directorate Releases 2020 Year in Review

Original release date: January 12, 2021The National Security Agency (NSA) Cybersecurity Directorate has released its 2020 Year in Review, outlining key milestones and mission outcomes achieved during NSA Cybersecurity’s first full year of existence. Highlights include NSA Cybersecurity’s contributions to the 2020 elections, Operation Warp Speed, and...

5d

Mozilla Releases Security Update for Thunderbird

Original release date: January 12, 2021Mozilla has released a security update to address a vulnerability in Thunderbird. An attacker could exploit this vulnerability to take control of an affected system.   CISA encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 78.6.1 and apply the necessary update. ...

5d