Drupal has released updates addressing a vulnerability in Drupal 8 and 7. A remote attacker could exploit this vulnerability to gain access to sensitive information.

NCCIC encourages users and administrators to review the Drupal Security Advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

• Cisco WebEx Clients Remote Code Execution Vulnerability cisco-sa-20180418-wbs
• Cisco UCS Director Virtual Machine Information Disclosure Vulnerability for End User Portal cisco-sa-20180418-uscd
• Cisco StarOS Interface Forwarding Denial of Service Vulnerability cisco-sa-20180418-staros
• Cisco IOS XR Software UDP Broadcast Forwarding Denial of Service Vulnerability cisco-sa-20180418-iosxr
• Cisco Firepower Detection Engine Secure Sockets Layer Denial of Service Vulnerability cisco-sa-20180418-fpsnort
• Cisco Firepower 2100 Series Security Appliances IP Fragmentation Denial of Service Vulnerability cisco-sa-20180418-fp2100
• Cisco ASA Software, FTD Software, and AnyConnect Secure Mobility Client SAML Authentication Session Fixation Vulnerability cisco-sa-20180418-asaanyconnect
• Cisco Adaptive Security Appliance Application Layer Protocol Inspection Denial of Service Vulnerabilities cisco-sa-20180418-asa_inspect
• Cisco Adaptive Security Appliance TLS Denial of Service Vulnerability cisco-sa-20180418-asa3
• Cisco Adaptive Security Appliance Flow Creation Denial of Service Vulnerability cisco-sa-20180418-asa2
• Cisco Adaptive Security Appliance Virtual Private Network SSL Client Certificate Bypass Vulnerability cisco-sa-20180418-asa1

This product is provided subject to this Notification and this Privacy & Use policy.

Google has released Chrome version 66.0.3359.117 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Enlarge (credit: Chrome's unsafe content warning.)

Chrome already provides effective protection against malicious sites: go somewhere with a poor reputation and you'll get a big, scary red screen telling you that you're about to do something unwise. But Microsoft believes it can do a better job than Google, and it has released a Chrome plugin, Windows Defender Browser Protection, that brings its own anti-phishing protection to Google's browser.

Microsoft justifies the new plugin with reference to a 2017 report that claims that the company's Edge browser blocked 99 percent of phishing attempts, compared to 87 percent by Chrome and 70 percent in Firefox. The plugin brings Edge's protection to Chrome, so if the theory holds, it should bump the browser up to 99 percent, too.

The new extension doesn't appear to disable Chrome's own checking (or at least, it doesn't seem to be doing so for me), so at the very least isn't likely to make you less safe, and with phishing being as widespread as it is, the extra protection probably doesn't hurt.

Read 1 remaining paragraphs | Comments