Mozilla Releases Security Update for Thunderbird

Original release date: October 04, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and ad…

Original release date: October 04, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.2.1 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

Original release date: October 04, 2018

The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit …

Original release date: October 04, 2018

The Apache Software Foundation has released security updates to address a vulnerability in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. A remote attacker could exploit this vulnerability to obtain sensitive information.

NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11784.


This product is provided subject to this Notification and this Privacy & Use policy.


Bloomberg: Super Micro motherboards used by Apple, Amazon contained Chinese spy chips

Super Micro, Amazon, and Apple deny everything in the report.

Article intro image

(credit: Wikipedia)

Tiny Chinese spy chips were embedded onto Super Micro motherboards that were then sold to companies in the US, including Amazon and Apple, reports Bloomberg. The report has attracted strenuous denials from Amazon, Apple, and Super Micro.

Bloomberg claims that the chips were initially and independently discovered by Apple and Amazon in 2015 and that the companies reported their findings to the FBI, prompting an investigation that remains ongoing. The report alleges that the tiny chips, disguised to look like other components or even sandwiched into the fiberglass of the motherboards themselves, were connected to the management processor, giving them far-reaching access to both networking and system memory. The report says that the chips would connect to certain remote systems to receive instructions and could then do things like modify the running operating system to remove password validation, thereby opening a machine up to remote attackers.

The boards were all designed by California-based Super Micro and built in Taiwan and China. The report alleges that operatives masquerading as Super Micro employees or government representatives approached people working at four particular factories to request design changes to the motherboards to include the extra chips. Bloomberg further reports that the attack was made by a unit of the People's Liberation Army, the Chinese military.

Read 3 remaining paragraphs | Comments

NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

Original release date: October 04, 2018

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices. The webinar on Thursday, October 4, 2018, is the last in the series, and will be held from 1-2:30 p.m. ET.N…

Original release date: October 04, 2018

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices. The webinar on Thursday, October 4, 2018, is the last in the series, and will be held from 1-2:30 p.m. ET.

NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on the date listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies.


This product is provided subject to this Notification and this Privacy & Use policy.