Kashif Ali

Original release date: November 27, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States.

Fortinet has released a security advisory to highlight mitigation of this vulnerability. CISA encourages users and administrators to review the advisory and apply the necessary updates immediately. Additionally, CISA recommends Fortinet users conduct a thorough review of logs on any connected networks to detect any additional threat actor activity.

Original release date: November 27, 2020

Drupal has released security updates to address vulnerabilities in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisory SA-CORE-2020-013 and apply the necessary updates.

Original release date: November 24, 2020

With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.

CISA encourages online holiday shoppers to review the following resources.

• CISA’s Online Shopping Tip
• CISA’s Holiday Online Shopping page
• CISA’s Social Engineering and Phishing Attacks Tip
• The Federal Bureau of Investigation’s (FBI’s) ‘Tis the Season for Holiday Online Shopping Scams - Don't Be a Victim Announcement

If you believe you are a victim of a scam, consider the following actions.

• Report the incident to your local police, and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI's Internet Crime Complaint Center (IC3) page.
• Watch for unexpected or unexplained charges to your account. If any appear, contact your financial institution immediately and close any accounts that may have been compromised. See CISA’s Preventing and Responding to Identity Theft Tip for more information.
• Change any passwords you might have revealed immediately. Avoid reusing passwords. See CISA’s Choosing and Protecting Passwords Tip for more information.

Original release date: November 24, 2020

With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.

CISA encourages online holiday shoppers to review the following resources.

• CISA’s Online Shopping Tip
• CISA’s Holiday Online Shopping page
• CISA’s Social Engineering and Phishing Attacks Tip
• The Federal Bureau of Investigation’s (FBI’s) ‘Tis the Season for Holiday Online Shopping Scams - Don't Be a Victim Announcement

If you believe you are a victim of a scam, consider the following actions.

• Report the incident to your local police, and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI's Internet Crime Complaint Center (IC3) page.
• Watch for unexpected or unexplained charges to your account. If any appear, contact your financial institution immediately and close any accounts that may have been compromised. See CISA’s Preventing and Responding to Identity Theft Tip for more information.
• Change any passwords you might have revealed immediately. Avoid reusing passwords. See CISA’s Choosing and Protecting Passwords Tip for more information.