U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Drupal Releases Security Updates

Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-001 and SA-CORE-2019-002 and apply the necessary updates.

Oracle Releases January 2019 Security Bulletin

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.

DNS Infrastructure Hijacking Campaign

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.

Technical Alerts

Alerts

Timely information about current security issues, vulnerabilities, and exploits.

Bulletins

Bulletins

Weekly summaries of new vulnerabilities along with patch information when available.

Tips

Tips

Advice and best practices about common security issues for the general public.

Analysis Reports

Analysis Reports

Provide in-depth analysis on a new or evolving cyber threat.


Back to Top