US-CERT DHS Weekly Vulnerability Bulletin

US_Department_of_Homeland_Security_Seal_2By Ron Benvenisti. This week’s list is the most comprehensive yet and should be especially reviewed by all IT vendors and departments across all industries as there are risks associated with almost every type of system from browsers to conferencing to shopping carts and point-of-sale from the most well-known to the obscure.  The bulletin is organized by level and entries contain convenient links to patches and additional information from vendors where available.

As the list of vulnerabilities continues to expand exponentially it is imperative that users keep their systems up to date with current patches. That goes double for businesses of all sizes including small web based ones as several shopping cart systems are affected. Apple users should not have a false sense of security as the list continues to expand with a host of new vulnerabilities. Likewise for those who think Chrome may be a safer bet than Internet Explorer. Think again. There is no excuse for not reviewing the list and taking appropriate corrective action. The risk is too great and gets more so with every passing day.

This week’s US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT).

For modified or updated entries, please visit the NVD, which also contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. In no way does that minimize the severity of the vulnerability.

As always, feel free to contact me at rbenvenistiATintegrissecurity.com, a proud partner of the New York/New Jersey Electronic Crimes Task Force and FBI InfraGard. For free security tools and insights visit: https://www.integrissecurity.com/SecurityTools and http://integrissecurityinsights.blogspot.com/

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at general@thelakewoodscoop.com.

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at newstips@thelakewoodscoop.com, Text 415-857-2667, or WhatsApp 609-661-8668.

© Copyright | The Lakewood Scoop. All Rights Reserved