The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Fortinet FortiOS System File Leak

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the possible exposure of passwords on Fortinet devices that are vulnerable to CVE 2018-13379. Exploitation of this vulnerability may allow an unauthenticated attacker to access FortiOS system files. Potentially affected devices may be located in the United States.

Drupal Releases Security Updates

Drupal has released security updates to address vulnerabilities in Drupal 7, 8.8 and earlier, 8.9, and 9.0. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisory SA-CORE-2020-013 and apply the necessary updates.

Online Holiday Shopping Scams

With more commerce occurring online this year, and with the holiday season upon us, the Cybersecurity and Infrastructure Security Agency (CISA) reminds shoppers to remain vigilant. Be especially cautious of fraudulent sites spoofing reputable businesses, unsolicited emails purporting to be from charities, and unencrypted financial transactions.

CISA encourages online holiday shoppers to review the following resources.

VMware Releases Workarounds for CVE-2020-4006

VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.

VMware Releases Security Updates for VMware SD-WAN Orchestrator

VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN Orchestrator. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0025 and apply the necessary updates.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.