The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

SAP Releases August 2020 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. This includes a cross-site scripting vulnerability (CVE-2020-6284) in NetWeaver (Knowledge Management)

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the SAP Security Notes and apply the necessary updates.

Microsoft Addresses RCE and Spoofing Vulnerabilities Under Active Exploitation

Microsoft has released security updates to address two vulnerabilities—CVE-2020-1380 and CVE-2020-1464—that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple Windows products. An attacker could exploit these vulnerabilities to take control of an affected system.

Microsoft Releases August 2020 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CIS Releases 2019 Year in Review

The Center for Internet Security (CIS) has released its 2019 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities.

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities affecting Adobe Acrobat, Reader, and Lightroom. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-48 and APSB20-51 and apply the necessary updates.

Google Releases Security Updates for Chrome

Google has released Chrome version 84.0.4147.125 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.