US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Apple Releases Security Update

Feb 21, 2017

Original release date: February 21, 2017 Apple has released a security update to address a vulnerability in Logic Pro X. Exploitation of this vulnerability may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Apple security page for Logic Pro X and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

OpenSSL Releases Security Update

Feb 16, 2017

Original release date: February 16, 2017 OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Feb 15, 2017

Original release date: February 15, 2017 Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FBI Releases Article on Romance Scams

Feb 14, 2017

Original release date: February 14, 2017 The Federal Bureau of Investigation (FBI) has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.To stay safer online, review the FBI article on Romance Scams and US-CERT publication ST06-003 on staying safe on social networking sites. Please file a complaint with the FBI's Internet Crime Complaint Center if you believe you have been the victim of a romance scam. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Feb 14, 2017

Original release date: February 14, 2017 Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04, APSB17-05, and APSB17-06 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update

Feb 14, 2017

Original release date: February 14, 2017 Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary update.   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Enhanced Analysis of GRIZZLY STEPPE

Feb 10, 2017

Original release date: February 10, 2017 The Department of Homeland Security (DHS) has released an Analysis Report (AR) related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to counter this threat.US-CERT recommends that network administrators review the Analysis Report and the previously-released Joint Analysis Report for additional information and mitigation recommendations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ISC Releases Security Updates for BIND

Feb 8, 2017

Original release date: February 08, 2017 The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review ISC Knowledge Base Article AA-00913 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Clock Signal Component Failure Advisory

Feb 6, 2017

Original release date: February 06, 2017 Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use.US-CERT encourages users and administrators to review the Cisco advisory for more information and replacement guidance. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CERT/CC Reports a Microsoft SMB Vulnerability

Feb 3, 2017

Original release date: February 03, 2017 CERT Coordination Center (CERT/CC) has released information on a Server Message Block (SMB) vulnerability affecting Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition or take control of an affected system.No patches are currently available, but mitigations include blocking outbound SMB connections (TCP ports 139 and 445 and UDP ports 137 and 138) from the local network to the wide-area network. For more information, see VU#867968. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Feb 1, 2017

Original release date: February 01, 2017 Cisco has released security updates to address a vulnerability in its Prime Home platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Tax Identity Theft Awareness Week

Jan 31, 2017

Original release date: January 31, 2017 This is Tax Identity Theft Awareness Week, and many federal agencies are offering consumers information and resources on the topic. US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service (IRS) publication Taxes.Security.Together. and the US-CERT Tip on Identity Theft. Users can also check out these events on avoiding tax identity theft hosted by the Federal Trade Commission (FTC), IRS, Department of Veterans Affairs, and other agencies. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Jan 31, 2017

Original release date: January 31, 2017 VMware has released security updates to address vulnerabilities in Airwatch Agent, Airwatch Console, and AirWatch Inbox software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0001 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

WordPress Releases Security Update

Jan 26, 2017

Original release date: January 26, 2017 WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update

Jan 26, 2017

Original release date: January 26, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Mozilla Security Advisory for Thunderbird and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Jan 25, 2017

Original release date: January 25, 2017 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability cisco-sa-20170125-telepresenceCisco Expressway Series and TelePresence VCS Denial-of-Service Vulnerability cisco-sa-20170125-expresswayCisco Adaptive Security Appliance CX Context-Aware Security Denial-of-Service Vulnerability cisco-sa-20170125-cas This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Jan 25, 2017

Original release date: January 25, 2017 Google has released Chrome version 56.0.2924.76 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Data Privacy Day Events

Jan 24, 2017

Original release date: January 24, 2017 As Data Privacy Day (DPD) approaches, US-CERT recommends that users and businesses learn more about how to protect their privacy and personal information. DPD is celebrated every January 28 and is an international effort to promote the importance of data privacy. DPD is sponsored by the National Cyber Security Alliance (NCSA), and the theme for this year's DPD is Respecting Privacy, Safeguarding Data, and Enabling Trust.Many NCSA-sponsored events are available, including advice for businesses and consumers on January 25 and 26. The largest event held via Twitter will include a presentation on scams, ID theft, and fraud. US-CERT encourages users and administrators to participate in these events and to review basic privacy tips from Stay Safe Online. Related resources from US-CERT are:Safeguarding Your Data,Protecting Your Privacy,Avoiding Social Engineering and Phishing Attacks, andPreventing and Responding to Identity Theft. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Jan 24, 2017

Original release date: January 24, 2017 Cisco has released security updates to address a vulnerability in its WebEx browser extensions. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Jan 24, 2017

Original release date: January 24, 2017 Mozilla has released a security update to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox and Firefox ESR and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips