US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

SMB Security Best Practices

Jan 16, 2017

Original release date: January 16, 2017 | Last revised: January 17, 2017 In response to public reporting of a potential Server Message Block (SMB) vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive information from affected systems.US-CERT recommends that users and administrators consider:disabling SMB v1 andblocking all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.US-CERT cautions users and administrators of potential issues that could be created by disabling SMB v1. For more information on SMB, review Microsoft Security Advisories 2696547 and 204279. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ISC Releases Security Updates for BIND

Jan 11, 2017

Original release date: January 11, 2017 The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.Available updates include:BIND 9 version 9.9.9-P5BIND 9 version 9.10.4-P5BIND 9 version 9.11.2-P2BIND 9 version 9.9.9-S7Users and administrators are encouraged to review ISC Knowledge Base Articles AA-01439, AA-01440, AA-01441, and AA-01442 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Jan 10, 2017

Original release date: January 10, 2017 Adobe has released security updates to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-01 and APSB17-02 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases January 2017 Security Bulletin

Jan 10, 2017

Original release date: January 10, 2017 Microsoft has released four updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review Microsoft Security Bulletins MS17-001 through MS17-004 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

GRIZZLY STEPPE - Russian Malicious Cyber Activity

Dec 29, 2016

Original release date: December 29, 2016 The Department of Homeland Security (DHS) has released a Joint Analysis Report (JAR) that details Russian malicious cyber activity, designated as GRIZZLY STEPPE. This activity by Russian civilian and military intelligence services (RIS) is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and private sector entities.DHS recommends that network administrators review the Security Publication for more information and implement the recommendations provided. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update

Dec 28, 2016

Original release date: December 28, 2016 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Mozilla Security Advisory for Thunderbird and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FTC Releases Alert on Fake Apps for Mobile Devices

Dec 22, 2016

Original release date: December 22, 2016 The Federal Trade Commission (FTC) has released an alert on fraudulent mobile apps designed to exploit consumers. Some fake apps may steal personal information such as credit card numbers. By taking precautions, users can protect themselves and their private data.US-CERT encourages users and administrators to refer to the FTC Scam Alert and background article on Understanding Mobile Apps. For more information, see the US-CERT Tip on Cybersecurity for Electronic Devices. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Dec 22, 2016

Original release date: December 22, 2016 Cisco has released security updates to address a vulnerability in its Cisco CloudCenter Orchestrator. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Update

Dec 20, 2016

Original release date: December 20, 2016 VMware has released a security update to address a vulnerability in vSphere Hypervisor (ESXi). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0023 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates

Dec 14, 2016

Original release date: December 14, 2016 Apple has released security updates to address vulnerabilities in iCloud for Windows, Safari, iTunes for Windows, and macOS Sierra. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Apple security pages for iCloud for Windows, Safari, iTunes for Windows, and macOS Sierra and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Joomla! Releases Security Update for CMS

Dec 14, 2016

Original release date: December 14, 2016 Joomla! has released version 3.6.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website.US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Dec 14, 2016

Original release date: December 14, 2016 Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Available updates include:Firefox 50.1Firefox ESR 45.6Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases December 2016 Security Bulletin

Dec 13, 2016

Original release date: December 13, 2016 Microsoft has released 12 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the following Microsoft Security Bulletins MS16-144 through MS16-155 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Dec 13, 2016

Original release date: December 13, 2016 Adobe has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review Adobe Security Bulletins  APSB16-38, APSB16-39, APSB16-40, APSB16-41, APSB16-42, APSB16-43, APSB16-44, APSB16-45, and APSB16-46  and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates

Dec 12, 2016

Original release date: December 12, 2016 Apple has released security updates to address vulnerabilities in watchOS, tvOS, and iOS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators review the Apple security pages for watchOS, tvOS, and iOS and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

McAfee Releases Security Bulletin for Virus Scan Enterprise

Dec 12, 2016

Original release date: December 12, 2016 McAfee has released a security bulletin to address multiple vulnerabilities in Virus Scan Enterprise software versions 2.0.3 and earlier. Some of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to reviewMcAfee Security Bulletin SB10181 and CERT/CC Vulnerability Note VU#245327 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Dec 1, 2016

Original release date: December 01, 2016 Google has released Chrome version 55.0.2883.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Nov 30, 2016

Original release date: November 30, 2016 Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.Available updates include:Firefox 50.0.2Firefox ESR 45.5.1Thunderbird 45.5.1US-CERT encourages users and administrators to review the Mozilla Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Nov 30, 2016

Original release date: November 30, 2016 US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:Avoid following unsolicited links or downloading attachments from unknown sources.Refer to our security Tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.Read the Federal Trade Commission's blog on Cyber Monday shopping and Don’t let scammers take away your holiday cheer.Visit the Federal Trade Commission's Consumer Information page on Charity Scams.If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:File a complaint with the FBI's Internet Crime Complaint Center (IC3).Report the attack to the police and file a report with the Federal Trade Commission.Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Nov 30, 2016

Original release date: November 30, 2016 US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:Avoid following unsolicited links or downloading attachments from unknown sources.Refer to our security Tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.Read the Federal Trade Commission's blog on Don’t let scammers take away your holiday cheer.Visit the Federal Trade Commission's Consumer Information page on Charity Scams.If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:File a complaint with the FBI's Internet Crime Complaint Center (IC3).Report the attack to the police and file a report with the Federal Trade Commission.Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips