US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Drupal Releases Security Updates

Apr 19, 2017

Original release date: April 19, 2017 Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information.US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.2.8 or 8.3.1. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Apr 19, 2017

Original release date: April 19, 2017 Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts. A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:ASA Software DNS Denial-of-Service Vulnerability cisco-sa-20170419-asa-dnsASA Software IPsec Denial-of-Service Vulnerability cisco-sa-20170419-asa-ipsecASA Software SSL/TLS Denial-of-Service Vulnerability cisco-sa-20170419-asa-tlsASA Software Internet Key Exchange Version 1 XAUTH Denial-of-Service Vulnerability cisco-sa-20170419-asa-xauthIOS and IOS XE Software EnergyWise Denial-of-Service Vulnerabilities cisco-sa-20170419-energywiseFirepower Detection Engine Pragmatic General Multicast Protocol Decoding Denial-of-Service Vulnerability cisco-sa-20170419-fpsnortUnified Communications Manager Denial-of-Service Vulnerability cisco-sa-20170419-ucm This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Apr 19, 2017

Original release date: April 19, 2017 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Apr 19, 2017

Original release date: April 19, 2017 Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Apr 18, 2017

Original release date: April 18, 2017 VMware has released security updates to address vulnerabilities in Unified Access Gateway, Horizon View, and Workstation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0008 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases Security Bulletin

Apr 18, 2017

Original release date: April 18, 2017 Oracle has released its Critical Patch Update for April 2017 to address 299 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Oracle April 2017 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Addresses Shadow Brokers Exploits

Apr 15, 2017

Original release date: April 15, 2017 | Last revised: April 16, 2017 The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.Users and administrators are reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. US-CERT recommends retiring EOL products. For more information on EOL Microsoft products, see US-CERT Alerts TA14-310A and TA14-069A, and the previous US-CERT Current Activity on Windows Vista.US-CERT encourages users and administrators to review the MSRC post and apply any necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Apr 14, 2017

Original release date: April 14, 2017 VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ISC Releases Security Updates for BIND

Apr 12, 2017

Original release date: April 12, 2017 The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.Available updates include:BIND 9 version 9.9.9-P8BIND 9 version 9.10.4-P8BIND 9 version 9.11.0-P5BIND 9 version 9.9.9-S10US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01465, AA-01466, and AA-01471 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Software Foundation Releases Security Updates

Apr 12, 2017

Original release date: April 12, 2017 The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may cause a remote attacker to obtain sensitive information.Users and administrators are encouraged to review Apache.org CVE-2017-5648, CVE-2017-5650, and CVE-2017-5651 for more information and apply the necessary updates.   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases April 2017 Security Updates

Apr 12, 2017

Original release date: April 12, 2017 Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code.US-CERT encourages users and administrators to review Vulnerability Note #VU921560 and Microsoft's April 2017 Security Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Apr 11, 2017

Original release date: April 11, 2017 Adobe has released security updates to address vulnerabilities in Adobe Campaign, Flash Player, Acrobat and Reader, Photoshop CC, and Creative Cloud. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review Adobe Security Bulletins APSB17-09, APSB17-10, APSB17-11, APSB17-12, and APSB17-13 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Easter Holiday Phishing Scams and Malware Campaigns

Apr 11, 2017

Original release date: April 11, 2017 As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),electronic greeting cards that may contain malicious software (malware),requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, andfalse advertisements for holiday accommodations or timeshares.US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:Do not click web links in untrusted email messages.Refer to the Shopping Safely Online Tip.Use caution when opening email attachments. Check out the Using Caution with Email Attachments Tip for more information on safely handling email attachments.Review the Federal Trade Commission's page on Charity Scams. Use the links there to verify a charity’s authenticity before you donate.Read the Avoiding Social Engineering and Phishing Attacks Tip.Refer to the Holiday Traveling with Personal Internet-Enabled Devices Tip for more information on protecting personal mobile devices. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Apr 5, 2017

Original release date: April 06, 2017 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Aironet 1830 Series and 1850 Series Access Points Mobility Express Default Credential Vulnerability cisco-sa-20170405-ameWireless LAN Controller 802.11 WME Denial-of-Service Vulnerability cisco-sa-20170405-wlcWireless LAN Controller IPv6 UDP Denial-of-Service Vulnerability cisco-sa-20170405-wlc2Wireless LAN Controller Management GUI Denial-of-Service Vulnerability cisco-sa-20170405-wlc3 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for iOS

Apr 3, 2017

Original release date: April 03, 2017 Apple has released a security update to address a vulnerability in iOS. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Apple security page for iOS and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Internet Information Services (IIS) 6.0 Vulnerability

Mar 30, 2017

Original release date: March 30, 2017 US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which includes its Internet Information Services (IIS) 6.0 web server. Computers running Windows Server 2003 Operating System and its associated programs will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.US-CERT encourages users and administrators to review the National Vulnerability Database entry on this vulnerability, as well as US-CERT Alert TA14-310A. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Mar 29, 2017

Original release date: March 30, 2017 Google has released Chrome version 57.0.2987.137 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Mar 28, 2017

Original release date: March 28, 2017 VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0006 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for iWork

Mar 27, 2017

Original release date: March 27, 2017 Apple has released a security update for macOS 10.12 (and later) and iOS 10.0 (and later) to address a vulnerability in iWork that may allow may allow a remote attacker to obtain sensitive information.US-CERT encourages users and administrators to review Apple's security update for the vulnerability and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for iTunes

Mar 24, 2017

Original release date: March 24, 2017 Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review information on iTunes 12.6 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips