US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Aviation Phishing Scams

Mar 23, 2017

Original release date: March 23, 2017 US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.US-CERT encourages users and administrators to review an airline Security Advisory and US-CERT's Security Tip ST04-014 for more information on phishing attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Mar 22, 2017

Original release date: March 22, 2017 Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Cisco IOx Data in Motion Stack Overflow VulnerabilityCisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service VulnerabilityCisco IOS XE Software HTTP Command Injection VulnerabilityCisco IOS XE Software Web User Interface Denial of Service VulnerabilityCisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service VulnerabilityCisco IOS and IOS XE Software DHCP Client Denial of Service VulnerabilityCisco Application-Hosting Framework Arbitrary File Creation VulnerabilityCisco Application-Hosting Framework Directory Traversal Vulnerability  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Mar 22, 2017

Original release date: March 22, 2017 The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.US-CERT encourages users and administrators to review the NTP Security Notice Page for vulnerability and mitigation details. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Title: Cisco Releases Security Updates

Mar 21, 2017

Original release date: March 21, 2017 Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:IPv6 Denial of Service VulnerabilityAutonomic Networking Infrastructure Registrar Denial of Service Vulnerability This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IRS Warns of Last-Minute Tax Scams

Mar 17, 2017

Original release date: March 17, 2017 The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to phishing@irs.gov.Tax payers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Mar 17, 2017

Original release date: March 17, 2017 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox and Firefox ESR and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Ending Support for Windows Vista

Mar 16, 2017

Original release date: March 17, 2017 All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:Security updatesNon-security hotfixesFree or paid assisted support optionsOnline technical content updates from MicrosoftComputers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft's Vista support and product lifecycle articles. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft SMBv1 Vulnerability

Mar 16, 2017

Original release date: March 16, 2017 Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010 and apply the update. For more information, see the Information Assurance Advisory and US-CERT's SMB Security Best Practices guidance. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Mar 15, 2017

Original release date: March 15, 2017 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability cisco-sa-20170315-ap1800StarOS SSH Privilege Escalation Vulnerability cisco-sa-20170315-asrWorkload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability cisco-sa-20170315-tesMeshed Wireless LAN Controller Impersonation Vulnerability cisco-sa-20170315-wlc-mesh This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Drupal Releases Security Update

Mar 15, 2017

Original release date: March 15, 2017 Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Mar 14, 2017

Original release date: March 14, 2017 VMware has released security updates to address a vulnerability in Workstation and Fusion. A remote attacker could exploit this vulnerability and take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0005 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Mar 14, 2017

Original release date: March 14, 2017 Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Shockwave Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-07 and APSB17-08 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases March 2017 Security Bulletin

Mar 14, 2017

Original release date: March 14, 2017 Microsoft has released 17 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review Microsoft Security Bulletins MS17-006 through MS17-023 and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IRS Releases Tax-Time Guide

Mar 9, 2017

Original release date: March 09, 2017 The Internal Revenue Service (IRS) has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses.Users and administrators are encouraged to review this week's IRS Tax-Time Guide and US-CERT Tip ST05-014, Real-World Warnings Keep You Safe Online, for additional information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Update for Chrome

Mar 9, 2017

Original release date: March 09, 2017 Google has released Chrome version 57.0.2987.98 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Software Foundation Releases Security Updates

Mar 8, 2017

Original release date: March 08, 2017 The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.32 or Struts 2.5.10.1. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

National Consumer Protection Week

Mar 8, 2017

Original release date: March 08, 2017 March 5-11 is National Consumer Protection Week (NCPW), an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission (FTC) and its fellow agencies highlight free resources to help protect against consumer harm. FTC recently issued press releases on NCPW events and the most common consumer grievances reported to the agency in 2016. Last year, complaints on debt collection, imposter scams, and identity theft topped the list.US-CERT recommends reviewing the FTC resources and the following resources from US-CERT:Protecting Your PrivacyAvoiding Social Engineering and Phishing Attacks, andPreventing and Responding to Identity Theft This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update

Mar 7, 2017

Original release date: March 07, 2017 Mozilla has released a security update to address multiple vulnerabilities in Firefox. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

WordPress Releases Security Update

Mar 6, 2017

Original release date: March 06, 2017 WordPress 4.7.2 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.3. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Mar 1, 2017

Original release date: March 01, 2017 Cisco has released a security update to address a vulnerability in its NetFlow Generation Appliance (NGA). Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips