US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Apple Releases Security Update for iOS

Apr 3, 2017

Original release date: April 03, 2017 Apple has released a security update to address a vulnerability in iOS. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Apple security page for iOS and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Internet Information Services (IIS) 6.0 Vulnerability

Mar 30, 2017

Original release date: March 30, 2017 US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which includes its Internet Information Services (IIS) 6.0 web server. Computers running Windows Server 2003 Operating System and its associated programs will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.US-CERT encourages users and administrators to review the National Vulnerability Database entry on this vulnerability, as well as US-CERT Alert TA14-310A. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Mar 29, 2017

Original release date: March 30, 2017 Google has released Chrome version 57.0.2987.137 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Mar 28, 2017

Original release date: March 28, 2017 VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0006 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for iWork

Mar 27, 2017

Original release date: March 27, 2017 Apple has released a security update for macOS 10.12 (and later) and iOS 10.0 (and later) to address a vulnerability in iWork that may allow may allow a remote attacker to obtain sensitive information.US-CERT encourages users and administrators to review Apple's security update for the vulnerability and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for iTunes

Mar 24, 2017

Original release date: March 24, 2017 Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review information on iTunes 12.6 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Aviation Phishing Scams

Mar 23, 2017

Original release date: March 23, 2017 US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.US-CERT encourages users and administrators to review an airline Security Advisory and US-CERT's Security Tip ST04-014 for more information on phishing attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Mar 22, 2017

Original release date: March 22, 2017 Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Cisco IOx Data in Motion Stack Overflow VulnerabilityCisco IOS XE Software for Cisco ASR 920 Series Routers Zero Touch Provisioning Denial of Service VulnerabilityCisco IOS XE Software HTTP Command Injection VulnerabilityCisco IOS XE Software Web User Interface Denial of Service VulnerabilityCisco IOS and IOS XE Software Layer 2 Tunneling Protocol Denial of Service VulnerabilityCisco IOS and IOS XE Software DHCP Client Denial of Service VulnerabilityCisco Application-Hosting Framework Arbitrary File Creation VulnerabilityCisco Application-Hosting Framework Directory Traversal Vulnerability  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Mar 22, 2017

Original release date: March 22, 2017 The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.US-CERT encourages users and administrators to review the NTP Security Notice Page for vulnerability and mitigation details. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Title: Cisco Releases Security Updates

Mar 21, 2017

Original release date: March 21, 2017 Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:IPv6 Denial of Service VulnerabilityAutonomic Networking Infrastructure Registrar Denial of Service Vulnerability This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IRS Warns of Last-Minute Tax Scams

Mar 17, 2017

Original release date: March 17, 2017 The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to phishing@irs.gov.Tax payers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Mar 17, 2017

Original release date: March 17, 2017 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox and Firefox ESR and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Ending Support for Windows Vista

Mar 16, 2017

Original release date: March 17, 2017 All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:Security updatesNon-security hotfixesFree or paid assisted support optionsOnline technical content updates from MicrosoftComputers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft's Vista support and product lifecycle articles. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft SMBv1 Vulnerability

Mar 16, 2017

Original release date: March 16, 2017 Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010 and apply the update. For more information, see the Information Assurance Advisory and US-CERT's SMB Security Best Practices guidance. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Mar 15, 2017

Original release date: March 15, 2017 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Mobility Express 1800 Access Point Series Authentication Bypass Vulnerability cisco-sa-20170315-ap1800StarOS SSH Privilege Escalation Vulnerability cisco-sa-20170315-asrWorkload Automation and Tidal Enterprise Scheduler Client Manager Server Arbitrary File Read Vulnerability cisco-sa-20170315-tesMeshed Wireless LAN Controller Impersonation Vulnerability cisco-sa-20170315-wlc-mesh This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Drupal Releases Security Update

Mar 15, 2017

Original release date: March 15, 2017 Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Mar 14, 2017

Original release date: March 14, 2017 VMware has released security updates to address a vulnerability in Workstation and Fusion. A remote attacker could exploit this vulnerability and take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0005 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Mar 14, 2017

Original release date: March 14, 2017 Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Shockwave Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-07 and APSB17-08 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases March 2017 Security Bulletin

Mar 14, 2017

Original release date: March 14, 2017 Microsoft has released 17 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review Microsoft Security Bulletins MS17-006 through MS17-023 and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IRS Releases Tax-Time Guide

Mar 9, 2017

Original release date: March 09, 2017 The Internal Revenue Service (IRS) has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses.Users and administrators are encouraged to review this week's IRS Tax-Time Guide and US-CERT Tip ST05-014, Real-World Warnings Keep You Safe Online, for additional information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips