US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Google Releases Security Update for Chrome

Mar 9, 2017

Original release date: March 09, 2017 Google has released Chrome version 57.0.2987.98 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Software Foundation Releases Security Updates

Mar 8, 2017

Original release date: March 08, 2017 The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.32 or Struts 2.5.10.1. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

National Consumer Protection Week

Mar 8, 2017

Original release date: March 08, 2017 March 5-11 is National Consumer Protection Week (NCPW), an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission (FTC) and its fellow agencies highlight free resources to help protect against consumer harm. FTC recently issued press releases on NCPW events and the most common consumer grievances reported to the agency in 2016. Last year, complaints on debt collection, imposter scams, and identity theft topped the list.US-CERT recommends reviewing the FTC resources and the following resources from US-CERT:Protecting Your PrivacyAvoiding Social Engineering and Phishing Attacks, andPreventing and Responding to Identity Theft This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update

Mar 7, 2017

Original release date: March 07, 2017 Mozilla has released a security update to address multiple vulnerabilities in Firefox. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

WordPress Releases Security Update

Mar 6, 2017

Original release date: March 06, 2017 WordPress 4.7.2 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.3. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Mar 1, 2017

Original release date: March 01, 2017 Cisco has released a security update to address a vulnerability in its NetFlow Generation Appliance (NGA). Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update

Feb 21, 2017

Original release date: February 21, 2017 Apple has released a security update to address a vulnerability in Logic Pro X. Exploitation of this vulnerability may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Apple security page for Logic Pro X and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

OpenSSL Releases Security Update

Feb 16, 2017

Original release date: February 16, 2017 OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Feb 15, 2017

Original release date: February 15, 2017 Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FBI Releases Article on Romance Scams

Feb 14, 2017

Original release date: February 14, 2017 The Federal Bureau of Investigation (FBI) has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.To stay safer online, review the FBI article on Romance Scams and US-CERT publication ST06-003 on staying safe on social networking sites. Please file a complaint with the FBI's Internet Crime Complaint Center if you believe you have been the victim of a romance scam. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Feb 14, 2017

Original release date: February 14, 2017 Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04, APSB17-05, and APSB17-06 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update

Feb 14, 2017

Original release date: February 14, 2017 Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary update.   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Enhanced Analysis of GRIZZLY STEPPE

Feb 10, 2017

Original release date: February 10, 2017 The Department of Homeland Security (DHS) has released an Analysis Report (AR) related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to counter this threat.US-CERT recommends that network administrators review the Analysis Report and the previously-released Joint Analysis Report for additional information and mitigation recommendations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ISC Releases Security Updates for BIND

Feb 8, 2017

Original release date: February 08, 2017 The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.Users and administrators are encouraged to review ISC Knowledge Base Article AA-00913 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Clock Signal Component Failure Advisory

Feb 6, 2017

Original release date: February 06, 2017 Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use.US-CERT encourages users and administrators to review the Cisco advisory for more information and replacement guidance. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CERT/CC Reports a Microsoft SMB Vulnerability

Feb 3, 2017

Original release date: February 03, 2017 CERT Coordination Center (CERT/CC) has released information on a Server Message Block (SMB) vulnerability affecting Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition or take control of an affected system.No patches are currently available, but mitigations include blocking outbound SMB connections (TCP ports 139 and 445 and UDP ports 137 and 138) from the local network to the wide-area network. For more information, see VU#867968. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Feb 1, 2017

Original release date: February 01, 2017 Cisco has released security updates to address a vulnerability in its Prime Home platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Tax Identity Theft Awareness Week

Jan 31, 2017

Original release date: January 31, 2017 This is Tax Identity Theft Awareness Week, and many federal agencies are offering consumers information and resources on the topic. US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service (IRS) publication Taxes.Security.Together. and the US-CERT Tip on Identity Theft. Users can also check out these events on avoiding tax identity theft hosted by the Federal Trade Commission (FTC), IRS, Department of Veterans Affairs, and other agencies. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Jan 31, 2017

Original release date: January 31, 2017 VMware has released security updates to address vulnerabilities in Airwatch Agent, Airwatch Console, and AirWatch Inbox software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0001 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips