US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Intel Firmware Vulnerability

Nov 21, 2017

Original release date: November 21, 2017 Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.Intel Security Advisory INTEL-SA-00086Support ArticleDetection Tool  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Symantec Releases Security Update

Nov 21, 2017

Original release date: November 21, 2017 Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Windows ASLR Vulnerability

Nov 20, 2017

Original release date: November 20, 2017 The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Holiday Scams and Malware Campaigns

Nov 16, 2017

Original release date: November 16, 2017 US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:Avoid following unsolicited links or downloading attachments from unknown sources.Refer to our Tips to learn more about Shopping Safely Online and Avoiding Social Engineering and Phishing Attacks.Read the Federal Trade Commission's blog: Holiday Shopping Tips from the FTC.Visit the Federal Trade Commission's Consumer Information page on Charity Scams.If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:File a complaint with the FBI's Internet Crime Complaint Center (IC3).Report the attack to the police and file a report with the Federal Trade Commission.Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See Choosing and Protecting Passwords for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases Security Alert

Nov 16, 2017

Original release date: November 16, 2017 Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Nov 15, 2017

Original release date: November 15, 2017 Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Nov 14, 2017

Original release date: November 14, 2017 Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases November 2017 Security Updates

Nov 14, 2017

Original release date: November 14, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Nov 14, 2017

Original release date: November 14, 2017 Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

Nov 9, 2017

Original release date: November 09, 2017 Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Joomla! Releases Security Update

Nov 7, 2017

Original release date: November 07, 2017 Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Update for Chrome

Nov 6, 2017

Original release date: November 06, 2017 Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update for IOS XE Software

Nov 3, 2017

Original release date: November 03, 2017 Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Nov 1, 2017

Original release date: November 01, 2017 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-iseFirepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwrPrime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcpApplication Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicemAironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Multiple Security Updates

Oct 31, 2017

Original release date: October 31, 2017 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:Cloud for Windows 7.1iOS 11.1iTunes 12.7.1 for WindowsmacOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El CapitanSafari 11.1tvOS 11.1watchOS 4.1 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

WordPress Releases Security Update

Oct 31, 2017

Original release date: October 31, 2017 WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information.US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Protecting Critical Infrastructure from Cyber Threats

Oct 31, 2017

Original release date: October 31, 2017 October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.US-CERT encourages users and administrators to review the following:Your Part in Protecting Critical Infrastructure,Critical Infrastructure Cyber Community Voluntary Program, andCritical Infrastructure Sectors. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases Security Bulletin

Oct 30, 2017

Original release date: October 30, 2017 Oracle has released a security update bulletin to address a vulnerability in Oracle Identity Manager. A remote attacker could exploit this vulnerability to take control of an affected system.Users and administrators are encouraged to review the Oracle Security Alert Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Update for Chrome

Oct 26, 2017

Original release date: October 26, 2017 Google has released Chrome version 62.0.3202.75 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to cause a denial-of-service condition.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Multiple Ransomware Infections Reported

Oct 24, 2017

Original release date: October 24, 2017 US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.US-CERT encourages users and administrators to review US-CERT Alerts TA16-181A and TA17-132A that describe recent ransomware events. Please report ransomware incidents to the Internet Crime Complaint Center (IC3). US-CERT will provide updated information as it becomes available. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips