US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol

Sep 18, 2020

Original release date: September 18, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Emergency Directive (ED) 20-04 addressing a critical vulnerability— CVE-2020-1472—affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker with network access to a domain controller could exploit this vulnerability to compromise all Active Directory identity services. Earlier this month, exploit code for this vulnerability was publicly released. Given the nature of the exploit and documented adversary behavior, CISA assumes active exploitation of this vulnerability is occurring in the wild. ED 20-04 applies to Executive Branch departments and agencies; however, CISA strongly recommends state and local governments, the private sector, and others patch this critical vulnerability as soon as possible. Review the following resources for more information: CISA Emergency Directive 20-04: Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday CERT/CC Vulnerability Note [VU#490028] Microsoft Security Vulnerability Information for CVE-2020-1472 Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CERT/CC Releases Information on Critical Vulnerability in Microsoft Windows Netlogon Remote Protocol

Sep 17, 2020

Original release date: September 17, 2020The CERT Coordination Center (CERT/CC) has released information on CVE-2020-1472, a vulnerability affecting Microsoft Windows Netlogon Remote Protocol. An unauthenticated attacker could exploit this vulnerability to obtain Active Directory domain administrator access. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. The Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the following resources and apply the necessary updates and workaround. CERT/CC Vulnerability Note VU#490028 Microsoft’s Security Advisory for CVE-2020-1472 Microsoft’s guidance on How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Drupal Releases Security Updates

Sep 17, 2020

Original release date: September 17, 2020Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or leverage the way HTML is rendered. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Drupal security updates and apply the necessary updates: SA-CORE-2020-007 SA-CORE-2020-008 SA-CORE-2020-009 SA-CORE-2020-010 SA-CORE-2020-011 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates

Sep 17, 2020

Original release date: September 17, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: Safari 14.0 tvOS 14.0 watchOS 7.0 iOS 14.0 and iPadOS 14.0 Xcode 12.0 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Update for Media Encoder

Sep 16, 2020

Original release date: September 16, 2020Adobe has released a security update to address vulnerabilities in Media Encoder. An attacker could exploit these vulnerabilities to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletin and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Iran-Based Threat Actor Exploits VPN Vulnerabilities

Sep 15, 2020

Original release date: September 15, 2020The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory on an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. This Advisory analyzes the threat actor’s indicators of compromise (IOCs); and tactics, techniques, and procedures (TTPs); and exploited Common Vulnerabilities and Exposures (CVEs). CISA encourages users and administrators to review the following resources for more information. Joint Cybersecurity Advisory: Iran-Based Threat Actor Exploits VPN Vulnerabilities MAR-10297887-1.v1: Iranian Web Shells This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Exploit for Netlogon Remote Protocol Vulnerability, CVE-2020-1472

Sep 14, 2020

Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of publicly available exploit code for CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. Although Microsoft provided patches for CVE-2020-1472 in August 2020, unpatched systems will be an attractive target for malicious actors. Attackers could exploit this vulnerability to obtain domain administrator access. CISA encourages users and administrators to review Microsoft’s August Security Advisory for CVE-2020-1472 and Article for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Chinese Government-affiliated Malicious Cyber Actors Targeting U.S. Government Agencies

Sep 14, 2020

Original release date: September 14, 2020The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have issued an advisory about Chinese Ministry of State Security (MSS)-affiliated cyber threat actors targeting U.S. government agencies. Through the National Cybersecurity Protection System, CISA has observed Chinese MSS-affiliated cyber threat actors operating from the People’s Republic of China using commercially available information sources and open-source exploitation tools. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK frameworks to characterize the tactics, techniques, and procedures (TTPs) used by Chinese MSS-affiliated actors. CISA encourages users and administrators to review the joint cybersecurity advisory and CISA's Chinese Malicious Cyber Activity page for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Insights: Email-Based Attacks on Elections-Related Entities

Sep 10, 2020

Original release date: September 10, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities in light of increased sophisticated phishing operations targeting individuals and groups involved in the upcoming U.S. elections. CISA strongly recommends elections-related individuals and organizations to prioritize the protection of email accounts and systems. Use provider-offered protections, if utilizing cloud email. Secure user accounts on high value services. Implement email authentication and other best practices. Secure email gateway capabilities. See the following resources for more information. CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities CISA Tip: Best Practices for Securing Election Systems CISA Tip: Avoiding Social Engineering and Phishing Scams Microsoft Blog: New cyberattacks targeting U.S. elections This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ACSC Releases Annual Cyber Threat Report for 2019–2020

Sep 10, 2020

Original release date: September 10, 2020The Australian Cyber Security Centre (ACSC) has released its annual report on key cyber threats and statistics from 2019–2020. The report highlights that phishing and spearphishing are still the most common cyberattacks, and ransomware has become a significant threat to operations across multiple sectors.     The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review ACSC’s Annual Cyber Threat Report July 2019 to June 2020 and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks and webpage on Ransomware for more information.   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Sep 8, 2020

Original release date: September 8, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. InDesign APSB20-52 Framemaker APSB20-54 Experience Manager APSB20-56 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Sep 8, 2020

Original release date: September 8, 2020Google has released Chrome version 85.0.4183.102 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases September 2020 Security Updates

Sep 8, 2020

Original release date: September 8, 2020Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s September 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

DoS and DDoS Attacks against Multiple Sectors

Sep 4, 2020

Original release date: September 4, 2020The Cybersecurity and Infrastructure Security Agency (CISA) is aware of open-source reporting of targeted denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks against finance and business organizations worldwide. A DoS attack is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. In a DDoS attack, the incoming traffic originates from many different sources, making it impossible to stop the attack by blocking a single source. These attacks can cost an organization both time and money while their resources and services are inaccessible. If you think you or your business is experiencing a DoS or DDoS attack, it is important to contact the appropriate technical professionals for assistance. Contact your network administrator to confirm whether the service outage is due to maintenance or an in-house network issue. Network administrators can also monitor network traffic to confirm the presence of an attack, identify the source, and mitigate the situation by applying firewall rules and possibly rerouting traffic through a DoS protection service. Contact your internet service provider to ask if there is an outage on their end or if their network is the target of an attack and you are an indirect victim. They may be able to advise you on an appropriate course of action. For more information, see CISA’s Tip on Understanding Denial-of-Service Attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Final Binding Operational Directive on Developing a Vulnerability Disclosure Policy

Sep 3, 2020

Original release date: September 3, 2020The Cybersecurity and Infrastructure Security Agency (CISA) has released Binding Operational Directive (BOD) 20-01, Develop and Publish a Vulnerability Disclosure Policy (VDP). BOD 20-01 requires each federal agency to publish a VDP. Publication of agency VDPs will make it easier for users to report vulnerabilities they find in the Federal Government’s internet-accessible systems. CISA released a draft version of BOD 20-01 for public comment in December 2019 and incorporated many of the received suggestions in the final version. CISA encourages users to review BOD 20-01 and the CISA blog post, Improving Vulnerability Disclosure Together (Officially) for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

September is National Preparedness Month

Sep 3, 2020

Original release date: September 3, 2020September is National Preparedness Month, which promotes family and community disaster planning. This year’s theme is “Disasters Don’t Wait. Make Your Plan Today.” The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators use this month as an opportunity to asses cybersecurity preparedness for cyber-related events, such as identity theft, ransomware infection, or a data breach. Learn more about preparing for a natural disaster or general emergency at Ready.gov/September. See Ready.gov/Cybersecurity and the following CISA Tips for resources on preparing for, and responding to, unexpected cyber-related events: Protecting Against Ransomware Avoiding Social Engineering and Phishing Attacks Preventing and Responding to Identity Theft Protecting Against Malicious Code This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Sep 3, 2020

Original release date: September 3, 2020Cisco has released security updates to address vulnerabilities in Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates: Jabber for Windows Message Handling Arbitrary Code Execution Vulnerability cisco-sa-jabber-UyTKCPGg Enterprise NFV Infrastructure Software File Overwrite Vulnerability cisco-sa-nfvis-file-overwrite-UONzPMkr Jabber for Windows Protocol Handler Command Injection Vulnerability cisco-sa-jabber-vY8M4KGB IOS XR Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-cli-privescl-sDVEmhqv IOS XR Software Authenticated User Privilege Escalation Vulnerability cisco-sa-iosxr-LJtNFjeN This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Releases Joint Advisory on Approaches to Uncovering and Remediating Malicious Activity

Sep 1, 2020

Original release date: September 1, 2020The Cybersecurity and Infrastructure Security Agency (CISA)—in collaboration with the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom—has released a joint Cybersecurity Advisory that highlights technical approaches to uncovering malicious activity. This Advisory includes steps to enhance incident response among partners and network administrators. CISA encourages users and administrators to review AA20-245A: Technical Approaches to Uncovering and Remediating Malicious Activity for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Advisory for DVMRP Vulnerability in IOS XR Software

Aug 31, 2020

Original release date: August 31, 2020Cisco has released a security advisory on a vulnerability—CVE-2020-3566—in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR software. This vulnerability affects Cisco devices running IOS XR software that have an active interface configured under multicast routing. A remote attacker could exploit this vulnerability to exhaust process memory of an affected device. This vulnerability was detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and take the following actions. Implement the recommended mitigations. Search for indicators of compromise. Apply the necessary update, when available. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

National Insider Threat Awareness Month

Aug 31, 2020

Original release date: August 31, 2020 | Last revised: September 1, 2020September is National Insider Threat Awareness Month (NIATM), which is a collaborative effort between the National Counterintelligence and Security Center (NCSC), National Insider Threat Task Force (NITTF), Office of the Under Secretary of Defense Intelligence and Security (USD(I&S)), Department of Homeland Security (DHS), and Defense Counterintelligence and Security Agency (DCSA) to emphasize the importance of detecting, deterring, and reporting insider threats.   NITAM 2020 will focus on “Resilience” by promoting personal and organizational resilience to mitigate risks posed by insider threats. The Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations to read NCSC’s NITAM 2020 endorsement and explore the following resources to learn how to protect against insider threats: Insider Threat Mitigation CISA Webinar: A Holistic Approach to Mitigating Insider Threats NITTF Resource Library Center for Development of Security Excellence: Insider Threat Awareness and Training This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips