US CERT Current Activity
FTC Releases Alert on Tech-Support Scams
Jun 23, 2017
Original release date: June 23, 2017 The Federal Trade Commission (FTC) has released an alert on technical-support scams. In these schemes, deceptive tech-support operations offer to fix problems that don't exist, placing calls or sending pop-ups to make people think their computers are infected with viruses. Users should not give control of their computers to any stranger offering to fix problems.US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information. This product is provided subject to this Notification and this Privacy & Use policy.
IC3 Issues Internet Crime Report for 2016
Jun 21, 2017
Original release date: June 21, 2017 The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Jun 21, 2017
Original release date: June 21, 2017 Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Jun 21, 2017
Original release date: June 21, 2017 Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Prime Infrastructure and Evolved Programmable Network Manager XML Injection Vulnerability cisco-sa-20170621-piepnm1Virtualized Packet Core – Distributed Instance Denial-of-Service Vulnerability cisco-sa-20170621-vpcWebEx Network Recording Player Multiple Buffer Overflow Vulnerabilities cisco-sa-20170621-wnrp This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Update
Jun 15, 2017
Original release date: June 15, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.2 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Jun 15, 2017
Original release date: June 15, 2017 Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
ISC Releases Security Updates for BIND
Jun 14, 2017
Original release date: June 15, 2017 The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities to take control of an affected system.Available updates include:BIND version 9.11.1-P1BIND version 9.10.5-P1BIND version 9.9.10-P1ISC recommends disabling LMDB (liblmdb) until BIND 9.11.2 is released later this summer. US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01497 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases June 2017 Security Updates
Jun 13, 2017
Original release date: June 13, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.US-CERT encourages users and administrators to review Microsoft's June 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates
Jun 13, 2017
Original release date: June 13, 2017 Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 54 and Firefox ESR 52.2 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Jun 13, 2017
Original release date: June 13, 2017 Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-17, APSB17-18, APSB17-19, and APSB17-20 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
FTC Recommends Steps to Protect Against Mobile Phone Theft
Jun 8, 2017
Original release date: June 08, 2017 The Federal Trade Commission (FTC) has released an alert about the theft of mobile phones and the best way to prepare for and recover from this kind of theft. Precautionary steps include regularly backing up the data on the phone, using strong passwords, and using two-factor authentication on any accounts on the phone.US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Jun 7, 2017
Original release date: June 07, 2017 Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:Prime Data Center Network Manager Debug Remote-Code-Execution Vulnerability cisco-sa-20170607-dcnm1Prime Data Center Network Manager Server Static Credential Vulnerability cisco-sa-20170607-dcnm2AnyConnect Local-Privilege-Escalation Vulnerability cisco-sa-20170607-anyconnectTelePresence Endpoint Denial-of-Service Vulnerability cisco-sa-20170607-tele This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
Jun 7, 2017
Original release date: June 07, 2017 VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Jun 6, 2017
Original release date: June 06, 2017 Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
SEI Issues Advice on Ransomware
Jun 1, 2017
Original release date: June 01, 2017 The Software Engineering Institute (SEI) of Carnegie Mellon University has released a blog post on best practices for preventing and responding to ransomware. This common malware captures, encrypts, and holds your data to extort a ransom. SEI’s top recommendation to thwart ransomware attacks is to back up your important files regularly.US-CERT encourages users and administrators to review SEI's blog post and US-CERT's Security Publication on Ransomware for more information. This product is provided subject to this Notification and this Privacy & Use policy.
FBI Releases Article on Protecting Business Email Systems
May 31, 2017
Original release date: May 31, 2017 The Federal Bureau of Investigation (FBI) has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use of free web-based email accounts; using multi-factor authentication; and updating firewalls, antivirus programs, and spam filters.US-CERT encourages users and administrators to review the FBI article for more information and refer to US-CERT Tips on Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.
FTC Releases Alert on Identity Theft
May 25, 2017
Original release date: May 25, 2017 The Federal Trade Commission (FTC) has released an alert about how quickly criminals begin using your personal information once it is posted to a hacker site by an identity thief. FTC researchers found that it can take as few as 9 minutes for crooks to access stolen personal information posted to hacker sites. To prevent identity theft, a user should follow password security best practices, such as multi-factor authentication, which requires a user to simultaneously present multiple pieces of information to verify their identity.US-CERT encourages users to refer to the FTC alert and the US-CERT Tips on Preventing and Responding to Identity Theft, Choosing and Protecting Passwords, and Supplementing Passwords for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
May 24, 2017
Original release date: May 24, 2017 The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches. This product is provided subject to this Notification and this Privacy & Use policy.
ICS-CERT Releases WannaCry Fact Sheet
May 17, 2017
Original release date: May 17, 2017 The Industrial Control Systems Cybersecurity Emergency Response Team (ICS-CERT) has released a short overview of the WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads, what users should do if they have been infected, and how to protect against similar attacks in the future.US-CERT encourages users and administrators to review the ICS-CERT Fact Sheet on WannaCry and the US-CERT Current Activity on the topic. For more technical details, please consult TA17-132A, Indicators Associated With WannaCry Ransomware. This product is provided subject to this Notification and this Privacy & Use policy.
Joomla! Releases Security Update for CMS
May 17, 2017
Original release date: May 17, 2017 Joomla! has released version 3.7.1 of its Content Management System (CMS) software to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website.Users and administrators are encouraged to review the Joomla! Security Release and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
