US CERT Current Activity
Drupal Releases Security Updates
Mar 20, 2019
Original release date: March 20, 2019 Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Advisories for Multiple Products
Mar 20, 2019
Original release date: March 20, 2019 Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptvCisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudosCisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipabCisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rceCisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox
Mar 19, 2019
Original release date: March 19, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Ending Support for Windows 7
Mar 19, 2019
Original release date: March 19, 2019 All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:Technical support for any issuesSoftware updatesSecurity updates or fixesComputers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ. This product is provided subject to this Notification and this Privacy & Use policy.
Now Available: Recording of Chinese Malicious Cyber Activity Briefing
Mar 19, 2019
Original release date: March 19, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs). CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese Malicious Cyber Activity for more information. This product is provided subject to this Notification and this Privacy & Use policy.
New Zealand Tragedy-Related Scams and Malware Campaigns
Mar 15, 2019
Original release date: March 15, 2019 In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.Review CISA’s Tip on Staying Safe on Social Networking Sites.Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.Review the information from the Federal Trade Commission on Before Giving to a Charity. This product is provided subject to this Notification and this Privacy & Use policy.
Intel Releases Security Advisories on Multiple Products
Mar 15, 2019
Original release date: March 15, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for Workstation and Horizon
Mar 15, 2019
Original release date: March 15, 2019 VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Update for Azure Linux Guest Agent
Mar 14, 2019
Original release date: March 14, 2019 Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
MS-ISAC Releases Security Primer on TrickBot Malware
Mar 14, 2019
Original release date: March 14, 2019 The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Primer – TrickBot for more information and best practice recommendations. This product is provided subject to this Notification and this Privacy & Use policy.
WordPress Releases Security Update
Mar 14, 2019
Original release date: March 14, 2019 WordPress 5.1 and prior versions are affected by a vulnerability. An attacker could exploit this vulnerability to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.1.1. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Mar 13, 2019
Original release date: March 13, 2019 Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:Common Services Platform Collector Static Credential Vulnerability cisco-sa-20190313-cspcscvSmall Business SPA514G IP Phones SIP Denial of Service Vulnerability cisco-sa-20190313-sip This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Mar 13, 2019
Original release date: March 13, 2019 Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases March 2019 Security Updates
Mar 12, 2019
Original release date: March 12, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Mar 12, 2019
Original release date: March 12, 2019 Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Mar 7, 2019
Original release date: March 07, 2019 Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
ICSJWG Spring Meeting and Call for Abstracts (Deadline Extended)
Mar 7, 2019
Original release date: March 07, 2019 The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. The Spring Meeting kicks off the 10th anniversary of ICSJWG biannual meetings.ICSJWG has extended its deadline for abstracts to be presented at the meeting to 5 p.m. ET, March 15, 2019.The Cybersecurity and Infrastructure Security Agency (CISA) ICSJWG facilitates information sharing to reduce the risk to the Nation’s industrial control systems.Visit the ICSJWG website for registration and submission information. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Mar 6, 2019
Original release date: March 06, 2019 Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams
Mar 4, 2019
Original release date: March 04, 2019 The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users’ personal information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review the IRS’s Dirty Dozen alert, check the IRS website for more daily Dirty Dozen tax scams, and see CISA’s Tip on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for ColdFusion
Mar 1, 2019
Original release date: March 01, 2019 Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB19-14 and apply the necessary updates or mitigation. This product is provided subject to this Notification and this Privacy & Use policy.
