US CERT Current Activity
Cisco Releases Security Update
Sep 21, 2018
Original release date: September 21, 2018 Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
ISC Releases Security Advisory for BIND
Sep 19, 2018
Original release date: September 19, 2018 The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). Under certain conditions, a remote attacker could exploit this vulnerability to modify records on an affected server.NCCIC encourages users and administrators to review the ISC advisory and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Sep 19, 2018
Original release date: September 19, 2018 Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Sep 19, 2018
Original release date: September 19, 2018 Cisco has released security updates to address multiple vulnerabilities in Cisco Webex Network Recording Player. A remote attacker could exploit these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices
Sep 18, 2018
Original release date: September 18, 2018 NCCIC will conduct a series of webinars on Protecting Enterprise Network Infrastructure Devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:Monday, September 24Thursday, September 27Tuesday, October 2Thursday, October 4NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Multiple Security Updates
Sep 17, 2018
Original release date: September 17, 2018 Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:Apple Support 2.4 for iOSSafari 12watchOS 5tvOS 12iOS 12 This product is provided subject to this Notification and this Privacy & Use policy.
MS-ISAC Releases Advisory on PHP Vulnerabilities
Sep 14, 2018
Original release date: September 14, 2018 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-101 and the PHP Downloads page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Potential Hurricane Florence Phishing Scams
Sep 14, 2018
Original release date: September 14, 2018 NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. Contact information for many charities is available on the BBB National Charity Report Index. User should also be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the hurricane.NCCIC encourages users and administrators to review the following resources for more information on phishing scams and malware campaigns:The Federal Trade Commission articles on Wise Giving After a Hurricane and How to Donate Wisely and Avoid Charity Scams,Using Caution with Email Attachments, andAvoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Update for Chrome
Sep 11, 2018
Original release date: September 11, 2018 Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system.NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases September 2018 Security Updates
Sep 11, 2018
Original release date: September 11, 2018 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Microsoft's September 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Sep 11, 2018
Original release date: September 11, 2018 Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-31 and APSB18-33 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
Sep 6, 2018
Original release date: September 06, 2018 VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information.NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox
Sep 5, 2018
Original release date: September 05, 2018 Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefox 62 and Firefox ESR 60.2 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Sep 5, 2018
Original release date: September 05, 2018 Cisco has released updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Problems with Automatic DNS Registration and Autodiscovery
Sep 5, 2018
Original release date: September 05, 2018 The CERT Coordination Center (CERT/CC) has released information on problems associated with small office/home office routers using automatic Domain Name System (DNS) registration and autodiscovery. An attacker could exploit these problems to obtain sensitive information.NCCIC encourages users and administrators to review CERT/CC's VU#598349 for further information and mitigation recommendations. This product is provided subject to this Notification and this Privacy & Use policy.
September is National Preparedness Month
Sep 5, 2018
Original release date: September 05, 2018 National Preparedness Month is a good opportunity to assess your emergency preparedness. While general preparedness is essential to getting through an emergency related to a natural disaster, the same is true of preparing for a cyber-related event, such as identity theft or a ransomware infection.NCCIC encourages users and administrators to be prepared in case of a cyber-related event by regularly backing up files, keeping digital copies of important documents somewhere other than your computer (e.g., in the cloud), and regularly running antivirus scans.Learn more about individual and family emergency preparedness at Ready.gov. For additional resources on preparing for and responding to unexpected cyber-related events, see Ready.gov/Cybersecurity and the following NCICC Tips:Handling Destructive Malware,Preventing and Responding to Identity Theft, andRansomware. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Update for Chrome
Sep 4, 2018
Original release date: September 04, 2018 Google has released Chrome version 69.0.3497.81 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Update
Aug 28, 2018
Original release date: August 28, 2018 Cisco has released a security update to address a vulnerability in Cisco Data Center Network Manager. A remote attacker could exploit this vulnerability to obtain access to sensitive information.NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
FTC Promotes Resources to Prevent Cyberbullying
Aug 28, 2018
Original release date: August 28, 2018 The Federal Trade Commission (FTC) has released an announcement on the importance of addressing cyberbullying. As children return to school, FTC encourages parents and educators to monitor kids' online activity and engage in conversations about preventing cyberbullying.NCCIC encourages users to review FTC’s article and the following resources for more information:Stand Up to Cyberbullying videoStopBullying.gov websiteDealing with Cyberbullies tipKeeping Children Safe Online tip This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Update for Creative Cloud
Aug 28, 2018
Original release date: August 28, 2018 Adobe has released a security update to address a vulnerability in Adobe Creative Cloud Desktop Application. An attacker could exploit this vulnerability to cause a denial-of-service condition.NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-32 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
