US CERT Current Activity
CISA Insights: Ransomware Outbreak
Aug 21, 2019
Original release date: August 21, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the following key areas to help organizations protect themselves from ransomware attacks—a top priority for CISA: Actions for Today – Make Sure You’re Not Tomorrow’s Headline Actions to Recover If Impacted – Don’t Let a Bad Day Get Worse Actions to Secure Your Environment Going Forward – Don’t Let Yourself be an Easy Mark CISA urges organizations to review CISA Insights – Ransomware Outbreak, implement the recommendations, and visit the CISA resource page on ransomware for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Cyber Safety for Students
Aug 20, 2019
Original release date: August 20, 2019As summer break ends, many students will return to school with mobile devices, such as smart phones, tablets, and laptops. Although these devices can help students complete schoolwork and stay in touch with family and friends, there are risks associated with using them. However, there are simple steps that can help students stay safe while using their internet-connected devices. The Cybersecurity and Infrastructure Security Agency (CISA) recommends reviewing the following resources for more information on cyber safety for students: Stop.Think.Connect. Toolkit Stay Safe Online Before You Connect a New Computer to the Internet Keeping Children Safe Online Rethink Cyber Safety Rules and the “Tech Talk” with Your Teens Concerned Parent’s Internet Safety Toolbox This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability
Aug 15, 2019
Original release date: August 15, 2019Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
IRS Security Summit Series for Tax Professionals: Create a Data Theft Recovery Plan
Aug 14, 2019
Original release date: August 14, 2019The fifth and final step in the Internal Revenue Service (IRS) Security Summit series for tax professionals is creating a data theft recovery plan. IRS issued a news release highlighting the importance of understanding the risks posed by national and international cybersecurity criminal syndicates, working with cybersecurity experts to help prevent and stop data theft, and reporting data theft as soon as possible. Creating a data theft recovery plan is part of the Taxes. Security. Together. Checklist, which IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the following Security Summit series topics for more information: Deploying “Security Six” basic safeguards Creating a data security plan Educating yourself on phishing scams Recognizing the signs of client data theft This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
Aug 14, 2019
Original release date: August 14, 2019Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-1181 and CVE-2019-1182, in the following operating systems: Windows 7 SP1 Windows Server 2008 R2 SP1 Windows Server 2012 Windows 8.1 Windows Server 2012 R2 Windows 10 Windows Server 2016 Windows Server 2019 An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and users and administrators to review the following resources and apply the necessary updates: Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182) Microsoft Security Vulnerability Information for CVE-2019-1181 Microsoft Security Vulnerability Information for CVE-2019-1182 Microsoft Security Blog Post: Protect Against BlueKeep Microsoft Customer Guidance for CVE-2019-0708 This product is provided subject to this Notification and this Privacy & Use policy.
Multiple HTTP/2 Implementation Vulnerabilities
Aug 14, 2019
Original release date: August 14, 2019The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2 implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS) condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases August 2019 Security Updates
Aug 13, 2019
Original release date: August 13, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s August 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Intel Releases Security Updates
Aug 13, 2019
Original release date: August 13, 2019Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates: RAID Web Console 2 Advisory INTEL-SA-00246 NUC Advisory INTEL-SA-00272 Authenticate Advisory INTEL-SA-00275 Driver and Support Assistant Advisory INTEL-SA-00276 Remote Displays SDK Advisory INTEL-SA-00277 Processor Identification Utility for Windows Advisory INTEL-SA-00281 Computing Improvement Program Advisory INTEL-SA-00283 This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Aug 13, 2019
Original release date: August 13, 2019Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates: After Effects CC APSB19-31 Character Animator CC APSB19-32 Premiere Pro CC APSB19-33 Prelude CC APSB19-35 Creative Cloud Desktop Application APSB19-39 Acrobat and Reader APSB19-41 Experience Manager APSB19-42 Photoshop CC APSB19-44 This product is provided subject to this Notification and this Privacy & Use policy.
NCSA Webinar on Cybersecurity for Small Businesses
Aug 9, 2019
Original release date: August 9, 2019The National Cyber Security Alliance (NCSA) and INFOSEC are hosting a webinar to educate small businesses on how to protect against phishing, vishing, and smishing threats. The webinar will be held on Tuesday, August 13, 2019 from 2-3 p.m. ET. The Cybersecurity and Infrastructure Agency (CISA) encourages small businesses to register for the webinar and visit CISA’s Resources for Business page to learn how to defend against cyber criminals. This product is provided subject to this Notification and this Privacy & Use policy.
ACSC Releases Advisory on Password Spraying Attacks
Aug 8, 2019
Original release date: August 8, 2019<br/><p>The Australian Cyber Security Centre (ACSC) has released an advisory on password spraying attacks. <a href="https://attack.mitre.org/techniques/T1110/">Password spraying</a> is a type of brute-force attack in which a malicious actor uses a single password against targeted user accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts.<br /> <br /> The ACSC provides recommendations for organizations to detect and mitigate these types of attacks against their external services, such as webmail, remote desktop access, or cloud-based services.<br /> <br /> The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on <a href="https://www.cyber.gov.au/publications/advisory-2019-130-password-spray-attacks-detection-and-mitigation-strategies">password spraying attacks</a> and the following CISA tips:<br /> • <a href="https://www.us-cert.gov/ncas/tips/ST04-002">Choosing and Protecting Passwords</a><br /> • <a href="https://www.us-cert.gov/ncas/tips/ST05-012">Supplementing Passwords</a></p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Google Releases Security Updates for Chrome
Aug 8, 2019
Original release date: August 8, 2019<br/><p>Google has released Chrome version 76.0.3809.100 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.<br /> <br /> The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the <a href="https://chromereleases.googleblog.com/2019/08/stable-channel-update-for-desktop.html">Chrome Release</a> and apply the necessary updates.</p> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
Cisco Releases Security Updates for Multiple Products
Aug 8, 2019
Original release date: August 8, 2019<br/><p>Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.</p> <p>The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:</p> <ul> <li>Webex Network Recording Player and Webex Player Arbitrary Code Execution Vulnerabilities <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-webex-player">cisco-sa-20190807-webex-player</a></li> <li>Enterprise NFV Infrastructure Software VNC Authentication Bypass Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-nfvis-vnc-authbypass">cisco-sa-20190807-nfvis-vnc-authbypass</a></li> <li>IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1918">cisco-sa-20190807-iosxr-isis-dos-1918</a></li> <li>IOS XR Software Intermediate System-to-Intermediate System Denial of Service Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-iosxr-isis-dos-1910">cisco-sa-20190807-iosxr-isis-dos-1910</a></li> <li>Adaptive Security Appliance Software Web-Based Management Interface Privilege Escalation Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190807-asa-privescala">cisco-sa-20190807-asa-privescala</a></li> <li>Small Business 220 Series Smart Switches Remote Code Execution Vulnerabilities <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-rce">cisco-sa-20190806-sb220-rce</a></li> <li>Small Business 220 Series Smart Switches Authentication Bypass Vulnerability <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190806-sb220-auth_bypass">cisco-sa-20190806-sb220-auth_bypass</a></li> </ul> <div class="field field--name-body field--type-text-with-summary field--label-hidden field--item"><p class="privacy-and-terms">This product is provided subject to this <a href="https://www.us-cert.gov/privacy/notification">Notification</a> and this <a href="https://www.dhs.gov/privacy-policy">Privacy & Use</a> policy.</p> </div>
SWAPGS Spectre Side-Channel Vulnerability
Aug 6, 2019
Original release date: August 6, 2019The Cybersecurity and Infrastructure Security Agency (CISA) is aware of a vulnerability (CVE-2019-1125) known as SWAPGS, which is a variant of Spectre Variant 1—that affects modern computer processors. This vulnerability can be exploited to steal sensitive data present in a computer systems' memory. Spectre is a flaw an attacker can exploit to force a program to reveal its data. The name derives from "speculative execution"—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones. CISA encourages users and administrators to review the following guidance, refer to their hardware and software vendors for additional details, and apply an appropriate patch when available: Microsoft: Windows Kernel Information Disclosure Vulnerability Red Hat: Spectre SWAPGS gadget vulnerability Google: Spectre Side Channels This product is provided subject to this Notification and this Privacy & Use policy.
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
Aug 6, 2019
Original release date: August 6, 2019In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to these events. To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures: Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments. Review CISA’s Tip on Staying Safe on Social Networking Sites. Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks. Review the information from the Federal Trade Commission on Before Giving to a Charity. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for Multiple Products
Aug 3, 2019
Original release date: August 3, 2019VMware has released a security advisory to address vulnerabilities affecting multiple products. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0012 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
Cylance Antivirus Vulnerability
Aug 2, 2019
Original release date: August 2, 2019The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Cylance Antivirus products. A remote attacker could bypass Cylance antivirus detection. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#489481 and the Cylance Resolution for BlackBerry Cylance Bypass webpage for patch information and additional recommended workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
IRS Reminds Tax Professionals: Beware Phishing Emails
Aug 1, 2019
Original release date: August 1, 2019The Internal Revenue Service (IRS) has issued a news release warning tax professionals of the continued threat of phishing emails. Phishing emails are one of the most common ways cyber criminals steal sensitive data. Educating personnel on the risks posed by phishing emails is part of the Taxes. Security. Together. Checklist, which IRS created to help tax professionals protect sensitive taxpayer data. The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals to review the IRS news release and the CISA Tip on Avoiding Social Engineering and Phishing Attacks for more information. This product is provided subject to this Notification and this Privacy & Use policy.
NIST Publishes Multifactor Authentication Practice Guide
Aug 1, 2019
Original release date: August 1, 2019The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) has published NIST Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce. The guide provides e-commerce organizations multifactor authentication (MFA) protection methods they can implement to reduce fraudulent purchases. The Cybersecurity and Infrastructure Security Agency (CISA) encourages e-commerce organizations to download the guide to learn how to prevent e-commerce fraud using MFA solutions. This product is provided subject to this Notification and this Privacy & Use policy.
FTC Releases Alert on the Capital One Data Breach
Aug 1, 2019
Original release date: August 1, 2019The Federal Trade Commission (FTC) has released an alert on the Capital One data breach that exposed the personal information of 106 million Capital One credit card customers and applicants. FTC reminds users to check and monitor their credit report to protect against identify theft and to be aware of potential phishing scams related to the breach. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to refer to the FTC alert on the Capital One data breach and the CISA Tips on Preventing and Responding to Identity Theft and Avoiding Social Engineering and Phishing Attacks for more information. This product is provided subject to this Notification and this Privacy & Use policy.
