US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Cisco Releases Security Updates

Oct 18, 2017

Original release date: October 18, 2017 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Cloud Services Platform 2100 Unauthorized Access Vulnerability cisco-sa-20171018-ccsFXOS and NX-OS System Software Authentication, Authorization, and Accounting Denial-of-Service Vulnerability cisco-sa-20171018-aaavtySmall Business SPA50x, SPA51x, and SPA52x Series IP Phones SIP Denial-of-Service Vulnerability cisco-sa-20171018-sip1Small Business SPA51x Series IP Phones SIP Denial-of-Service Vulnerability cisco-sa-20171018-sip This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Oct 18, 2017

Original release date: October 18, 2017 Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases Security Bulletin

Oct 17, 2017

Original release date: October 17, 2017 Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.Users and administrators are encouraged to review the Oracle October 2017 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IC3 Issues Alert on DDoS Attacks

Oct 17, 2017

Original release date: October 17, 2017 The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT's Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IC3 Issues Alert on IoT Devices

Oct 17, 2017

Original release date: October 17, 2017 In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Today’s Predictions for Tomorrow’s Internet

Oct 17, 2017

Original release date: October 17, 2017 October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Smart cities, connected devices, digitized records, as well as smart cars and homes, have become a new reality. While there are tremendous benefits to this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways. The National Cyber Security Alliance has released Online Cybersecurity Advice to help users access digital innovations safely and efficiently.US-CERT encourages users and administrators to review the following resources:DHS steps to Protecting Your Digital Home,Stop.Think.Connect. tips on Internet of Things and Mobile Security,US-CERT Tip on Cybersecurity for Electronic Devices, andDHS webpage on Securing the Internet of Things. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Oct 16, 2017

Original release date: October 16, 2017 Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CERT/CC Reports WPA2 Vulnerabilities

Oct 16, 2017

Original release date: October 16, 2017 CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update

Oct 11, 2017

Original release date: October 11, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases October 2017 Security Updates

Oct 10, 2017

Original release date: October 10, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Microsoft's October 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cybersecurity in the Workplace is Everyone’s Business

Oct 10, 2017

Original release date: October 10, 2017 October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources including standards, guidelines, and best practices to help organizations of all sizes to strengthen cyber resilience.US-CERT encourages organizations and employees to review the following resources:NIST Cybersecurity Framework,DHS Stop.Think.Connect. Toolkit,National Cyber Security Alliance Workplace Tips, andUS-CERT Home and Business Networks page.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for macOS High Sierra

Oct 5, 2017

Original release date: October 05, 2017 Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information.US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Oct 4, 2017

Original release date: October 04, 2017 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Adaptive Security Appliance Software Direct Authentication Denial-of-Service Vulnerability cisco-sa-20171004-asaFirepower Detection Engine IPv6 Denial-of-Service Vulnerability cisco-sa-20171004-fpsnortFirepower Detection Engine SSL Decryption Memory Consumption Denial-of-Service Vulnerability cisco-sa-20171004-ftd This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Releases Security Updates for Apache Tomcat

Oct 3, 2017

Original release date: October 03, 2017 The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.US-CERT encourages users and administrators to review the Apache security advisory for CVE-2017-12617 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Update for iOS

Oct 3, 2017

Original release date: October 03, 2017 Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.2 and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Tragic-Event-Related Scams

Oct 3, 2017

Original release date: October 03, 2017 In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:Review information from the Federal Trade Commission on Charity Giving, which includes links to check if charity organizations are legitimate.Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Tip on Using Caution with Email Attachments.Refer to US-CERT's Tip on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

National Cybersecurity Awareness Month: Simple Steps to Online Safety

Oct 3, 2017

Original release date: October 03, 2017 October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.US-CERT encourages users and administrators to review NCSA’s guidance for online safety basics and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for additional information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Dnsmasq Contains Multiple Vulnerabilities

Oct 2, 2017

Original release date: October 03, 2017 Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

October is National Cybersecurity Awareness Month

Oct 1, 2017

Original release date: October 01, 2017 October is National Cybersecurity Awareness Month (NCSAM). NSCAM is a collaborative effort between DHS and its public and private partners-including the National Cyber Security Alliance (NCSA)-to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. US-CERT will be participating in NCSAM through weekly posts in the Current Activity section of the US-CERT website. Over the course of the month, these will touch onbasic online safety,cybersecurity at work,protecting personal information,careers in cybersecurity, andcybersecurity and critical infrastructure.Users and administrators are encouraged to review the Stay Safe Online NCSAM page and the Stay Safe Online NCSAM Events page for additional information and details on NCSA events. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

DNSSEC Key Signing Key Rollover Postponed

Sep 29, 2017

Original release date: September 29, 2017 The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that the change to the Root Zone Key Signing Key (KSK) scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been determined.DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.Users and administrators are encouraged to review ICAAN announcement KSK Rollover Postponed and the US-CERT Current Activity on DNSSEC Key Signing Key Rollover for more information.US-CERT will provide additional information as it becomes available. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips