US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

FTC Releases Article on Choosing VPN Apps for Mobile Phones

Feb 22, 2018

Original release date: February 22, 2018 The Federal Trade Commission (FTC) has issued guidance to consumers considering using a Virtual Private Network (VPN) for their mobile phones. Some mobile phone users choose to use VPNs to shield the information on their phones when using public Wi-Fi networks.NCCIC/US-CERT encourages consumers to review the FTC article for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Drupal Releases Security Updates

Feb 21, 2018

Original release date: February 21, 2018 Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.57 or 8.4.5. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IC3 Issues Alert on Increase in W-2 Phishing Campaigns

Feb 21, 2018

Original release date: February 21, 2018 The Internet Crime Complaint Center (IC3) has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.NCCIC/US-CERT encourages taxpayers to review the IC3 Alert and refer to the NCCIC/US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of a phishing campaign, report it to IC3 at www.ic3.gov This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates for Multiple Products

Feb 21, 2018

Original release date: February 21, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Unified Communications Domain Manager Remote Code Execution Vulnerability cisco-sa-20180221-ucdmElastic Services Controller Service Portal Authentication Bypass Vulnerability cisco-sa-20180221-escElastic Services Controller Service Portal Unauthorized Access Vulnerability cisco-sa-20180221-esc1Unified Customer Voice Portal Interactive Voice Response Connection Denial of Service Vulnerability cisco-sa-20180221-cvp This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases February 2018 Security Updates

Feb 13, 2018

Original release date: February 13, 2018 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review Microsoft's February 2018 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Feb 13, 2018

Original release date: February 13, 2018 Adobe has released security updates to address vulnerabilities in Adobe Experience Manager. A remote attacker could exploit these vulnerabilities to take control of an affected system.                  NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-04 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

North Korean Malicious Cyber Activity

Feb 13, 2018

Original release date: February 13, 2018 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as HARDRAIN and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.NCCIC/US-CERT encourages users and administrators to review the HIDDEN COBRA - North Korean Malicious Cyber Activity page, which contains links to Malware Analysis Reports MAR-10135536-F and MAR-10135536-G, for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates for Multiple Products

Feb 7, 2018

Original release date: February 07, 2018 Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.RV132W and RV134W Remote Code Execution and Denial of Service Vulnerability cisco-sa-20180207-rv13xVirtualized Packet Core-Distributed Instance Denial of Service Vulnerability  cisco-sa-20180207-vpcdiUCS Central Arbitrary Command Execution Vulnerability cisco-sa-20180207-ucscPolicy Suite RADIUS Authentication Bypass Vulnerability cisco-sa-20180207-cps This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates for Flash Player

Feb 6, 2018

Original release date: February 06, 2018 Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.                 NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-03 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Feb 5, 2018

Original release date: February 05, 2018 Cisco has released an updated advisory and security updates to address a vulnerability affecting its Adaptive Security Appliance software. A remote attacker could exploit this vulnerability to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review Cisco's updated Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Safer Internet Day

Feb 5, 2018

Original release date: February 05, 2018 February 6, 2018, is Safer Internet Day (SID), a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's SID theme—Create, Connect and Share Respect: A better Internet starts with you—encourages everyone to play their part in creating a better, safer, and more secure Internet.NCCIC/US-CERT encourages users to view the Safer Internet Day website and the following tips:Keeping Children Safe OnlineDealing with CyberbulliesRethink Cyber Safety Rules and the “Tech Talk” with Your Teens This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FTC Warns of Online Dating Scams

Feb 1, 2018

Original release date: February 01, 2018 The Federal Trade Commission (FTC) has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.To stay safer online, review the FTC article on Online Dating Scams and the NCCIC/US-CERT tip on Staying Safe on Social Networking Sites. If you think you have been a victim of an online dating scam, report your experience tothe online dating site,the Federal Trade Commission, andthe Federal Bureau of Investigation's Internet Crime Complaint Center. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IC3 Warns of Impersonation Scams

Feb 1, 2018

Original release date: February 01, 2018 The Internet Crime Complaint Center (IC3) has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited messages.NCCIC/US-CERT encourages consumers to refer to the IC3 Alert and the NCCIC/US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pyeongchang 2018: Staying Cyber Safe during the Olympics

Feb 1, 2018

Original release date: February 01, 2018 As the 2018 Olympic Games in Pyeongchang approach, NCCIC/US-CERT reminds travelers to be aware of cybersecurity risks. At high-profile events, cyber activists may take advantage of the large audience to spread their message. Cyber criminals may attempt to steal personally identifiable information or harvest users’ credentials for financial gain. There is also the possibility that mobile or other communications will be monitored.NCCIC/US-CERT encourages users to protect themselves against these risks—especially risks associated with portable devices such as smart phones and tablets—by taking the following actions:Switch off Wi-Fi and Bluetooth connections when not in use.Use a credit card to pay for online goods and services.When using a public or unsecured wireless connection, avoid using sites and applications that require personal information like log-ins.Update mobile software.Use strong PINs and passwords.Using the security practices suggested in the resources listed below will also help travelers stay more secure in Pyeongchang and other travel destinations:NCCIC/US-CERT Security Tip ST13-002: International Mobile Safety TipsNCCIC/US-CERT Security Tip ST05-017: Cybersecurity for Electronic DevicesStop.Think.Connect. Tip Card: Cybersecurity While TravelingFederal Communications Commission Smartphone Security Checker This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Jan 31, 2018

Original release date: January 31, 2018 Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router (ASR) 9000 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update for Firefox

Jan 30, 2018

Original release date: January 30, 2018 Mozilla has released a security update to address a vulnerability in Firefox. Exploitation of this vulnerability may allow an attacker to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 58.0.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Jan 29, 2018

Original release date: January 29, 2018 Cisco has released a security update to address a vulnerability in its Adaptive Security Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Tax Identity Theft Awareness Week

Jan 29, 2018

Original release date: January 29, 2018 Tax Identity Theft Awareness Week is January 29 to February 2, and many federal agencies are offering information and resources to help consumers learn to protect themselves from tax-related identity theft and Internal Revenue Service (IRS) imposter scams.NCCIC/US-CERT encourages consumers to review IRS publication Taxes.Security.Together. and NCCIC/US-CERT Tip Preventing and Responding to Identity Theft. Users can also participate in a series of free webinars and chats on avoiding tax identity theft, hosted by the Federal Trade Commission, IRS, Department of Veterans Affairs, and others.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

Jan 26, 2018

Original release date: January 26, 2018 VMware has released security updates to address vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit these vulnerabilities to take control of an affected system.NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0006 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Data Privacy Day

Jan 26, 2018

Original release date: January 26, 2018 January 28 is Data Privacy Day (DPD), an annual international effort to promote the importance of data privacy. DPD is sponsored in the United States by the National Cyber Security Alliance (NCSA) with the theme, Respecting Privacy, Safeguarding Data, and Enabling Trust.The NCSA Stay Safe Online website features a recording of the Data Privacy Day 2018 – Live From LinkedIn event, which includes presentations on privacy management, location tracking, and business and privacy. NCCIC/US-CERT encourages users and administrators to review basic privacy tips from Stay Safe Online, and related resources from NCCIC/US-CERT:Safeguarding Your Data,Protecting Your Privacy,Avoiding Social Engineering and Phishing Attacks, andPreventing and Responding to Identity Theft. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips