US CERT Current Activity
Tips for a Cyber Safe Vacation
May 24, 2019
Original release date: May 24, 2019 As summer nears, many people will soon be taking vacations. When planning vacations, users should be aware of potential rental scams and “free” vacation ploys. Travelers should also keep in mind risks related to travelling with mobile devices.The Cybersecurity and Information Security Agency (CISA) encourages travelers to review the following suggested tips and security practices to keep their vacation cyber safe:Building a Digital Defense Against Vacation Rental ScamsMake It a Scam-Free VacationTravel TipsHoliday Traveling with Personal Internet-Enabled DevicesCybersecurity While Travelling This product is provided subject to this Notification and this Privacy & Use policy.
Privacy Awareness Week
May 22, 2019
Original release date: May 22, 2019 The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “Protecting Privacy is Everyone’s Responsibility,” focuses on promoting privacy awareness for consumers and businesses.The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers and organizations to review FTC’s post and consider the following practices to protect privacy and safeguard data:Use and maintain anti-virus software and a firewall.Regularly scan your computer for spyware.Keep software up to date.Remove unused apps and software programs.Use strong passwords and encrypt sensitive files.Follow good security habits. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox
May 21, 2019
Original release date: May 21, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 67 and Firefox ESR 60.7 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Staying Cyber Safe During Memorial Day
May 20, 2019
Original release date: May 20, 2019 As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks associated with online shopping and traveling with mobile devices.CISA recommends users review the following tips for information on how to guard against these risks:Using Caution with Email AttachmentsAvoiding Social Engineering and Phishing AttacksCybersecurity for Electronic DevicesShopping Safely OnlineHoliday Traveling with Personal Internet-Enabled Devices This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability
May 16, 2019
Original release date: May 16, 2019 Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008Out-of-support systems: Windows 2003 and Windows XPA remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
May 15, 2019
Original release date: May 15, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates
May 14, 2019
Original release date: May 14, 2019 VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
May 14, 2019
Original release date: May 14, 2019 Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases May 2019 Security Updates
May 14, 2019
Original release date: May 14, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Intel Releases Security Updates, Mitigations for Multiple Products
May 14, 2019
Original release date: May 14, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available. This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
May 14, 2019
Original release date: May 14, 2019 The Samba Team has released security updates to address a vulnerability in Samba. An attacker could exploit this vulnerability take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2018-16860 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Facebook Releases Security Advisory for WhatsApp
May 14, 2019
Original release date: May 14, 2019 Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Multiple Security Updates
May 14, 2019
Original release date: May 14, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:watchOS 5.2.1Safari 12.1.1Apple TV Software 7.3tvOS 12.3iOS 12.3macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
May 13, 2019
Original release date: May 13, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Cisco IOS XE Software Web UI Command Injection Vulnerability cisco-sa-20190513-webuiCisco Secure Boot Hardware Tampering Vulnerability cisco-sa-20190513-secureboot This product is provided subject to this Notification and this Privacy & Use policy.
North Korean Malicious Cyber Activity
May 9, 2019
Original release date: May 09, 2019 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as ELECTRICFISH—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-21 and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Update
May 9, 2019
Original release date: May 09, 2019 Drupal has released a security update to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-007 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Update for Elastic Services Controller
May 7, 2019
Original release date: May 07, 2019 Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
PrinterLogic Print Management Software Vulnerabilities
May 5, 2019
Original release date: May 05, 2019 The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#1629249 and consider the listed workarounds until patches are made available. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
May 1, 2019
Original release date: May 01, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Apr 30, 2019
Original release date: April 30, 2019 Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
