US CERT Current Activity
VMware Publishes Workarounds for Vulnerabilities in vRealize Operations Manager
May 11, 2020
Original release date: May 11, 2020VMware has published workarounds to address unpatched vulnerabilities in vRealize Operations Manager (vROps). A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
May 7, 2020
Original release date: May 7, 2020Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
May 6, 2020
Original release date: May 6, 2020Google has released Chrome version 81.0.4044.138 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox and Firefox ESR
May 6, 2020
Original release date: May 6, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 76 and Firefox ESR 68.8 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Unpatched Oracle WebLogic Servers Vulnerable to CVE-2020-2883
May 1, 2020
Original release date: May 1, 2020Oracle has released a blog post warning users that a previously disclosed Oracle WebLogic Server remote code execution vulnerability (CVE-2020-2883) is being exploited in the wild. Oracle disclosed the vulnerability and provided software patches in their April 2020 Critical Patch Update; however, malicious cyber actors are now known to be targeting unpatched servers. The Cybersecurity and Infrastructure Security Agency (CISA) urges users and administrators to review the Oracle Blog and the April 2020 Critical Patch Updates for more information and apply the necessary patches as soon as possible. This product is provided subject to this Notification and this Privacy & Use policy.
SaltStack Patches Critical Vulnerabilities in Salt
May 1, 2020
Original release date: May 1, 2020SaltStack has released a security update to address critical vulnerabilities affecting Salt versions prior to 2019.2.4 and 3000.2. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers. A remote attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review SaltStack’s Release Notes for Salt 2019.2.4 and Salt 3000.2, see Tips on Hardening Salt, and apply the necessary update as soon as possible. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for IOS XE SD-WAN Solution Software
Apr 30, 2020
Original release date: April 30, 2020Cisco has released security updates to address a vulnerability in IOS XE SD-WAN Solution software. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
WordPress Releases Security Update
Apr 30, 2020
Original release date: April 30, 2020WordPress 5.4 and prior versions are affected by multiple vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected website. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 5.4.1. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates for Multiple Products
Apr 29, 2020
Original release date: April 29, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. Bridge APSB20-19 Illustrator APSB20-20 Magento APSB20-22 This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for ESXi
Apr 29, 2020
Original release date: April 29, 2020VMware has released security updates to address a vulnerability in ESXi. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0008 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
Apr 28, 2020
Original release date: April 28, 2020The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2020-10700 and CVE-2020-10704 and apply the necessary updates and workarounds. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Apr 28, 2020
Original release date: April 28, 2020Google has released Chrome version 81.0.4044.129 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Juniper Releases Security Updates for Junos OS
Apr 28, 2020
Original release date: April 28, 2020Juniper has released security updates to address a vulnerability affecting multiple versions of Junos operating systems. A remote attacker can exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Juniper Security Advisory JSA11021 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
OpenSSL Releases Security Update
Apr 22, 2020
Original release date: April 22, 2020OpenSSL version 1.1.1g has been released to address a vulnerability affecting versions 1.1.1d–1.1.1f. An attacker could exploit this vulnerability to cause a denial-of-service condition. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Updates for Multiple Products
Apr 22, 2020
Original release date: April 22, 2020Microsoft has released security updates to address multiple vulnerabilities in products that use the Autodesk FBX library. These include Office 2016, Office 2019, Office 365 ProPlus, and Paint 3D. A remote attacker can exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200004 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Apr 22, 2020
Original release date: April 22, 2020Google has released Chrome version 81.0.4044.122 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
NSA, ASD Release Guidance for Mitigating Web Shell Malware
Apr 22, 2020
Original release date: April 22, 2020The U.S. National Security Agency (NSA) and the Australian Signals Directorate (ASD) have jointly released a Cybersecurity Information Sheet (CSI) on mitigating web shell malware. Malicious cyber actors are increasingly deploying web shell malware on victim web servers to execute arbitrary system commands. By deploying web shell malware, cyber attackers can gain persistent access to compromised networks. The CSI provides techniques to detect—and recommendations to prevent—malicious web shells. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CSI and NSA’s article, Detect & Prevent Cyber Attackers from Exploiting Web Servers via Web Shell Malware, for more information and to apply the recommended mitigations. This product is provided subject to this Notification and this Privacy & Use policy.
IC3 Releases Alert on Extortion Email Scams
Apr 21, 2020
Original release date: April 21, 2020The Internet Crime Complaint Center (IC3) has released an alert warning of a recent increase in extortion email scams. Cyber criminals threaten to release sexually explicit photos or videos of victims unless they agree to send payment. The Cybersecurity and Infrastructure Security Agency (CISA) encourages everyone to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Security Update for Xcode
Apr 17, 2020
Original release date: April 17, 2020Apple has released a security update to address vulnerabilities in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 11.4.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates
Apr 16, 2020
Original release date: April 16, 2020Google has released Chrome version 81.0.4044.113 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
