US CERT Current Activity
Cisco Releases Security Updates for Multiple Products
Mar 27, 2019
Original release date: March 27, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
ASUS Releases Security Update for Live Update Software
Mar 26, 2019
Original release date: March 26, 2019 ASUS has released Live Update version 3.6.8. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. These vulnerabilities were detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ASUS article for more information. The article includes a security diagnostic tool that users can run on their device to determine whether it is affected. CISA also encourages users and administrators to review the ASUS FAQ page to confirm that their device has received the upgrade to version 3.6.8 of Live Update. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Multiple Security Updates
Mar 25, 2019
Original release date: March 25, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:iCloud for Windows 7.11iTunes 12.9.4 for WindowsSafari 12.1macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 SierratvOS 12.2Xcode 10.2iOS 12.2 This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Update for Thunderbird
Mar 25, 2019
Original release date: March 25, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.6.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox
Mar 22, 2019
Original release date: March 22, 2019 Mozilla has released security updates to address vulnerabilities in Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 60.6.1 and Firefox 66.0.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Updates
Mar 20, 2019
Original release date: March 20, 2019 Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Advisories for Multiple Products
Mar 20, 2019
Original release date: March 20, 2019 Cisco has released several security advisories to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates.Cisco IP Phone 8800 Series Path Traversal Vulnerability cisco-sa-20190320-ipptvCisco IP Phone 8800 Series File Upload Denial of Service Vulnerability cisco-sa-20190320-ipfudosCisco IP Phone 8800 Series Authorization Bypass Vulnerability cisco-sa-20190320-ipabCisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability cisco-sa-20190320-ip-phone-rceCisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability cisco-sa-20190320-ip-phone-csrf This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox
Mar 19, 2019
Original release date: March 19, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 60.6 and Firefox 66 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Ending Support for Windows 7
Mar 19, 2019
Original release date: March 19, 2019 All software products have a life-cycle. After January 14, 2020, Microsoft will no longer provide security updates or support for PCs running the Windows 7 operating system. After this date, this product will no longer receive free:Technical support for any issuesSoftware updatesSecurity updates or fixesComputers running the Windows 7 operating system will continue to work even after support ends. However, using unsupported software may increase the risks from viruses and other security threats.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to upgrade to a currently supported operating system. For more information, see the Microsoft End of Support FAQ. This product is provided subject to this Notification and this Privacy & Use policy.
Now Available: Recording of Chinese Malicious Cyber Activity Briefing
Mar 19, 2019
Original release date: March 19, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) has posted the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity. This webinar provides background and mitigation techniques on Chinese malicious cyber activity targeting managed service providers (MSPs). CISA encourages MSPs and their customers to view the February 14, 2019, Awareness Briefing on Chinese Malicious Cyber Activity and to review the page on Chinese Malicious Cyber Activity for more information. This product is provided subject to this Notification and this Privacy & Use policy.
New Zealand Tragedy-Related Scams and Malware Campaigns
Mar 15, 2019
Original release date: March 15, 2019 In the wake of the recent New Zealand mosque shooting, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to CISA’s Tip on Using Caution with Email Attachments.Review CISA’s Tip on Staying Safe on Social Networking Sites.Refer to CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.Review the information from the Federal Trade Commission on Before Giving to a Charity. This product is provided subject to this Notification and this Privacy & Use policy.
Intel Releases Security Advisories on Multiple Products
Mar 15, 2019
Original release date: March 15, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available. This product is provided subject to this Notification and this Privacy & Use policy.
VMware Releases Security Updates for Workstation and Horizon
Mar 15, 2019
Original release date: March 15, 2019 VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases Security Update for Azure Linux Guest Agent
Mar 14, 2019
Original release date: March 14, 2019 Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
MS-ISAC Releases Security Primer on TrickBot Malware
Mar 14, 2019
Original release date: March 14, 2019 The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Primer – TrickBot for more information and best practice recommendations. This product is provided subject to this Notification and this Privacy & Use policy.
WordPress Releases Security Update
Mar 14, 2019
Original release date: March 14, 2019 WordPress 5.1 and prior versions are affected by a vulnerability. An attacker could exploit this vulnerability to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.1.1. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
Mar 13, 2019
Original release date: March 13, 2019 Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:Common Services Platform Collector Static Credential Vulnerability cisco-sa-20190313-cspcscvSmall Business SPA514G IP Phones SIP Denial of Service Vulnerability cisco-sa-20190313-sip This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Mar 13, 2019
Original release date: March 13, 2019 Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases March 2019 Security Updates
Mar 12, 2019
Original release date: March 12, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Mar 12, 2019
Original release date: March 12, 2019 Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
