US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Cisco Releases Security Updates for Multiple Products

Apr 16, 2020

Original release date: April 16, 2020Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates: IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability cisco-sa-voip-phones-rce-dos-rB6EeRXs Multiple Vulnerabilities in Cisco UCS Director and Cisco UCS Director Express for Big Data cisco-sa-ucsd-mult-vulns-UNfpdW4E Wireless LAN Controller 802.11 Generic Advertisement Service Denial-of-Service Vulnerability cisco-sa-wlc-gas-dos-8FsE3AWH Wireless LAN Controller CAPWAP Denial-of-Service Vulnerability cisco-sa-wlc-capwap-dos-Y2sD9uEw Webex Network Recording Player and Cisco Webex Player Arbitrary Code Execution Vulnerability cisco-sa-webex-player-Q7Rtgvby Mobility Express Software Cross-Site Request Forgery Vulnerability cisco-sa-mob-exp-csrf-b8tFec24 IoT Field Network Director Denial-of-Service Vulnerability cisco-sa-iot-coap-dos-WTBu6YTq Unified Communications Manager Path Traversal Vulnerability cisco-sa-cucm-taps-path-trav-pfsFO93r Aironet Series Access Points Client Packet Processing Denial-of-Service Vulnerability cisco-sa-airo-wpa-dos-5ZLs6ESz This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Oracle Releases April 2020 Security Bulletin

Apr 15, 2020

Original release date: April 15, 2020Oracle has released its Critical Patch Update for April 2020 to address 397 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle April 2020 Critical Patch Update and apply the necessary updates.   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates for vRealize Log Insight

Apr 14, 2020

Original release date: April 14, 2020VMware has released security updates to address vulnerabilities in VMware vRealize Log Insight. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0007 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Intel Releases Security Updates

Apr 14, 2020

Original release date: April 14, 2020Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain escalation of privileges. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates or workarounds: Data Migration Software Advisory INTEL-SA-00327 PROSet/Wireless WiFi Software Advisory INTEL-SA-00338 Driver and Support Assistant Advisory INTEL-SA-00344 Modular Server Compute Module Advisory INTEL-SA-00351 Binary Configuration Tool for Windows Advisory INTEL-SA-00359 NUC Firmware Advisory INTEL-SA-00363 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases April 2020 Security Updates

Apr 14, 2020

Original release date: April 14, 2020Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s April 2020 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates for Multiple Products

Apr 14, 2020

Original release date: April 14, 2020Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates. ColdFusion APSB20-18 After Effects APSB20-21 Digital Editions APSB20-23 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates for VMware Directory Service

Apr 10, 2020

Original release date: April 10, 2020VMware has released security updates to address a vulnerability in VMware Directory Service (vmdir). An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0006 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Juniper Networks Releases Security Updates

Apr 9, 2020

Original release date: April 9, 2020Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates or workarounds. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates for Firefox, Firefox ESR

Apr 8, 2020

Original release date: April 8, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Mozilla Security Advisories for Firefox 75 and Firefox ESR 68.7 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates

Apr 8, 2020

Original release date: April 8, 2020Google has released Chrome version 81.0.4044.92 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Patches Critical Vulnerabilities in Firefox, Firefox ESR

Apr 3, 2020

Original release date: April 3, 2020Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Mozilla’s security advisory for Firefox 74.0.1 and Firefox ESR 68.6.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing

Apr 2, 2020

Original release date: April 2, 2020The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform).  Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. The FBI has released this guidance in response to an increase in reports of VTC hijacking. The Cybersecurity and Infrastructure Security Agency encourages users and administrators to review the FBI article as well as the following steps to improve VTC cybersecurity: Ensure meetings are private, either by requiring a password for entry or controlling guest access from a waiting room. Consider security requirements when selecting vendors. For example, if end-to-end encryption is necessary, does the vendor offer it? Ensure VTC software is up to date. See Understanding Patches and Software Updates. CISA also recommends the following VTC cybersecurity resources: FBI Internet Crime Complaint Center (IC3) Alert: Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit Increased Use of Virtual Environments Zoom blog on recent cybersecurity measures Microsoft Teams security guide This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

MS-ISAC Releases Advisory on DrayTek Devices

Apr 1, 2020

Original release date: April 1, 2020The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory regarding two vulnerable command injection points in DrayTek devices (CVE-2020-8515). An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities were detected in exploits in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC Advisory 2020-043 and the DrayTek Security Advisory for CVE-2020-8515 and apply the necessary updates and mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Apr 1, 2020

Original release date: April 1, 2020Google has released Chrome version 80.0.3987.162 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates

Mar 25, 2020

Original release date: March 25, 2020Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates: iTunes 12.10.5 for Windows iOS 13.4 and iPadOS 13.4 Safari 13.1 watchOS 6.2 tvOS 13.4 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra Xcode 11.4 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Update for Creative Cloud Desktop Application

Mar 25, 2020

Original release date: March 25, 2020Adobe has released a security update to address a vulnerability in Creative Cloud Desktop Application. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-11 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft RCE Vulnerabilities Affecting Windows, Windows Server

Mar 23, 2020

Original release date: March 23, 2020Microsoft has released a security advisory to address remote code execution vulnerabilities in Adobe Type Manager Library affecting all currently supported versions of Windows and Windows Server operating systems. A remote attacker can exploit these vulnerabilities to take control of an affected system. Microsoft is aware of limited, targeted attacks exploiting these vulnerabilities in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200006 and the CERT Coordination Center (CERT/CC) Vulnerability Note VU#354840 for more information and apply the necessary mitigations until patches are made available. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Drupal Releases Security Updates

Mar 19, 2020

Original release date: March 19, 2020Drupal has released security updates to address vulnerabilities affecting Drupal 8.7.x and 8.8.x. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Drupal security release and apply the necessary updates or mitigations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates for SD-WAN Solution Software

Mar 19, 2020

Original release date: March 19, 2020Cisco has released security updates to address multiple vulnerabilities in SD-WAN Solution software. An attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates. SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-sdwpresc-ySJGvE9 SD-WAN Solution Command Injection Vulnerability cisco-sa-sdwclici-cvrQpH9v SD-WAN Solution Buffer Overflow Vulnerability cisco-sa-sdwanbo-QKcABnS2 This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Mar 19, 2020

Original release date: March 19, 2020Google has released Chrome version 80.0.3987.149 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.   This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips