US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Microsoft Releases July 2019 Security Updates

Jul 9, 2019

Original release date: July 9, 2019Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Intel Releases Security Updates

Jul 9, 2019

Original release date: July 9, 2019Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates for Firefox and Firefox ESR

Jul 9, 2019

Original release date: July 9, 2019Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Jul 9, 2019

Original release date: July 9, 2019Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

Jul 8, 2019

Original release date: July 8, 2019The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the following basic cybersecurity measures: Implement network segmentation. Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary. Be wary of external media. Install anti-virus software. Keep software updated. The Cybersecurity and Infrastructure Security Agency (CISA) encourages vessel and facility owners and operators to review the U.S. Coast Guard’s Safety Alert 06-19 for additional information, see CISA’s Tip on Securing Network Infrastructure Devices, and implement the recommended cybersecurity measures. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

ACSC Releases Updated Essential Eight Maturity Model

Jul 5, 2019

Original release date: July 5, 2019The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model identifies three levels of maturity for each mitigation strategy.   ACSC is the government authority for providing protective security advice to the private sector and state and territory governments across Australia’s national infrastructure. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates for Multiple Products

Jul 3, 2019

Original release date: July 3, 2019Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates: Web Security Appliance HTTPS Certificate Denial-of-Service Vulnerability cisco-sa-20190703-wsa-dos Small Business Series Switches Memory Corruption Vulnerability cisco-sa-20190703-sbss-memcorrup Small Business Series Switches HTTP Denial-of-Service Vulnerability cisco-sa-20190703-sbss-dos Enterprise NFV Infrastructure Software Arbitrary File Read and Write Vulnerability cisco-sa-20190703-nfvis-file-readwrite Nexus 9000 Series Fabric Switches ACI Mode Fabric Infrastructure VLAN Unauthorized Access Vulnerability cisco-sa-20190703-n9kaci-bypass Jabber for Windows DLL Preloading Vulnerability cisco-sa-20190703-jabber-dll Unified Communications Manager Session Initiation Protocol Denial-of-Service Vulnerability cisco-sa-20190703-cucm-dos Application Policy Infrastructure Controller REST API Privilege Escalation Vulnerability cisco-sa-20190703-ccapic-restapi Web Security Appliance Web Proxy Denial-of-Service Vulnerability cisco-sa-20190703-asyncos-wsa This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome OS

Jun 27, 2019

Original release date: June 27, 2019Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

NIST Releases Report on Managing IoT Risks

Jun 26, 2019

Original release date: June 26, 2019The National Institute of Standards and Technology (NIST) has released the Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks report. The publication—the first in a planned series on IoT—aims to help federal agencies and other organizations manage the cybersecurity and privacy risks associated with individual IoT devices. The Cybersecurity and Infrastructure Security Agency (CISA) encourages information security and privacy practitioners to review NISTIR 8228 for more information and CISA’s Tip on Securing IoT for best practices. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Statement on Iranian Cybersecurity Threats

Jun 24, 2019

Original release date: June 24, 2019Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies.CISA encourages users and administrators to review the CISA Statement on Iranian Cybersecurity Threats and tips and best practices for staying safe online, including the following:•    Avoiding Social Engineering and Phishing Attacks•    Password Spraying — Brute Force Attacks•    Choosing and Protecting Passwords•    Supplementing Passwords  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

CISA Statement on Iranian Cybersecurity Threats

Jun 24, 2019

Original release date: June 24, 2019 Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies.CISA encourages users and administrators to review the CISA Statement on Iranian Cybersecurity Threats and tips and best practices for staying safe online, including the following:•    Avoiding Social Engineering and Phishing Attacks•    Password Spraying — Brute Force Attacks•    Choosing and Protecting Passwords•    Supplementing Passwords  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Dell Releases Security Advisory for Dell SupportAssist

Jun 21, 2019

Original release date: June 21, 2019Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Dell Releases Security Advisory for Dell SupportAssist

Jun 21, 2019

Original release date: June 21, 2019 Dell has released a security advisory to address a vulnerability in Dell SupportAssist software. An attacker could exploit this vulnerability to access sensitive information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Dell Security Advisory DSA-2019-084 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Releases Security Advisory for Apache Tomcat

Jun 20, 2019

Original release date: June 20, 2019Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Releases Security Advisory for Apache Tomcat

Jun 20, 2019

Original release date: June 20, 2019 Apache has released a security advisory to address a vulnerability in Apache Tomcat. An attacker could exploit this vulnerability to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-10072 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates for AirPort 802.11n Wi-Fi Base Stations

Jun 20, 2019

Original release date: June 20, 2019 Apple releases security updates to address vulnerabilities in AirPort Express, AirPort Extreme, and AirPort Time Capsule wireless routers with 802.11n. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourage users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.8.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Multiple Vulnerabilities Affecting Linux, FreeBSD Kernels

Jun 20, 2019

Original release date: June 20, 2019The CERT Coordination Center (CERT/CC) has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#905115 for more information and refer to vendors for updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Multiple Vulnerabilities Affecting Linux, FreeBSD Kernels

Jun 20, 2019

Original release date: June 20, 2019 The CERT Coordination Center (CERT/CC) has released information on TCP networking vulnerabilities affecting Linux and FreeBSD kernels. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC Vulnerability Note VU#905115 for more information and refer to vendors for updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases Outlook for Android Security Update

Jun 20, 2019

Original release date: June 20, 2019Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases Outlook for Android Security Update

Jun 20, 2019

Original release date: June 20, 2019 Microsoft has released an update to address a vulnerability in Outlook for Android. An attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips