US CERT Current Activity
Mozilla Releases Security Updates for Firefox, Thunderbird
Jun 20, 2019
Original release date: June 20, 2019Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 67.0.4 and Firefox ESR 60.7.2 and Thunderbird 60.7.2 apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox and Firefox ESR
Jun 20, 2019
Original release date: June 20, 2019 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.4 and Firefox ESR 60.7.2 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
ISC Releases BIND Security Updates
Jun 19, 2019
Original release date: June 19, 2019The Internet Systems Consortium (ISC) has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for CVE-2019-6471 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
ISC Releases BIND Security Updates
Jun 19, 2019
Original release date: June 19, 2019 The Internet Systems Consortium (ISC) has released updates that address a vulnerability in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisory for CVE-2019-6471 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Jun 19, 2019
Original release date: June 19, 2019Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privescaDNA Center Authentication Bypass Vulnerability cisco-sa-20190619-dnac-bypassTelePresence Endpoint Command Shell Injection Vulnerability cisco-sa-20190619-tele-shell-injStarOS Denial-of-Service Vulnerability cisco-sa-20190619-staros-asr-dosSD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privilescalSD-WAN Solution Command Injection Vulnerability cisco-sa-20190619-sdwan-cmdinjRV110W, RV130W, and RV215W Routers Management Interface Denial-of-Service Vulnerability cisco-sa-20190619-rvrouters-dosPrime Service Catalog Cross-Site Request Forgery Vulnerability cisco-sa-20190619-psc-csrfMeeting Server CLI Command Injection Vulnerability cisco-sa-20190619-cms-codex This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates for Multiple Products
Jun 19, 2019
Original release date: June 19, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:SD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privescaDNA Center Authentication Bypass Vulnerability cisco-sa-20190619-dnac-bypassTelePresence Endpoint Command Shell Injection Vulnerability cisco-sa-20190619-tele-shell-injStarOS Denial-of-Service Vulnerability cisco-sa-20190619-staros-asr-dosSD-WAN Solution Privilege Escalation Vulnerability cisco-sa-20190619-sdwan-privilescalSD-WAN Solution Command Injection Vulnerability cisco-sa-20190619-sdwan-cmdinjRV110W, RV130W, and RV215W Routers Management Interface Denial-of-Service Vulnerability cisco-sa-20190619-rvrouters-dosPrime Service Catalog Cross-Site Request Forgery Vulnerability cisco-sa-20190619-psc-csrfMeeting Server CLI Command Injection Vulnerability cisco-sa-20190619-cms-codex This product is provided subject to this Notification and this Privacy & Use policy.
Oracle Releases Security Advisory for WebLogic
Jun 19, 2019
Original release date: June 19, 2019 Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle Security Alert and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Samba Releases Security Updates
Jun 19, 2019
Original release date: June 19, 2019 The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-12435 and CVE-2019-12436 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
DHS Email Phishing Scam
Jun 18, 2019
Original release date: June 18, 2019 The Cybersecurity and Infrastructure Security Agency (CISA) is aware of an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications. The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.CISA encourages users and administrators take the following actions to avoid becoming a victim of social engineering and phishing attacks:Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's helpdesk or search the internet for the main website of the organization or topic mentioned in the email).Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.Immediately report any suspicious emails to your information technology helpdesk, security office, or email provider. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Updates for Firefox and Firefox ESR
Jun 18, 2019
Original release date: June 18, 2019 Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 67.0.3 and Firefox ESR 60.7.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Mozilla Releases Security Update for Thunderbird
Jun 13, 2019
Original release date: June 13, 2019 Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Google Releases Security Updates for Chrome
Jun 13, 2019
Original release date: June 13, 2019 Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Exim Releases Security Patches
Jun 13, 2019
Original release date: June 13, 2019 Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches. This product is provided subject to this Notification and this Privacy & Use policy.
FTC Releases Alert on Updating Software
Jun 13, 2019
Original release date: June 13, 2019 The Federal Trade Commission (FTC) has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information.The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and FTC’s OnGuardOnline for additional information. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Update for Cisco IOS XE
Jun 12, 2019
Original release date: June 12, 2019 Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
Intel Releases Security Updates, Mitigations for Multiple Products
Jun 11, 2019
Original release date: June 11, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:NUC Firmware Advisory INTEL-SA-00264RAID Web Console 3 for Windows Advisory INTEL-SA-00259Omni-Path Fabric Manager GUI Advisory INTEL-SA-00257Open Cloud Integrity Technology and OpenAttestation Advisory INTEL-SA-00248Partial Physical Address Leakage Advisory INTEL-SA-00247Turbo Boost Max Technology 3.0 Advisory INTEL-SA-00243SGX for Linux Advisory INTEL-SA-00235PROSet/Wireless WiFi Software Advisory INTEL-SA-00232Accelerated Storage Manager in Intel Rapid Storage Technology Enterprise Advisory INTEL-SA-00226Chipset Device Software (INF Update Utility) Advisory INTEL-SA-00224ITE Tech Consumer Infrared Driver for Windows 10 Advisory INTEL-SA-00206 This product is provided subject to this Notification and this Privacy & Use policy.
Microsoft Releases June 2019 Security Updates
Jun 11, 2019
Original release date: June 11, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Adobe Releases Security Updates
Jun 11, 2019
Original release date: June 11, 2019 Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
CIS Releases 2018 Year in Review
Jun 10, 2019
Original release date: June 10, 2019 The Center for Internet Security (CIS) has released its 2018 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights the creation of the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC), the collaborative production of “A Handbook for Elections Infrastructure Security,” and MS-ISAC's advances. This product is provided subject to this Notification and this Privacy & Use policy.
IC3 Issues Alert on HTTPS Phishing
Jun 10, 2019
Original release date: June 10, 2019 The Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov. This product is provided subject to this Notification and this Privacy & Use policy.
