US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

Adobe Releases Security Updates

Sep 12, 2017

Original release date: September 12, 2017 Adobe has released security updates to address vulnerabilities in Adobe RoboHelp, Flash Player, and ColdFusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-25, APSB17-28, and APSB17-30 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Update

Sep 11, 2017

Original release date: September 11, 2017 Cisco has released an update to address an Apache Struts 2 vulnerability affecting multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Hurricane-Related Scams

Sep 8, 2017

Original release date: September 08, 2017 As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.To avoid becoming a victim of fraudulent activity, users and administrators should consider taking the following preventive measures:Review the information from the Federal Trade Commission (FTC) on Wise Giving in the Wake of Hurricane Harvey.Review information from the Federal Bureau of Investigation on Building a Digital Defense Against Charity Fraud.Use caution when opening email attachments, and do not click on links in unsolicited email messages. Refer to the US-CERT Security Tip Using Caution with Email Attachments.Refer to US-CERT's Security Tip on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome

Sep 6, 2017

Original release date: September 06, 2017 Google has released Chrome version 61.0.3163.79 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apache Software Foundation Releases Security Update

Sep 5, 2017

Original release date: September 06, 2017 The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.US-CERT encourages users and administrators to review the Apache Security Bulletin and upgrade to Struts 2.5.13. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Potential Hurricane Harvey Phishing Scams

Aug 28, 2017

Original release date: August 28, 2017 US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:Review the Federal Trade Commission's information on Wise Giving in the Wake of Hurricane Harvey.Do not follow unsolicited web links in email messages.Use caution when opening email attachments. Refer to the US-CERT Tip Using Caution with Email Attachments for more information on safely handling email attachments.Keep antivirus and other computer software up-to-date.Refer to the Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FCC Promotes Best Practices for SS7 Communications

Aug 24, 2017

Original release date: August 24, 2017 The Federal Communications Commission (FCC) has released a public notice encouraging communications service providers to voluntarily use security best practices recommended by the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC. These best practices help prevent exploitation of Signaling System 7 (SS7) network infrastructure, a signaling protocol that connects communication networks.US-CERT encourages providers to review the FCC Public Notice and CSRIC's Legacy Systems Risk Reductions Report for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

DNSSEC Key Signing Key Rollover

Aug 21, 2017

Original release date: August 21, 2017 On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.US-CERT encourages administrators to update their DNSSEC KSK before October 11, 2017. See the NIST/NTIA Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Update

Aug 21, 2017

Original release date: August 21, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Drupal Releases Security Updates

Aug 16, 2017

Original release date: August 16, 2017 Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information.US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.3.7. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates

Aug 16, 2017

Original release date: August 16, 2017 Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability cisco-sa-20170816-apic1Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability cisco-sa-20170816-apic2Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability cisco-sa-20170816-em This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Symantec Releases Security Update

Aug 11, 2017

Original release date: August 11, 2017 Symantec has released an update to address vulnerabilities in the Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Juniper Networks Releases Junos OS Security Updates

Aug 9, 2017

Original release date: August 09, 2017 Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review the Juniper Security Advisories and apply necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FTC Releases Alert on Government Grant Scams

Aug 8, 2017

Original release date: August 08, 2017 The Federal Trade Commission (FTC) has released an alert on government grant scams. In these schemes, scammers pose as government officials to get consumers to send them money. Anytime someone asks you to pay money to get money, stop and think twice.US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases August 2017 Security Updates

Aug 8, 2017

Original release date: August 08, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.US-CERT encourages users and administrators to review Microsoft's August 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates

Aug 8, 2017

Original release date: August 08, 2017 Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.US-CERT encourages users and administrators to review Mozilla Security Advisory 2017-18 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

Aug 8, 2017

Original release date: August 08, 2017 Adobe has released security updates to address vulnerabilities in Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat XI, and Reader XI. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-24 and apply the necessary updates.  This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IRS Warns Tax Professionals of New Scam to Steal Passwords

Aug 7, 2017

Original release date: August 07, 2017 The Internal Revenue Service (IRS), acting in concert with state tax agencies and the tax industry, has issued an IRS Security Summit Alert for tax professionals to beware of a new phishing email scam. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.US-CERT encourages users and administrators to review the IRS Alert and US-CERT Security Tip ST04-014. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Updates for Chrome OS

Aug 3, 2017

Original release date: August 03, 2017 Google has released Chrome OS version 60.0.3112.80 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system.Users and administrators are encouraged to review the Google Chrome blog entry and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

IC3 Releases Alert on Gift Card Scams

Aug 2, 2017

Original release date: August 02, 2017 The Internet Crime Complaint Center (IC3) has released an alert warning consumers of music gift card scams. This type of scam targets victims, gains their confidence, and tricks them into providing gift card information. To stay safer online, review the IC3 alert on Online Scammers Require Payment via Music Application Gift Cards and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips