US CERT Current Activity

Subscribe to US CERT Current Activity feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.

IRS Warns of New Tax Scams

Jun 7, 2019

Original release date: June 07, 2019 The Internal Revenue Service (IRS) has issued a reminder urging consumers to look out for two new variations of tax-related phone and email scams. The phone scam involves pre-recorded messages threatening to suspend or cancel a victim’s Social Security number, and the email phishing scam involves a fake agency—the “Bureau of Tax Enforcement”—claiming that the victim owes past due taxes.The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers to review the IRS Alert and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks for more information on avoiding tax scams year round. If you believe you have been a victim of a tax-related scam, visit the IRS webpage on Tax Scams - How to Report Them. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

FBI Releases Article on Protected Voices Campaign

Jun 6, 2019

Original release date: June 06, 2019 The Federal Bureau of Investigation (FBI) has released an article on the Protected Voices initiative designed to mitigate the risk of cyber influence operations targeting U.S. elections. As part of the initiative, FBI offices are coordinating with political campaigns at the local, state, and federal levels across the country to make them aware of potential cybersecurity vulnerabilities. In partnership with the Department of Homeland Security and the Office of the Director of National Intelligence, FBI has also released a series of short videos to help political campaigns defend their computer networks. The videos include tips and best practices on topics such as setting strong passwords and defending against social engineering.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI Article and the CISA Tip Best Practices for Securing Elections Systems for more information. CISA encourages election officials or campaign staff to report suspicious activity to their local FBI field office and to FBI CyWatch at cywatch@fbi.gov. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates for Tools and Workstation

Jun 6, 2019

Original release date: June 06, 2019 VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates for Multiple Products

Jun 5, 2019

Original release date: June 05, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:Industrial Network Director Remote Code Execution Vulnerability cisco-sa-20190605-ind-rceUnified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability cisco-sa-20190605-cucm-imp-dosWebex Meetings Server Information Disclosure Vulnerability cisco-sa-20190605-webexmeetings-idTelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability cisco-sa-20190605-vcsUnified Computing System BIOS Signature Bypass Vulnerability cisco-sa-20190605-ucs-biossig-bypassIOS XR Software Secure Shell Authentication Vulnerability cisco-sa-20190605-iosxr-sshIndustrial Network Director Stored Cross-Site Scripting Vulnerability cisco-sa-20190605-ind-xssIndustrial Network Director Cross-Site Request Forgery Vulnerability cisco-sa-20190605-ind-csrfEnterprise Chat and Email Cross-Site Scripting Vulnerability cisco-sa-20190605-ece-xss This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

NSA Releases Advisory on BlueKeep Vulnerability

Jun 4, 2019

Original release date: June 04, 2019 The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and thus remain vulnerable.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s "A Reminder to Update Your Systems to Prevent a Worm", and Microsoft Customer Guidance for CVE-2019-0708. CISA recommends patching the affected operating systems:Windows 7, Windows Server 2008 R2, and Windows Server 2008Windows 2003 and Windows XP This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Google Releases Security Update for Chrome

Jun 4, 2019

Original release date: June 04, 2019 Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Apple Releases Security Updates for AirPort Extreme, AirPort Time Capsule

May 30, 2019

Original release date: May 30, 2019 Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Hurricane-Related Scams

May 30, 2019

Original release date: May 30, 2019 As the 2019 hurricane season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain vigilant for malicious cyber activity targeting disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a hurricane-related subject line, attachments, or hyperlinks. In addition, users should be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures:Staying Alert to Disaster-related ScamsBefore Giving to a CharityStaying Safe on Social Networking SitesAvoiding Social Engineering and Phishing AttacksIf you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

MS-ISAC Highlights Verizon Data Breach Report Release

May 29, 2019

Original release date: May 29, 2019 The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Cybersecurity Spotlight on the 2019 Verizon Data Breach Report to raise awareness of data breach incidents and provide recommended best practices for election officials. The report—produced annually by the Verizon Threat Research Advisory Center (VTRAC)—provides analysis on data breach trends affecting a variety of sectors, including public administration, healthcare, and education.The Cybersecurity and Infrastructure Security Agency (CISA) encourages election officials to review MS-ISAC’s Cybersecurity Spotlight and Verizon’s 2019 Data Breach Investigations Report for more information and recommendations. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Tips for a Cyber Safe Vacation

May 24, 2019

Original release date: May 24, 2019 As summer nears, many people will soon be taking vacations. When planning vacations, users should be aware of potential rental scams and “free” vacation ploys. Travelers should also keep in mind risks related to travelling with mobile devices.The Cybersecurity and Information Security Agency (CISA) encourages travelers to review the following suggested tips and security practices to keep their vacation cyber safe:Building a Digital Defense Against Vacation Rental ScamsMake It a Scam-Free VacationTravel TipsHoliday Traveling with Personal Internet-Enabled DevicesCybersecurity While Travelling This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Privacy Awareness Week

May 22, 2019

Original release date: May 22, 2019 The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “Protecting Privacy is Everyone’s Responsibility,” focuses on promoting privacy awareness for consumers and businesses.The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers and organizations to review FTC’s post and consider the following practices to protect privacy and safeguard data:Use and maintain anti-virus software and a firewall.Regularly scan your computer for spyware.Keep software up to date.Remove unused apps and software programs.Use strong passwords and encrypt sensitive files.Follow good security habits. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Mozilla Releases Security Updates for Firefox

May 21, 2019

Original release date: May 21, 2019 Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 67 and Firefox ESR 60.7 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Staying Cyber Safe During Memorial Day

May 20, 2019

Original release date: May 20, 2019 As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks associated with online shopping and traveling with mobile devices.CISA recommends users review the following tips for information on how to guard against these risks:Using Caution with Email AttachmentsAvoiding Social Engineering and Phishing AttacksCybersecurity for Electronic DevicesShopping Safely OnlineHoliday Traveling with Personal Internet-Enabled Devices This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability

May 16, 2019

Original release date: May 16, 2019 Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008Out-of-support systems: Windows 2003 and Windows XPA remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Cisco Releases Security Updates for Multiple Products

May 15, 2019

Original release date: May 15, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

VMware Releases Security Updates

May 14, 2019

Original release date: May 14, 2019 VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Adobe Releases Security Updates

May 14, 2019

Original release date: May 14, 2019 Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Microsoft Releases May 2019 Security Updates

May 14, 2019

Original release date: May 14, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Intel Releases Security Updates, Mitigations for Multiple Products

May 14, 2019

Original release date: May 14, 2019 Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Samba Releases Security Updates

May 14, 2019

Original release date: May 14, 2019 The Samba Team has released security updates to address a vulnerability in Samba. An attacker could exploit this vulnerability take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2018-16860 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Continue Reading ›

Pages

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips