US CERT Current Activity
Facebook Releases Security Advisory for WhatsApp
May 14, 2019
Original release date: May 14, 2019 Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate version. This product is provided subject to this Notification and this Privacy & Use policy.
Apple Releases Multiple Security Updates
May 14, 2019
Original release date: May 14, 2019 Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:watchOS 5.2.1Safari 12.1.1Apple TV Software 7.3tvOS 12.3iOS 12.3macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Updates
May 13, 2019
Original release date: May 13, 2019 Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:Cisco IOS XE Software Web UI Command Injection Vulnerability cisco-sa-20190513-webuiCisco Secure Boot Hardware Tampering Vulnerability cisco-sa-20190513-secureboot This product is provided subject to this Notification and this Privacy & Use policy.
North Korean Malicious Cyber Activity
May 9, 2019
Original release date: May 09, 2019 The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as ELECTRICFISH—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-21 and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information. This product is provided subject to this Notification and this Privacy & Use policy.
Drupal Releases Security Update
May 9, 2019
Original release date: May 09, 2019 Drupal has released a security update to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-007 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Cisco Releases Security Update for Elastic Services Controller
May 7, 2019
Original release date: May 07, 2019 Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.
PrinterLogic Print Management Software Vulnerabilities
May 5, 2019
Original release date: May 05, 2019 The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#1629249 and consider the listed workarounds until patches are made available. This product is provided subject to this Notification and this Privacy & Use policy.
