US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 4 min 53 sec ago

FTC Releases Announcement on Identity Theft

Thu, 2017-04-27 21:55
Original release date: April 27, 2017

The Federal Trade Commission (FTC) recommends that consumers who are affected by identity theft file a report at IdentityTheft.gov—a one-stop resource to help you report and recover from identity theft. Information provided there includes checklists, sample letters, and links to other resources.

US-CERT encourages consumers to learn about identity theft by reviewing FTC's blog post and US-CERT's Tip on Preventing and Responding to Identity Theft.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates for ColdFusion

Wed, 2017-04-26 08:03
Original release date: April 26, 2017

Adobe has released security updates to address a vulnerability in ColdFusion. Exploitation of this vulnerability may allow a remote attacker to take control of an affected website.                   

Users and administrators are encouraged to review Adobe Security Bulletin APSB17-14 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Pre-Installed Applications Developed with Portrait Displays SDK Contain Critical Vulnerability

Tue, 2017-04-25 17:15
Original release date: April 25, 2017

Applications developed using the Portrait Displays software development kit (SDK), versions 2.30 through 2.34, contain a critical vulnerability. A local attacker could exploit this vulnerability to take control of an affected system.

The affected applications, pre-installed on some Fujitsu, HP, and Philips devices, are:

  • Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3.
  • Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9.
  • HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11.
  • HP My Display: Version 2.0. The issue was fixed in Version 2.1.
  • Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.

 US-CERT recommends users and administrators review Vulnerability Note VU#219739 for additional information and refer to their device vendor for appropriate patches. Portrait Displays has released a patch for its SDK software.

This product is provided subject to this Notification and this Privacy & Use policy.


IBM Releases Security Update

Tue, 2017-04-25 07:47
Original release date: April 25, 2017

IBM has released a security update to address a vulnerability in IBM Domino server IMAP EXAMINE. An attacker could exploit this vulnerability to take control of an affected system.

 Available updates include:

  • Domino 9.0.1 Feature Pack 8 Interim Fix 2
  • Domino 8.5.3 Fix Pack 6 Interim Fix 17

Users and administrators are encouraged to review CERT Vulnerability Note VU#676632 and CVE-2017-1274 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Drupal Releases Security Updates

Wed, 2017-04-19 19:17
Original release date: April 19, 2017

Drupal has released an advisory to address a vulnerability in Drupal core 8.x versions prior to 8.2.8 and 8.3.1. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.2.8 or 8.3.1.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-04-19 19:14
Original release date: April 19, 2017

Cisco has released updates to address several high-impact vulnerabilities affecting multiple products. These and other lower-impact vulnerabilities are listed at Cisco Security Advisories and Alerts. A remote attacker could exploit one of the high-impact vulnerabilities to cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Wed, 2017-04-19 19:04
Original release date: April 19, 2017

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Wed, 2017-04-19 19:02
Original release date: April 19, 2017

Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Tue, 2017-04-18 15:34
Original release date: April 18, 2017

VMware has released security updates to address vulnerabilities in Unified Access Gateway, Horizon View, and Workstation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases Security Bulletin

Tue, 2017-04-18 15:30
Original release date: April 18, 2017

Oracle has released its Critical Patch Update for April 2017 to address 299 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle April 2017 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Addresses Shadow Brokers Exploits

Sat, 2017-04-15 20:09
Original release date: April 15, 2017

The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.

Users and administrators are reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. US-CERT recommends retiring EOL products. For more information on EOL Microsoft products, see US-CERT Alerts TA14-310A and TA14-069A, and the previous US-CERT Current Activity on Windows Vista.

US-CERT encourages users and administrators to review the MSRC post and apply any necessary updates.

 

 

 

 

 

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Fri, 2017-04-14 17:13
Original release date: April 14, 2017

VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Updates for BIND

Wed, 2017-04-12 21:19
Original release date: April 12, 2017

The Internet Systems Consortium (ISC) has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P8
  • BIND 9 version 9.10.4-P8
  • BIND 9 version 9.11.0-P5
  • BIND 9 version 9.9.9-S10

US-CERT encourages users and administrators to review ISC Knowledge Base Articles AA-01465, AA-01466, and AA-01471 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Software Foundation Releases Security Updates

Wed, 2017-04-12 13:11
Original release date: April 12, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may cause a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review Apache.org CVE-2017-5648, CVE-2017-5650, and CVE-2017-5651 for more information and apply the necessary updates.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases April 2017 Security Updates

Wed, 2017-04-12 07:43
Original release date: April 12, 2017

Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code.

US-CERT encourages users and administrators to review Vulnerability Note #VU921560 and Microsoft's April 2017 Security Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-04-11 12:21
Original release date: April 11, 2017

Adobe has released security updates to address vulnerabilities in Adobe Campaign, Flash Player, Acrobat and Reader, Photoshop CC, and Creative Cloud. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-09, APSB17-10, APSB17-11, APSB17-12, and APSB17-13 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Easter Holiday Phishing Scams and Malware Campaigns

Tue, 2017-04-11 09:35
Original release date: April 11, 2017

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:

  • unsolicited shipping notifications that may actually be scams by attackers to solicit personal information (phishing scams),
  • electronic greeting cards that may contain malicious software (malware),
  • requests for charitable contributions that may be phishing scams or solicitations from sources that are not real charities, and
  • false advertisements for holiday accommodations or timeshares.

US-CERT encourages users and administrators to use caution when reviewing unsolicited messages. Suggested preventive measures to protect against phishing scams and malware campaigns include:

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 2017-04-06 00:57
Original release date: April 06, 2017

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for iOS

Mon, 2017-04-03 13:59
Original release date: April 03, 2017

Apple has released a security update to address a vulnerability in iOS. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security page for iOS and apply the necessary update.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Internet Information Services (IIS) 6.0 Vulnerability

Thu, 2017-03-30 16:48
Original release date: March 30, 2017

US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services (IIS) 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. 

On June 15, 2015, Microsoft ended support for Windows Server 2003 Operating System, which includes its Internet Information Services (IIS) 6.0 web server. Computers running Windows Server 2003 Operating System and its associated programs will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

US-CERT encourages users and administrators to review the National Vulnerability Database entry on this vulnerability, as well as US-CERT Alert TA14-310A.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages