US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 1 hour 42 min ago

NIST Releases New Digital Identity Guidelines

Mon, 2017-06-26 21:48
Original release date: June 26, 2017

The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four volumes included outline technical guidelines for organizations implementing digital identity services.

US-CERT encourages information security practitioners in industry, government, and academic organizations to refer to the NIST blog post and SP 800-63 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


IRS Warns of Summertime Scams

Mon, 2017-06-26 12:47
Original release date: June 26, 2017

The Internal Revenue Service (IRS) has released an alert warning of various types of scams targeting taxpayers this summer. The alert describes common features of these cyber crimes, including: robocalls, private debt collection, and scams that target taxpayers with limited English proficiency.

Taxpayers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks.

 

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Tech-Support Scams

Fri, 2017-06-23 15:09
Original release date: June 23, 2017

The Federal Trade Commission (FTC) has released an alert on technical-support scams. In these schemes, deceptive tech-support operations offer to fix problems that don't exist, placing calls or sending pop-ups to make people think their computers are infected with viruses. Users should not give control of their computers to any stranger offering to fix problems.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Internet Crime Report for 2016

Wed, 2017-06-21 17:40
Original release date: June 21, 2017

The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.

US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.

This product is provided subject to this Notification and this Privacy & Use policy.


Drupal Releases Security Updates

Wed, 2017-06-21 16:30
Original release date: June 21, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-06-21 14:45
Original release date: June 21, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

Thu, 2017-06-15 20:29
Original release date: June 15, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Thu, 2017-06-15 20:27
Original release date: June 15, 2017

Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Updates for BIND

Thu, 2017-06-15 00:26
Original release date: June 15, 2017

The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities to take control of an affected system.

Available updates include:

  • BIND version 9.11.1-P1
  • BIND version 9.10.5-P1
  • BIND version 9.9.10-P1

ISC recommends disabling LMDB (liblmdb) until BIND 9.11.2 is released later this summer. US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01497 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases June 2017 Security Updates

Tue, 2017-06-13 15:56
Original release date: June 13, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's June 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Tue, 2017-06-13 15:52
Original release date: June 13, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 54 and Firefox ESR 52.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-06-13 15:51
Original release date: June 13, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-17, APSB17-18, APSB17-19, and APSB17-20 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Recommends Steps to Protect Against Mobile Phone Theft

Thu, 2017-06-08 18:43
Original release date: June 08, 2017

The Federal Trade Commission (FTC) has released an alert about the theft of mobile phones and the best way to prepare for and recover from this kind of theft. Precautionary steps include regularly backing up the data on the phone, using strong passwords, and using two-factor authentication on any accounts on the phone.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-06-07 14:26
Original release date: June 07, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Wed, 2017-06-07 10:27
Original release date: June 07, 2017

VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Tue, 2017-06-06 05:39
Original release date: June 06, 2017

Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


SEI Issues Advice on Ransomware

Thu, 2017-06-01 20:46
Original release date: June 01, 2017

The Software Engineering Institute (SEI) of Carnegie Mellon University has released a blog post on best practices for preventing and responding to ransomware. This common malware captures, encrypts, and holds your data to extort a ransom. SEI’s top recommendation to thwart ransomware attacks is to back up your important files regularly.

US-CERT encourages users and administrators to review SEI's blog post and US-CERT's Security Publication on Ransomware for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Protecting Business Email Systems

Wed, 2017-05-31 18:45
Original release date: May 31, 2017

The Federal Bureau of Investigation (FBI) has released an article on Building a Digital Defense with an Email Fortress. FBI warns that scammers commonly target business email accounts with phishing and social engineering schemes. Strategies for preventing email compromises include avoiding the use of free web-based email accounts; using multi-factor authentication; and updating firewalls, antivirus programs, and spam filters.

US-CERT encourages users and administrators to review the FBI article for more information and refer to US-CERT Tips on Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Identity Theft

Thu, 2017-05-25 16:20
Original release date: May 25, 2017

The Federal Trade Commission (FTC) has released an alert about how quickly criminals begin using your personal information once it is posted to a hacker site by an identity thief. FTC researchers found that it can take as few as 9 minutes for crooks to access stolen personal information posted to hacker sites. To prevent identity theft, a user should follow password security best practices, such as multi-factor authentication, which requires a user to simultaneously present multiple pieces of information to verify their identity.

US-CERT encourages users to refer to the FTC alert and the US-CERT Tips on Preventing and Responding to Identity Theft, Choosing and Protecting Passwords, and Supplementing Passwords for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 2017-05-24 19:30
Original release date: May 24, 2017

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 3.5.0 onward. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages