US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 5 min 44 sec ago

Drupal Releases Security Updates

Wed, 2017-08-16 18:08
Original release date: August 16, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.3.7.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-08-16 17:36
Original release date: August 16, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability cisco-sa-20170816-apic1
  • Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability cisco-sa-20170816-apic2
  • Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability cisco-sa-20170816-em

This product is provided subject to this Notification and this Privacy & Use policy.


Symantec Releases Security Update

Fri, 2017-08-11 07:40
Original release date: August 11, 2017

Symantec has released an update to address vulnerabilities in the Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Juniper Networks Releases Junos OS Security Updates

Wed, 2017-08-09 22:08
Original release date: August 09, 2017

Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Juniper Security Advisories and apply necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Government Grant Scams

Tue, 2017-08-08 19:30
Original release date: August 08, 2017

The Federal Trade Commission (FTC) has released an alert on government grant scams. In these schemes, scammers pose as government officials to get consumers to send them money. Anytime someone asks you to pay money to get money, stop and think twice.

US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases August 2017 Security Updates

Tue, 2017-08-08 16:31
Original release date: August 08, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's August 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Tue, 2017-08-08 12:11
Original release date: August 08, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Mozilla Security Advisory 2017-18 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-08-08 11:41
Original release date: August 08, 2017

Adobe has released security updates to address vulnerabilities in Acrobat DC, Acrobat Reader DC, Acrobat 2017, Acrobat Reader 2017, Acrobat XI, and Reader XI. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-24 and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.


IRS Warns Tax Professionals of New Scam to Steal Passwords

Mon, 2017-08-07 14:30
Original release date: August 07, 2017

The Internal Revenue Service (IRS), acting in concert with state tax agencies and the tax industry, has issued an IRS Security Summit Alert for tax professionals to beware of a new phishing email scam. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials.

US-CERT encourages users and administrators to review the IRS Alert and US-CERT Security Tip ST04-014.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome OS

Thu, 2017-08-03 13:25
Original release date: August 03, 2017

Google has released Chrome OS version 60.0.3112.80 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Google Chrome blog entry and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Releases Alert on Gift Card Scams

Wed, 2017-08-02 21:08
Original release date: August 02, 2017

The Internet Crime Complaint Center (IC3) has released an alert warning consumers of music gift card scams. This type of scam targets victims, gains their confidence, and tricks them into providing gift card information. 

To stay safer online, review the IC3 alert on Online Scammers Require Payment via Music Application Gift Cards and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-08-02 17:49
Original release date: August 02, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.  

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

Tue, 2017-08-01 10:41
Original release date: August 01, 2017

The Department of Justice (DOJ) Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program.

US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a Vulnerability Disclosure Program for Online Systems.

This product is provided subject to this Notification and this Privacy & Use policy.


DOJ Provides Organizations a Framework for Development of a Vulnerability Disclosure Program

Tue, 2017-08-01 10:41
Original release date: August 01, 2017

The Department of Justice (DOJ) Criminal Division Cybersecurity Unit has developed a framework to assist organizations interested in creating a formal vulnerability disclosure program.

US-CERT encourages users, administrators, and organizations to review the DOJ publication, A Framework for a Vulnerability Disclosure Program for Online Systems.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases Security Updates

Fri, 2017-07-28 14:42
Original release date: July 28, 2017

Microsoft has released updates to address vulnerabilities affecting Microsoft Office. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Microsoft security advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases Security Updates

Fri, 2017-07-28 14:42
Original release date: July 28, 2017

Microsoft has released updates to address vulnerabilities affecting Microsoft Office. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Microsoft security advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


McAfee Releases Security Bulletin for Web Gateway

Thu, 2017-07-27 10:08
Original release date: July 27, 2017

McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review McAfee Security Bulletin SB10205 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


McAfee Releases Security Bulletin for Web Gateway

Thu, 2017-07-27 10:08
Original release date: July 27, 2017

McAfee has released a security bulletin to address multiple vulnerabilities in Web Gateway. Some of these vulnerabilities could allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review McAfee Security Bulletin SB10205 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 2017-07-27 10:01
Original release date: July 27, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability cisco-sa-20170726-anidos
  • Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability cisco-sa-20170726-aniacp

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 2017-07-27 10:01
Original release date: July 27, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Cisco IOS and IOS XE Software Autonomic Networking Infrastructure Denial of Service Vulnerability cisco-sa-20170726-anidos
  • Cisco IOS and IOS XE Software Autonomic Control Plane Channel Information Disclosure Vulnerability cisco-sa-20170726-aniacp

This product is provided subject to this Notification and this Privacy & Use policy.


Pages