US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 1 hour 17 min ago

Securing Mobile Devices During Summer Travel

Fri, 2018-05-25 12:27
Original release date: May 25, 2018

As summer begins, many people will travel with their mobile devices. Although these devices—such as smart phones, tablets, and laptops—offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while traveling with them.

NCCIC encourages users to review the NCCIC Tips on Holiday Traveling with Personal Internet-Enabled DevicesCybersecurity for Electronic Devices, and International Mobile Safety. The suggested security practices in these Tips will help travelers secure their portable devices during the summer travel season and throughout the year.

This product is provided subject to this Notification and this Privacy & Use policy.


IRS Warns Tax Professionals of Phishing Scam

Thu, 2018-05-24 18:37
Original release date: May 24, 2018

The Internal Revenue Service (IRS) has issued a news release warning tax professionals to beware of a new phishing email scam. Cyber criminals posing as state accounting and professional associations have been sending emails to entice their targets to reveal login credentials. Tax practitioners should be wary of unsolicited emails and forward email phishing attempts related to this scam to phishing@irs.gov.

NCCIC encourages users and administrators to review the IRS news release and NCCIC’s Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Building a Digital Defense with Credit Reports

Wed, 2018-05-23 15:37
Original release date: May 23, 2018

FBI has released an article on using credit reports to build a digital defense against identify theft. FBI explains how identity theft can deal a devastating blow to consumers' credit history. However, regularly checking the accuracy of credit reports can help consumers minimize risk.

NCCIC encourages consumers to review the FBI Article and NCCIC's Tip on Preventing and Responding to Identity Theft.

This product is provided subject to this Notification and this Privacy & Use policy.


VPNFilter Destructive Malware

Wed, 2018-05-23 08:03
Original release date: May 23, 2018

NCCIC is aware of a sophisticated modular malware system known as VPNFilter. Devices known to be affected by VPNFilter include Linksys, MikroTik, NETGEAR, and TP-Link networking equipment, as well as QNAP network-attached storage (NAS) devices. Devices compromised by VPNFilter may be vulnerable to the collection of network traffic (including website credentials), as well as the monitoring of Modbus supervisory control and data acquisition (SCADA) protocols.

VPNFilter has a destructive capability that can make the affected device unusable. Because the malware can be triggered to affect devices individually or multiple devices at once, VPNFilter has the potential to cut off internet access for hundreds of thousands of users.

NCCIC encourages users and administrators to review the Cisco blog post on VPNFilter for recommendations and to ensure that their devices are updated with the latest patches. NCCIC will provide updated information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.


Tragedy-Related Scams

Mon, 2018-05-21 18:20
Original release date: May 21, 2018

In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of fraudulent activity, NCCIC encourages users and administrators to review NCCIC's Tips on Using Caution With Email Attachments and Avoiding Social Engineering and Phishing Attacks as well as the Federal Trade Commission's article on Before Giving to a Charity.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update for Thunderbird

Fri, 2018-05-18 20:15
Original release date: May 18, 2018

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Advisories for BIND

Fri, 2018-05-18 16:05
Original release date: May 18, 2018

The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

NCCIC encourages users and administrators to review ISC Knowledge Base Articles AA-01602 and AA-01606 and apply the necessary updates or workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2018-05-16 15:40
Original release date: May 16, 2018

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Digital Defense Against ID Theft

Wed, 2018-05-16 02:10
Original release date: May 16, 2018

FBI has released an article on building a digital defense against identify theft. FBI explains that the growing number of data breaches put more people at risk of becoming a victim of identity theft. However, implementing basic security practices can help users minimize their risk.

NCCIC encourages consumers to review the FBI Article and the following NCCIC Tips for more information:

This product is provided subject to this Notification and this Privacy & Use policy.


Red Hat Addresses DHCP Client Vulnerability

Wed, 2018-05-16 02:01
Original release date: May 16, 2018

Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol (DHCP) client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the Red Hat Security Advisory 1567974VMSA and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Update

Tue, 2018-05-15 15:24
Original release date: May 15, 2018

VMware has released a security update to address a vulnerability in NSX SD-WAN Edge by VeloCloud. A remote attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0011 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


OpenPGP, S/MIME Mail Client Vulnerabilities

Mon, 2018-05-14 17:22
Original release date: May 14, 2018

The CERT Coordination Center (CERT/CC) has released information on email client vulnerabilities that can reveal plaintext versions of OpenPGP- and S/MIME-encrypted emails. A remote attacker could exploit these vulnerabilities to obtain sensitive information.

NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU #122919, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Promotes Privacy Awareness Week

Mon, 2018-05-14 16:53
Original release date: May 14, 2018

The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW) May 14–18, 2018. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “From Principles to Practice,” focuses on privacy protection and online security for businesses and individuals.

NCCIC encourages consumers and organizations to review FTC’s post and these related NCCIC resources:

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Mon, 2018-05-14 11:33
Original release date: May 14, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader and Photoshop CC. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.      

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-09 and APSB18-17 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

Thu, 2018-05-10 18:22
Original release date: May 10, 2018

Google has released Chrome version 66.0.3359.170 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which a remote attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates for Firefox

Wed, 2018-05-09 12:59
Original release date: May 09, 2018

Mozilla has released security updates to address vulnerabilities in Firefox ESR and Firefox. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefox ESR 52.8 and Firefox 60 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Debug Exception May Cause Unexpected Behavior

Tue, 2018-05-08 19:52
Original release date: May 08, 2018

CERT Coordination Center (CERT/CC) has released information for CVE-2018-8897 – unexpected behavior for debug exceptions. A local attacker could exploit this bug to obtain sensitive information.

NCCIC encourages users and administrators to review CERT/CC’s Vulnerability Note VU #631579 for more information and refer to operating system or software vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases May 2018 Security Updates

Tue, 2018-05-08 13:42
Original release date: May 08, 2018

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft's May 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2018-05-08 13:31
Original release date: May 08, 2018

Adobe has released security updates to address vulnerabilities in Adobe Connect, Adobe Flash Player, and Adobe Creative Cloud Desktop Application. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-18, APSB18-16, and APSB18-12 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases IC3 2017 Internet Crime Report

Mon, 2018-05-07 19:30
Original release date: May 07, 2018

FBI has released the Internet Crime Complaint Center (IC3) 2017 Internet Crime Report, which highlights scams trending online. The top three crime types reported by victims in 2017 were non-payment/non-delivery, personal data breach, and phishing. Hot topics for 2017 include ransomware, business email compromise, and tech support fraud.

NCCIC encourages users to review the IC3 2017 Internet Crime Report and NCCIC’s Tips on Safeguarding Your Data and Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages