US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 23 min 11 sec ago

Cisco Releases Security Updates

Wed, 2017-10-18 15:07
Original release date: October 18, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Wed, 2017-10-18 09:08
Original release date: October 18, 2017

Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases Security Bulletin

Tue, 2017-10-17 19:40
Original release date: October 17, 2017

Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the Oracle October 2017 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on DDoS Attacks

Tue, 2017-10-17 19:39
Original release date: October 17, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.

US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT's Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on IoT Devices

Tue, 2017-10-17 17:56
Original release date: October 17, 2017

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques.

This product is provided subject to this Notification and this Privacy & Use policy.


Today’s Predictions for Tomorrow’s Internet

Tue, 2017-10-17 06:24
Original release date: October 17, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Smart cities, connected devices, digitized records, as well as smart cars and homes, have become a new reality. While there are tremendous benefits to this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways. The National Cyber Security Alliance has released Online Cybersecurity Advice to help users access digital innovations safely and efficiently.

US-CERT encourages users and administrators to review the following resources:

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Mon, 2017-10-16 14:33
Original release date: October 16, 2017

Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


CERT/CC Reports WPA2 Vulnerabilities

Mon, 2017-10-16 08:20
Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

Wed, 2017-10-11 09:25
Original release date: October 11, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases October 2017 Security Updates

Tue, 2017-10-10 14:37
Original release date: October 10, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's October 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cybersecurity in the Workplace is Everyone’s Business

Tue, 2017-10-10 12:38
Original release date: October 10, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources including standards, guidelines, and best practices to help organizations of all sizes to strengthen cyber resilience.

US-CERT encourages organizations and employees to review the following resources:

 

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for macOS High Sierra

Thu, 2017-10-05 16:00
Original release date: October 05, 2017

Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-10-04 14:30
Original release date: October 04, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

Tue, 2017-10-03 16:26
Original release date: October 03, 2017

The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.

US-CERT encourages users and administrators to review the Apache security advisory for CVE-2017-12617 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for iOS

Tue, 2017-10-03 15:17
Original release date: October 03, 2017

Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.2 and apply the necessary update.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Tragic Event-Related Scams

Tue, 2017-10-03 09:11
Original release date: October 03, 2017

In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.

To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:

This product is provided subject to this Notification and this Privacy & Use policy.


National Cybersecurity Awareness Month: Simple Steps to Online Safety

Tue, 2017-10-03 06:30
Original release date: October 03, 2017

October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

US-CERT encourages users and administrators to review NCSA’s guidance for online safety basics and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.


Dnsmasq Contains Multiple Vulnerabilities

Tue, 2017-10-03 00:20
Original release date: October 03, 2017

Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78.

This product is provided subject to this Notification and this Privacy & Use policy.


October is National Cybersecurity Awareness Month

Sun, 2017-10-01 13:55
Original release date: October 01, 2017

October is National Cybersecurity Awareness Month (NCSAM). NSCAM is a collaborative effort between DHS and its public and private partners-including the National Cyber Security Alliance (NCSA)-to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. US-CERT will be participating in NCSAM through weekly posts in the Current Activity section of the US-CERT website. Over the course of the month, these will touch on

  • basic online safety,
  • cybersecurity at work,
  • protecting personal information,
  • careers in cybersecurity, and
  • cybersecurity and critical infrastructure.

Users and administrators are encouraged to review the Stay Safe Online NCSAM page and the Stay Safe Online NCSAM Events page for additional information and details on NCSA events.

This product is provided subject to this Notification and this Privacy & Use policy.


DNSSEC Key Signing Key Rollover Postponed

Fri, 2017-09-29 11:29
Original release date: September 29, 2017

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that the change to the Root Zone Key Signing Key (KSK) scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been determined.

DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.

Users and administrators are encouraged to review ICAAN announcement KSK Rollover Postponed and the US-CERT Current Activity on DNSSEC Key Signing Key Rollover for more information.

US-CERT will provide additional information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages