US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 2 hours 43 min ago

Google Releases Security Updates for Chrome

Fri, 2017-09-22 09:05
Original release date: September 22, 2017

Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Joomla! Releases Security Update

Wed, 2017-09-20 23:18
Original release date: September 21, 2017

Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 2017-09-20 19:47
Original release date: September 20, 2017

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information.

US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163 and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-09-20 19:07
Original release date: September 20, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on Disaster-Related Fraud

Wed, 2017-09-20 17:53
Original release date: September 20, 2017

The Internet Crime Complaint Center (IC3) has released an announcement on fraudulent cyber activity related to natural disasters. IC3 reports that scammers have recently used email and social-networking sites to solicit money from disaster victims with scams on false temporary housing and job opportunities. In addition, IC3 warns the public to be cautious of solicitations for charitable donations.

US-CERT encourages consumers to review the IC3 Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alerts on Protecting Against Identity Theft

Wed, 2017-09-20 15:58
Original release date: September 20, 2017

The Federal Trade Commission (FTC) has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major credit reporting agencies: Equifax, Transunion, and Experian. Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax. 

US-CERT encourages users to refer to the FTC alerts on Equifax credit freezes and fraud alerts vs. credit freezes. See the US-CERT Tip on Preventing and Responding to Identity Theft for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


WordPress Releases Security Update

Wed, 2017-09-20 07:50
Original release date: September 20, 2017

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Updates

Tue, 2017-09-19 15:56
Original release date: September 19, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Avast’s Piriform Releases Security Update for CCleaner

Tue, 2017-09-19 12:44
Original release date: September 19, 2017

Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Floxif malware collects information from the victim's system and can download additional malware to the system.

US-CERT encourages users and administrators to review the Piriform Security Notification and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

Tue, 2017-09-19 12:43
Original release date: September 19, 2017

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server. 

US-CERT encourages users and administrators to review the Apache advisories for CVE-2017-12615 and CVE-2017-12616 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Fri, 2017-09-15 12:03
Original release date: September 15, 2017

VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0015 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Potential Phishing Scams Related to Equifax Data Breach

Thu, 2017-09-14 10:07
Original release date: September 14, 2017

The Federal Trade Commission (FTC) has released an alert on scams related to the Equifax data breach. FTC warns consumers to be wary of calls or emails purporting to be from Equifax agents. Legitimate Equifax representatives will not contact consumers to ask for verification of their information.

US-CERT encourages consumers to report fraudulent calls and emails to the FTC Complaint Assistant and to refer to the FTC Alert and US-CERT Tips on Avoiding Social Engineering and Phishing Attacks and Preventing and Responding to Identity Theft for more information.

 

This product is provided subject to this Notification and this Privacy & Use policy.


BlueBorne Bluetooth Vulnerabilities

Tue, 2017-09-12 16:26
Original release date: September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases September 2017 Security Updates

Tue, 2017-09-12 16:17
Original release date: September 12, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's September 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-09-12 15:29
Original release date: September 12, 2017

Adobe has released security updates to address vulnerabilities in Adobe RoboHelp, Flash Player, and ColdFusion. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-25, APSB17-28, and APSB17-30 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Update

Mon, 2017-09-11 12:04
Original release date: September 11, 2017

Cisco has released an update to address an Apache Struts 2 vulnerability affecting multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Hurricane-Related Scams

Fri, 2017-09-08 12:56
Original release date: September 08, 2017

As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to originate from trusted sources. Disaster-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, or door-to-door solicitations relating to the recent hurricanes.

To avoid becoming a victim of fraudulent activity, users and administrators should consider taking the following preventive measures:

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Wed, 2017-09-06 16:02
Original release date: September 06, 2017

Google has released Chrome version 61.0.3163.79 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Software Foundation Releases Security Update

Wed, 2017-09-06 00:55
Original release date: September 06, 2017

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Apache Security Bulletin and upgrade to Struts 2.5.13.

This product is provided subject to this Notification and this Privacy & Use policy.


Potential Hurricane Harvey Phishing Scams

Mon, 2017-08-28 13:40
Original release date: August 28, 2017

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

 

This product is provided subject to this Notification and this Privacy & Use policy.


Pages