US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 2 min 13 sec ago

Mozilla Releases Security Updates

Tue, 2017-11-14 14:36
Original release date: November 14, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases November 2017 Security Updates

Tue, 2017-11-14 12:50
Original release date: November 14, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-11-14 11:41
Original release date: November 14, 2017

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

Thu, 2017-11-09 14:19
Original release date: November 09, 2017

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments.

This product is provided subject to this Notification and this Privacy & Use policy.


Joomla! Releases Security Update

Tue, 2017-11-07 10:40
Original release date: November 07, 2017

Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

Mon, 2017-11-06 16:50
Original release date: November 06, 2017

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Update for IOS XE Software

Fri, 2017-11-03 15:35
Original release date: November 03, 2017

Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-11-01 12:17
Original release date: November 01, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2
  • Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1
  • Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-ise
  • Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwr
  • Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcp
  • Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicem
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Multiple Security Updates

Tue, 2017-10-31 15:26
Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


WordPress Releases Security Update

Tue, 2017-10-31 15:21
Original release date: October 31, 2017

WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3.

This product is provided subject to this Notification and this Privacy & Use policy.


Protecting Critical Infrastructure from Cyber Threats

Tue, 2017-10-31 07:14
Original release date: October 31, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases Security Bulletin

Mon, 2017-10-30 13:09
Original release date: October 30, 2017

Oracle has released a security update bulletin to address a vulnerability in Oracle Identity Manager. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the Oracle Security Alert Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Update for Chrome

Thu, 2017-10-26 20:23
Original release date: October 26, 2017

Google has released Chrome version 62.0.3202.75 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Multiple Ransomware Infections Reported

Tue, 2017-10-24 12:16
Original release date: October 24, 2017

US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.

US-CERT encourages users and administrators to review US-CERT Alerts TA16-181A and TA17-132A that describe recent ransomware events. Please report ransomware incidents to the Internet Crime Complaint Center (IC3). US-CERT will provide updated information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.


The Internet Wants You: Consider a Career in Cybersecurity

Tue, 2017-10-24 06:32
Original release date: October 24, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. The month’s themes educate students and professionals about cybersecurity attack methods, best practices, and preventive measures and are geared toward informing the next generation of cybersecurity professionals. According to a study by the Center for Cyber Safety and Education, by 2022, there will be a shortage of 1.8 million information security workers. It is critical that today’s students graduate ready to enter the workforce and are open to learning more about the growing field of cybersecurity.

US-CERT encourages interested candidates to review the following resources for information on employment opportunities:

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-10-18 15:07
Original release date: October 18, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Wed, 2017-10-18 09:08
Original release date: October 18, 2017

Google has released Chrome version 62.0.3202.62 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Oracle Releases Security Bulletin

Tue, 2017-10-17 19:40
Original release date: October 17, 2017

Oracle has released its Critical Patch Update for October 2017 to address 252 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the Oracle October 2017 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on DDoS Attacks

Tue, 2017-10-17 19:39
Original release date: October 17, 2017

The Internet Crime Complaint Center (IC3) has issued an alert on distributed denial-of-service (DDoS)-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences.

US-CERT encourages users and administrators to review the IC3 Alert for more information and US-CERT's Alert on Heightened DDoS Threat Posed by Mirai and Other Botnets.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Alert on IoT Devices

Tue, 2017-10-17 17:56
Original release date: October 17, 2017

In conjunction with National Cyber Security Awareness Month, the Internet Crime Complaint Center (IC3) has issued an alert to individuals and businesses about the security risks involved with the Internet of Things (IoT). IoT refers to the emerging network of devices (e.g., smart TVs, home automation systems) that connect to one another via the Internet, often automatically sending and receiving data. IC3 warns that once a device is compromised, an attacker may take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages individuals and businesses to review the IC3 Alert for more information on IoT vulnerabilities and mitigation techniques.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages