US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 2 hours 43 min ago

FBI Releases Article on Privacy Risks Associated with Internet-Connected Children's Toys

Mon, 2017-07-17 12:37
Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children's toys. FBI warns that Internet-connected toys may contain "sensors, microphones, cameras, data storage components, and other multimedia capabilities - including speech recognition and GPS options" that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy's data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy.

This product is provided subject to this Notification and this Privacy & Use policy.


FBI Releases Article on Privacy Risks Associated with Internet-Connected Children's Toys

Mon, 2017-07-17 12:37
Original release date: July 17, 2017

The Federal Bureau of Investigation (FBI) has released an article on the privacy risks associated with Internet-connected children's toys. FBI warns that Internet-connected toys may contain "sensors, microphones, cameras, data storage components, and other multimedia capabilities - including speech recognition and GPS options" that may put the privacy and safety of children at risk due to the disclosure of personal information. FBI recommends that consumers read user agreement disclosures and privacy practices for information on how a toy's data may be used.

Users and administrators are encouraged to review the FBI article for more information and refer to the US-CERT Tip Protecting Your Privacy.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Digital Security While Traveling

Fri, 2017-07-14 20:39
Original release date: July 14, 2017

The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).    

US-CERT encourages users to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Digital Security While Traveling

Fri, 2017-07-14 20:39
Original release date: July 14, 2017

The Federal Trade Commission (FTC) has released an alert on ensuring good digital security while traveling. Security recommendations include using caution while accessing free Wi-Fi hotspots, keeping all software updated, and using Virtual Private Networks (VPNs).    

US-CERT encourages users to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 2017-07-13 19:44
Original release date: July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Thu, 2017-07-13 19:44
Original release date: July 13, 2017

Cisco has released security updates to address several Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Juniper Releases ScreenOS Security Update

Thu, 2017-07-13 19:06
Original release date: July 13, 2017

Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site scripting vulnerabilities found in prior versions. An attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Juniper’s Security Bulletin and update all affected ScreenOS versions.

This product is provided subject to this Notification and this Privacy & Use policy.


Juniper Releases ScreenOS Security Update

Thu, 2017-07-13 19:06
Original release date: July 13, 2017

Juniper has released ScreenOS 6.3.0r24 to address multiple cross-site scripting vulnerabilities found in prior versions. An attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Juniper’s Security Bulletin and update all affected ScreenOS versions.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 2017-07-12 13:57
Original release date: July 12, 2017

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Samba Releases Security Updates

Wed, 2017-07-12 13:57
Original release date: July 12, 2017

The Samba Team has released security updates that address a vulnerability in all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Samba's Security Announcement and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases July 2017 Security Updates

Tue, 2017-07-11 12:38
Original release date: July 11, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's July 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases July 2017 Security Updates

Tue, 2017-07-11 12:38
Original release date: July 11, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's July 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-07-11 11:48
Original release date: July 11, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Connect. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-21 and APSB17-22 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Charity Scams

Thu, 2017-07-06 20:58
Original release date: July 06, 2017

The Federal Trade Commission (FTC) has released an alert on charity scams. Recent acts of fraud include solicitations from scammers requesting payment to claim a sweepstakes prize. Anytime someone asks you to pay to obtain a prize, it is a scam.

US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


IRS Launches 'Don't Take the Bait' Series

Thu, 2017-07-06 17:22
Original release date: July 06, 2017

As part of its Security Summit effort, the Internal Revenue Service (IRS) will be launching a new educational series called "Don't Take the Bait" on July 11, 2017. As part of the Protect Your Clients, Protect Yourself campaign, this series provides information about phishing scams targeting tax professionals and their clients.

US-CERT encourages tax payers and tax professionals to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-07-05 16:48
Original release date: July 05, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Joomla! Releases Security Update

Wed, 2017-07-05 14:19
Original release date: July 05, 2017

Joomla! has released version 3.7.3 of its Content Management System (CMS) software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the Joomla! Security Release and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Fri, 2017-06-30 15:43
Original release date: June 30, 2017

Cisco has released a security advisory to address Simple Network Management Protocol (SNMP) vulnerabilities in its IOS and IOS XE software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary workarounds until patches are released.

This product is provided subject to this Notification and this Privacy & Use policy.


Multiple Petya Ransomware Infections Reported

Tue, 2017-06-27 11:56
Original release date: June 27, 2017

US-CERT has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010. For general advice on how to best protect against ransomware infections, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).

This product is provided subject to this Notification and this Privacy & Use policy.


NIST Releases New Digital Identity Guidelines

Mon, 2017-06-26 21:48
Original release date: June 26, 2017

The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four volumes included outline technical guidelines for organizations implementing digital identity services.

US-CERT encourages information security practitioners in industry, government, and academic organizations to refer to the NIST blog post and SP 800-63 for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages