US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 8 min 15 sec ago

Today’s Predictions for Tomorrow’s Internet

Tue, 2017-10-17 06:24
Original release date: October 17, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Smart cities, connected devices, digitized records, as well as smart cars and homes, have become a new reality. While there are tremendous benefits to this technology, it is critical to understand how to use these cutting-edge innovations in safe and secure ways. The National Cyber Security Alliance has released Online Cybersecurity Advice to help users access digital innovations safely and efficiently.

US-CERT encourages users and administrators to review the following resources:

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Mon, 2017-10-16 14:33
Original release date: October 16, 2017

Adobe has released security updates to address a vulnerability in Adobe Flash Player. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB17-32 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


CERT/CC Reports WPA2 Vulnerabilities

Mon, 2017-10-16 08:20
Original release date: October 16, 2017

CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system.

The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC's VU #228519.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

Wed, 2017-10-11 09:25
Original release date: October 11, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases October 2017 Security Updates

Tue, 2017-10-10 14:37
Original release date: October 10, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's October 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Cybersecurity in the Workplace is Everyone’s Business

Tue, 2017-10-10 12:38
Original release date: October 10, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources including standards, guidelines, and best practices to help organizations of all sizes to strengthen cyber resilience.

US-CERT encourages organizations and employees to review the following resources:

 

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for macOS High Sierra

Thu, 2017-10-05 16:00
Original release date: October 05, 2017

Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-10-04 14:30
Original release date: October 04, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Apache Releases Security Updates for Apache Tomcat

Tue, 2017-10-03 16:26
Original release date: October 03, 2017

The Apache Software Foundation has released Apache Tomcat 9.0.1 and 8.5.23 to address a vulnerability in previous versions of the software. A remote attacker could exploit this vulnerability to take control of an affected server.

US-CERT encourages users and administrators to review the Apache security advisory for CVE-2017-12617 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Apple Releases Security Update for iOS

Tue, 2017-10-03 15:17
Original release date: October 03, 2017

Apple has released iOS 11.0.2 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.2 and apply the necessary update.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Tragic Event-Related Scams

Tue, 2017-10-03 09:11
Original release date: October 03, 2017

In the wake of Sunday's tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, users should be wary of social media pleas, calls, texts, fraudulent donation websites, and door-to-door solicitations relating to the recent tragic event.

To avoid becoming victims of fraudulent activity, users and administrators should consider taking the following preventive measures:

This product is provided subject to this Notification and this Privacy & Use policy.


National Cybersecurity Awareness Month: Simple Steps to Online Safety

Tue, 2017-10-03 06:30
Original release date: October 03, 2017

October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities.

US-CERT encourages users and administrators to review NCSA’s guidance for online safety basics and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.


Dnsmasq Contains Multiple Vulnerabilities

Tue, 2017-10-03 00:20
Original release date: October 03, 2017

Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages