US-CERT

Subscribe to US-CERT feed
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 2 hours 21 min ago

IRS Warns of Summertime Scams

Mon, 2017-06-26 12:47
Original release date: June 26, 2017

The Internal Revenue Service (IRS) has released an alert warning of various types of scams targeting taxpayers this summer. The alert describes common features of these cyber crimes, including: robocalls, private debt collection, and scams that target taxpayers with limited English proficiency.

Taxpayers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks.

 

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Releases Alert on Tech-Support Scams

Fri, 2017-06-23 15:09
Original release date: June 23, 2017

The Federal Trade Commission (FTC) has released an alert on technical-support scams. In these schemes, deceptive tech-support operations offer to fix problems that don't exist, placing calls or sending pop-ups to make people think their computers are infected with viruses. Users should not give control of their computers to any stranger offering to fix problems.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


IC3 Issues Internet Crime Report for 2016

Wed, 2017-06-21 17:40
Original release date: June 21, 2017

The Internet Crime Complaint Center (IC3) has released its 2016 Internet Crime Report, describing the numbers and types of cyber crimes reported to IC3. Business Email Compromise (BEC), ransomware attacks, tech support fraud, and extortion are all common schemes affecting people in the U.S. and around the world.

US-CERT encourages users to review the 2016 Internet Crime Report for details and refer to the US-CERT Security Publication on Ransomware for information on defending against this particular threat.

This product is provided subject to this Notification and this Privacy & Use policy.


Drupal Releases Security Updates

Wed, 2017-06-21 16:30
Original release date: June 21, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.56 or 8.3.4.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-06-21 14:45
Original release date: June 21, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Update

Thu, 2017-06-15 20:29
Original release date: June 15, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Thu, 2017-06-15 20:27
Original release date: June 15, 2017

Google has released Chrome version 59.0.3071.104 for Windows, Mac, and Linux. This version addresses several vulnerabilities, including one that an attacker could exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


ISC Releases Security Updates for BIND

Thu, 2017-06-15 00:26
Original release date: June 15, 2017

The Internet Systems Consortium (ISC) has released updates that address two vulnerabilities in BIND. An attacker could exploit one of these vulnerabilities to take control of an affected system.

Available updates include:

  • BIND version 9.11.1-P1
  • BIND version 9.10.5-P1
  • BIND version 9.9.10-P1

ISC recommends disabling LMDB (liblmdb) until BIND 9.11.2 is released later this summer. US-CERT encourages users and administrators to review ISC Knowledge Base Article AA-01497 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases June 2017 Security Updates

Tue, 2017-06-13 15:56
Original release date: June 13, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's June 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Tue, 2017-06-13 15:52
Original release date: June 13, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 54 and Firefox ESR 52.2 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Adobe Releases Security Updates

Tue, 2017-06-13 15:51
Original release date: June 13, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Shockwave Player, Captivate, and Digital Editions. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-17, APSB17-18, APSB17-19, and APSB17-20 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


FTC Recommends Steps to Protect Against Mobile Phone Theft

Thu, 2017-06-08 18:43
Original release date: June 08, 2017

The Federal Trade Commission (FTC) has released an alert about the theft of mobile phones and the best way to prepare for and recover from this kind of theft. Precautionary steps include regularly backing up the data on the phone, using strong passwords, and using two-factor authentication on any accounts on the phone.

US-CERT encourages users and administrators to refer to the FTC Alert and the US-CERT Tip on Cybersecurity for Electronic Devices for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Releases Security Updates

Wed, 2017-06-07 14:26
Original release date: June 07, 2017

Cisco has released updates to address several vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of a system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


VMware Releases Security Updates

Wed, 2017-06-07 10:27
Original release date: June 07, 2017

VMware has released security updates to address vulnerabilities in vSphere Data Protection. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0010 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Tue, 2017-06-06 05:39
Original release date: June 06, 2017

Google has released Chrome version 59.0.3071.86 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Pages