Current Activity

Tips for a Cyber Safe Vacation

1 month 4 weeks ago
Original release date: May 24, 2019

As summer nears, many people will soon be taking vacations. When planning vacations, users should be aware of potential rental scams and “free” vacation ploys. Travelers should also keep in mind risks related to travelling with mobile devices.

The Cybersecurity and Information Security Agency (CISA) encourages travelers to review the following suggested tips and security practices to keep their vacation cyber safe:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Privacy Awareness Week

2 months ago
Original release date: May 22, 2019

The Federal Trade Commission (FTC) has released an announcement promoting Privacy Awareness Week (PAW). PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “Protecting Privacy is Everyone’s Responsibility,” focuses on promoting privacy awareness for consumers and businesses.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers and organizations to review FTC’s post and consider the following practices to protect privacy and safeguard data:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Mozilla Releases Security Updates for Firefox, Thunderbird

2 months ago
Original release date: May 21, 2019 | Last revised: May 22, 2019

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 67, Firefox ESR 60.7, and Thunderbird 60.7 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Staying Cyber Safe During Memorial Day

2 months ago
Original release date: May 20, 2019 | Last revised: May 24, 2019

As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments with malware. Users should also be aware of the risks associated with online shopping and traveling with mobile devices.

CISA recommends users review the following tips for information on how to guard against these risks:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability

2 months 1 week ago
Original release date: May 16, 2019

Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:

  • In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008
  • Out-of-support systems: Windows 2003 and Windows XP

A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates for Multiple Products

2 months 1 week ago
Original release date: May 15, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates

2 months 1 week ago
Original release date: May 14, 2019

VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Adobe Releases Security Updates

2 months 1 week ago
Original release date: May 14, 2019

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases May 2019 Security Updates

2 months 1 week ago
Original release date: May 14, 2019 | Last revised: May 15, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Update Guide and May 2019 Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Intel Releases Security Updates, Mitigations for Multiple Products

2 months 1 week ago
Original release date: May 14, 2019 | Last revised: May 15, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Samba Releases Security Updates

2 months 1 week ago
Original release date: May 14, 2019

The Samba Team has released security updates to address a vulnerability in Samba. An attacker could exploit this vulnerability take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2018-16860 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Facebook Releases Security Advisory for WhatsApp

2 months 1 week ago
Original release date: May 14, 2019

Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Apple Releases Multiple Security Updates

2 months 1 week ago
Original release date: May 14, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

2 months 1 week ago
Original release date: May 13, 2019 | Last revised: May 14, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT Coordination Center's Vulnerability Note VU#400865 and the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

North Korean Malicious Cyber Activity

2 months 2 weeks ago
Original release date: May 09, 2019

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as ELECTRICFISH—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-21 and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Drupal Releases Security Update

2 months 2 weeks ago
Original release date: May 09, 2019

Drupal has released a security update to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-007 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Update for Elastic Services Controller

2 months 2 weeks ago
Original release date: May 07, 2019

Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

PrinterLogic Print Management Software Vulnerabilities

2 months 2 weeks ago
Original release date: May 05, 2019

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#1629249 and consider the listed workarounds until patches are made available.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

2 months 3 weeks ago
Original release date: May 01, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page  and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Google Releases Security Updates for Chrome

2 months 3 weeks ago
Original release date: April 30, 2019

Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT
Checked
1 month 3 weeks ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed