Current Activity

New Zealand Tragedy-Related Scams and Malware Campaigns

2 days 18 hours ago
Original release date: March 15, 2019 | Last revised: March 18, 2019

In the wake of the recent New Zealand mosque shootings, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events. Be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the event.

To avoid becoming a victim of malicious activity, users and administrators should consider taking the following preventive measures:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Intel Releases Security Advisories on Multiple Products

3 days ago
Original release date: March 15, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

VMware Releases Security Updates for Workstation and Horizon

3 days 1 hour ago
Original release date: March 15, 2019

VMware has released security updates to address vulnerabilities affecting Workstation 14 and 15, and Horizon 6 and 7. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0002 and VMSA-2019-0003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases Security Update for Azure Linux Guest Agent

3 days 15 hours ago
Original release date: March 14, 2019

Microsoft has released an update to address a vulnerability in Azure Linux Guest Agent. An attacker could exploit this vulnerability to obtain access to sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

MS-ISAC Releases Security Primer on TrickBot Malware

3 days 20 hours ago
Original release date: March 14, 2019

The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review MS-ISAC’s White Paper: Security Primer – TrickBot for more information and best practice recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

WordPress Releases Security Update

4 days 2 hours ago
Original release date: March 14, 2019

WordPress 5.1 and prior versions are affected by a vulnerability. An attacker could exploit this vulnerability to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.1.1.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

4 days 20 hours ago
Original release date: March 13, 2019

Cisco has released security updates to address vulnerabilities in Cisco products. A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Google Releases Security Updates for Chrome

4 days 20 hours ago
Original release date: March 13, 2019

Google has released Chrome version 73.0.3683.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system. 

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Microsoft Releases March 2019 Security Updates

5 days 21 hours ago
Original release date: March 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s March 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Adobe Releases Security Updates

6 days 2 hours ago
Original release date: March 12, 2019

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-15 and APSB19-16 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Google Releases Security Updates for Chrome

1 week 3 days ago
Original release date: March 07, 2019 | Last revised: March 08, 2019

Google has released Chrome version 72.0.3626.121 for Windows, Mac, and Linux. This version addresses a vulnerability that a remote attacker could exploit to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and the Google Security blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

ICSJWG Spring Meeting and Call for Abstracts (Deadline Extended)

1 week 3 days ago
Original release date: March 07, 2019

The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. The Spring Meeting kicks off the 10th anniversary of ICSJWG biannual meetings.

ICSJWG has extended its deadline for abstracts to be presented at the meeting to 5 p.m. ET, March 15, 2019.

The Cybersecurity and Infrastructure Security Agency (CISA) ICSJWG facilitates information sharing to reduce the risk to the Nation’s industrial control systems.

Visit the ICSJWG website for registration and submission information.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

1 week 4 days ago
Original release date: March 06, 2019

Cisco has released multiple security updates to address vulnerabilities in various Cisco products. An attacker could exploit some of those vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

IRS Launches ‘Dirty Dozen’ Campaign on Tax Scams

1 week 6 days ago
Original release date: March 04, 2019

The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users’ personal information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, businesses, and tax professionals to review the IRS’s Dirty Dozen alert, check the IRS website for more daily Dirty Dozen tax scams, and see CISA’s Tip on Avoiding Social Engineering and Phishing Attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Adobe Releases Security Updates for ColdFusion

2 weeks 2 days ago
Original release date: March 01, 2019

Adobe has released security updates to address a vulnerability in ColdFusion. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB19-14 and apply the necessary updates or mitigation.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Cisco Releases Security Updates

2 weeks 4 days ago
Original release date: February 27, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

National Consumer Protection Week

2 weeks 4 days ago
Original release date: February 27, 2019

National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review FTC’s NCPW resource page, participate in the NCPW Twitter chats and Facebook Live event, and review the following CISA tips:

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

OpenSSL Releases Security Update

2 weeks 5 days ago
Original release date: February 26, 2019

OpenSSL version 1.0.2r has been released to address a vulnerability for users of versions 1.0.2–1.0.2q. An attacker could exploit this vulnerability to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

ISC Releases Security Updates for BIND

3 weeks 3 days ago
Original release date: February 22, 2019

The Internet Systems Consortium (ISC) has released security updates that address vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit one of these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for CVE-2018-5744, CVE-2018-5745, and CVE-2019-6465, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT

Drupal Releases Security Updates

3 weeks 4 days ago
Original release date: February 21, 2019

Drupal has released security updates to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected system.


The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


US-CERT
Checked
2 hours 18 minutes ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed