Current Activity

Google Releases Security Updates for Chrome

3 days 4 hours ago
Original release date: February 21, 2020

Google has released Chrome version 80.0.3987.116 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. Note: although Google published an entry on these updates on Tuesday, February 18, the associated Common Vulnerabilities and Exposures numbers and descriptions appeared on the entry today, Friday, February 21.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates

4 days 5 hours ago
Original release date: February 20, 2020

Cisco has released security updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for After Effects and Media Encoder

4 days 5 hours ago
Original release date: February 20, 2020

Adobe has released security updates to address vulnerabilities in After Effects and Media Encoder. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB20-09 and APSB20-10 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

VMware Releases Security Updates for vRealize Operations for Horizon Adapter

5 days 2 hours ago
Original release date: February 19, 2020

VMware has released security updates to address multiple vulnerabilities in vRealize Operations for Horizon Adapter. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Be Cautious of Romance Scams

1 week 3 days ago
Original release date: February 14, 2020

This Valentine’s Day, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to be wary of internet romance scams. Cyber criminals partaking in this type of fraud target victims, gain their confidence, and convince them to transfer funds. When online dating, use caution and never send gifts or money to someone you have not met in person.

CISA encourages online daters to review the Federal Trade Commission’s alert It’s not true love if they ask for money and watch the FTC video Online Romance Imposter Scams. For more information review CISA’s Tip on Staying Safe on Social Networking Sites. If you believe you have been a victim of a romance scam, file a report with:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

North Korean Malicious Cyber Activity

1 week 3 days ago
Original release date: February 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) have identified the following malware variants used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

CISA encourages users and administrators to review the Malware Analysis Reports for each malware variant listed above and the North Korean Malicious Cyber Activity page for more information.
 

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools

1 week 5 days ago
Original release date: February 12, 2020 | Last revised: February 13, 2020

The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice, and Health and Human Services—features a fact sheet on Cyber Safety Considerations for K-12 Schools and School Districts. The factsheet provides guidance to educators, administrators, parents, and law enforcement officials on various online threats to students, including cyberbullying, ransomware, and online predation.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to read Cyber Safety Considerations for K-12 Schools and School Districts and to visit SchoolSafety.gov to learn more about all the resources available. Refer to CISA’s Tips on Keeping Children Safe Online and Dealing with Cyberbullies for additional best practices.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

FBI Releases IC3 2019 Internet Crime Report

1 week 5 days ago
Original release date: February 12, 2020 | Last revised: February 13, 2020

The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) has released the 2019 Internet Crime Report, which includes statistics based on data reported by the public through the IC3 website. The top three crimes types reported by victims in 2019 were phishing/vishing/smishing/pharming, non-payment/non-delivery, and extortion. FBI urges users to continue reporting complaints at www.ic3.gov to help law enforcement better combat cybercrime.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI press release and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Microsoft Releases February 2020 Security Updates

1 week 6 days ago
Original release date: February 11, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s February 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Intel Releases Security Updates

1 week 6 days ago
Original release date: February 11, 2020

Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Multiple Products

1 week 6 days ago
Original release date: February 11, 2020

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Mozilla Releases Security Updates for Multiple Products

1 week 6 days ago
Original release date: February 11, 2020

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Mozilla Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Safer Internet Day

2 weeks ago
Original release date: February 10, 2020

February 11, 2020, is Safer Internet Day, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's theme—Together for a better internet—encourages everyone to play their part in creating a safer, more secure internet.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to view the Safer Internet Day website and the following tips:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

ACSC Releases Advisory on Mailto Ransomware Incidents

2 weeks 4 days ago
Original release date: February 6, 2020

The Australian Cyber Security Centre (ACSC) has released an advisory on Mailto ransomware incidents. The ACSC has limited information regarding the initial intrusion vector for Mailto, also known as Kazakavkovkiz, but evidence suggests that Mailto actors may have used phishing and password spray attacks to comprise user accounts. The ACSC provides recommendations for users to detect and mitigate these types of attacks and assist with limiting their spread within networks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ACSC advisory on Mailto ransomware incidents and CISA’s Tip on Protecting Against Ransomware for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Multiple Products

2 weeks 4 days ago
Original release date: February 6, 2020

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories, as well Vulnerability Note #261385 from the CERT Coordination Center (CERT/CC), and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Google Releases Security Updates for Chrome

2 weeks 5 days ago
Original release date: February 5, 2020

Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

IRS Launches “Identity Theft Central” Webpage

2 weeks 6 days ago
Original release date: February 4, 2020

The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers, tax professionals, and businesses to review the IRS news release and CISA’s Tip on Preventing and Responding to Identity Theft for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

OpenSMTPD Vulnerability

3 weeks ago
Original release date: February 3, 2020

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting OpenSMTPD. An attacker could exploit this vulnerability to take control of an affected system. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#390745 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Adobe Releases Security Updates for Magento

3 weeks 3 days ago
Original release date: January 31, 2020

Adobe has released security updates to address vulnerabilities affecting Magento Commerce and Open Source editions. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-02 and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.

CISA

Cisco Releases Security Updates for Cisco Small Business Switches

3 weeks 4 days ago
Original release date: January 30, 2020

Cisco has released security updates to address vulnerabilities affecting Cisco Small Business Switches. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Cisco Security Advisories cisco-sa-smlbus-switch-dos-R6VquS2u and cisco-sa-20200129-smlbus-switch-disclos for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

CISA
Checked
6 minutes 54 seconds ago
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Subscribe to Current Activity feed