US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 42 perc 53 másodperc
2017. november 21.

Intel Firmware Vulnerability

Original release date: November 21, 2017

Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.

 

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 21.

Symantec Releases Security Update

Original release date: November 21, 2017

Symantec has released an update to address a vulnerability in the Symantec Management Console. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 20.

Windows ASLR Vulnerability

Original release date: November 20, 2017

The CERT Coordination Center (CERT/CC) has released information on a vulnerability in Windows Address Space Layout Randomization (ASLR) that affects Windows 8, Windows 8.1, and Windows 10. A remote attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC VU #817544 and apply the necessary workaround until a patch is released.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 17.

Holiday Scams and Malware Campaigns

Original release date: November 16, 2017

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Emails and ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver attachments infected with malware. Spoofed email messages and phony posts on social networking sites may request support for fraudulent causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission's Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites. See Choosing and Protecting Passwords for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 16.

Oracle Releases Security Alert

Original release date: November 16, 2017

Oracle has released a security alert to address multiple vulnerabilities in Oracle Tuxedo. A remote attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle Security Alert Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 15.

Cisco Releases Security Update

Original release date: November 15, 2017

Cisco has released a security update to address a vulnerability in its Voice Operating System software platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 14.

Mozilla Releases Security Updates

Original release date: November 14, 2017

Mozilla has released security updates to address multiple vulnerabilities in Firefox 57 and ESR 52.5. An attacker could exploit these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57 and ESR 52.5 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 14.

Microsoft Releases November 2017 Security Updates

Original release date: November 14, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft's November 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 14.

Adobe Releases Security Updates

Original release date: November 14, 2017

Adobe has released security updates to address vulnerabilities in Flash Player, Photoshop CC, Adobe Connect, DNG Converter, InDesign, Digital Editions, Shockwave Player, and Experience Manager. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-33, APSB17-34, APSB17-35, APSB17-37, APSB17-38, APSB17-39, APSB17-40, and APSB17-41, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 9.

Microsoft Releases Security Advisory on Dynamic Data Exchange (DDE)

Original release date: November 09, 2017

Microsoft has released an advisory that provides guidance on securing Dynamic Data Exchange (DDE) fields in Microsoft Office applications. Exploitation of this protocol may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Microsoft Security Advisory for more information and US-CERT's Tip on Using Caution with Email Attachments.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 7.

Joomla! Releases Security Update

Original release date: November 07, 2017

Joomla! has released version 3.8.2 of its Content Management System (CMS) software to address multiple vulnerabilities. A remote attacker could exploit one of these vulnerabilities to obtain sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 6.

Google Releases Security Update for Chrome

Original release date: November 06, 2017

Google has released Chrome version 62.0.3202.89 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 3.

Cisco Releases Security Update for IOS XE Software

Original release date: November 03, 2017

Cisco has released a security update to address a vulnerability in its IOS XE software. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. november 1.

Cisco Releases Security Updates

Original release date: November 01, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Wireless LAN Controller 802.11v Basic Service Set Transition Management Denial of Service Vulnerability cisco-sa-20171101-wlc2
  • Wireless LAN Controller Simple Network Management Protocol Memory Leak Denial of Service Vulnerability cisco-sa-20171101-wlc1
  • Identity Services Engine Privilege Escalation Vulnerability cisco-sa-20171101-ise
  • Firepower 4100 Series NGFW and Firepower 9300 Security Appliance Smart Licensing Command Injection Vulnerability cisco-sa-20171101-fpwr
  • Prime Collaboration Provisioning Authenticated SQL Injection Vulnerability cisco-sa-20171101-cpcp
  • Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability cisco-sa-20171101-apicem
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms Extensible Authentication Protocol Denial of Service Vulnerability cisco-sa-20171101-aironet2
  • Aironet 1560, 2800, and 3800 Series Access Point Platforms 802.11 Denial of Service Vulnerability cisco-sa-20171101-aironet1

This product is provided subject to this Notification and this Privacy & Use policy.


2017. október 31.

Apple Releases Multiple Security Updates

Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


2017. október 31.

WordPress Releases Security Update

Original release date: October 31, 2017

WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. október 31.

Protecting Critical Infrastructure from Cyber Threats

Original release date: October 31, 2017

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Building resilience in critical infrastructure is crucial to national security. The essential infrastructure systems that support our daily lives—such as electricity, financial institutions, and transportation—must be protected from cyber threats.

US-CERT encourages users and administrators to review the following:

This product is provided subject to this Notification and this Privacy & Use policy.


2017. október 30.

Oracle Releases Security Bulletin

Original release date: October 30, 2017

Oracle has released a security update bulletin to address a vulnerability in Oracle Identity Manager. A remote attacker could exploit this vulnerability to take control of an affected system.

Users and administrators are encouraged to review the Oracle Security Alert Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. október 27.

Google Releases Security Update for Chrome

Original release date: October 26, 2017

Google has released Chrome version 62.0.3202.75 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2017. október 24.

Multiple Ransomware Infections Reported

Original release date: October 24, 2017

US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.

US-CERT encourages users and administrators to review US-CERT Alerts TA16-181A and TA17-132A that describe recent ransomware events. Please report ransomware incidents to the Internet Crime Complaint Center (IC3). US-CERT will provide updated information as it becomes available.

This product is provided subject to this Notification and this Privacy & Use policy.