US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 2 óra 27 perc
2019. május 16.

Microsoft Releases Security Updates to Address Remote Code Execution Vulnerability

Original release date: May 16, 2019

Microsoft has released security updates to address a remote code execution vulnerability in the following in-support and out-of-support operating systems:

  • In-support systems: Windows 7, Windows Server 2008 R2, and Windows Server 2008
  • Out-of-support systems: Windows 2003 and Windows XP

A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and Microsoft Customer Guidance for CVE-2019-0708 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 15.

Cisco Releases Security Updates for Multiple Products

Original release date: May 15, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

VMware Releases Security Updates

Original release date: May 14, 2019

VMware has released security updates to address vulnerabilities in vCenter Server, ESXi, Workstation, and Fusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisories VMSA-2019-0007 and VMSA-2019-0008 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Adobe Releases Security Updates

Original release date: May 14, 2019

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-29, APSB19-26, and APSB19-18 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Microsoft Releases May 2019 Security Updates

Original release date: May 14, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s May 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Intel Releases Security Updates, Mitigations for Multiple Products

Original release date: May 14, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Intel Product Security Center Advisories page, apply the necessary mitigations, and refer to vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Samba Releases Security Updates

Original release date: May 14, 2019

The Samba Team has released security updates to address a vulnerability in Samba. An attacker could exploit this vulnerability take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcement for CVE-2018-16860 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Facebook Releases Security Advisory for WhatsApp

Original release date: May 14, 2019

Facebook has released a security advisory to address a vulnerability in WhatsApp. A remote attacker could exploit this vulnerability to take control of an affected device.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the Facebook Security Advisory for CVE-2019-3568 and upgrade to the appropriate version.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Apple Releases Multiple Security Updates

Original release date: May 14, 2019

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 14.

Cisco Releases Security Updates

Original release date: May 13, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 9.

North Korean Malicious Cyber Activity

Original release date: May 09, 2019

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a malware variant—referred to as ELECTRICFISH—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-21 and the page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 9.

Drupal Releases Security Update

Original release date: May 09, 2019

Drupal has released a security update to address a vulnerability in Drupal Core. A remote attacker could exploit this vulnerability to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-007 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 7.

Cisco Releases Security Update for Elastic Services Controller

Original release date: May 07, 2019

Cisco has released a security update to address a vulnerability in Cisco Elastic Services Controller. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 5.

PrinterLogic Print Management Software Vulnerabilities

Original release date: May 05, 2019

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting PrinterLogic Print Management Software. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#1629249 and consider the listed workarounds until patches are made available.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 1.

Cisco Releases Security Updates

Original release date: May 01, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page  and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. május 1.

Google Releases Security Updates for Chrome

Original release date: April 30, 2019

Google has released Chrome version 74.0.3729.131 for Windows, Mac, and Linux. This version addresses two vulnerabilities, one of which an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. április 30.

CISA Releases Binding Operational Directive on Vulnerability Remediation

Original release date: April 30, 2019

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 19-02, Vulnerability Remediation Requirements for Internet-Accessible Systems. BOD 19-02 requires federal agencies to ensure effective and timely remediation of critical and high vulnerabilities.

CISA encourages users and administrators to review the CISA blog post on the BOD 19-02 release. Federal agencies should review BOD 19-02 for required actions and reporting procedures. 

This product is provided subject to this Notification and this Privacy & Use policy.


2019. április 27.

Oracle Releases Security Alert

Original release date: April 26, 2019

Oracle has released a security alert to address a vulnerability in WebLogic. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle Security Alert and the Multi-State Information Sharing & Analysis Center Advisory 2019-048 for more information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


2019. április 26.

FTC Releases Article on Keeping Children Safe Online

Original release date: April 26, 2019

The Federal Trade Commission (FTC) has released an article with tips for parents to keep their children safe online.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and the following additional resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.


2019. április 25.

ISC Releases BIND Security Updates

Original release date: April 25, 2019

The Internet Systems Consortium (ISC) has released updates that address vulnerabilities in versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for CVE-2018-5743, CVE-2019-6467, and CVE-2019-6468 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.