US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 19 perc 2 másodperc
2019. július 19.

Canadian Centre for Cyber Security Releases Advisory on Fileless Malware

Original release date: July 18, 2019

The Canadian Centre for Cyber Security (CCCS) has released an advisory on an Astaroth fileless malware campaign affecting Microsoft Windows. Astaroth resides solely in memory, and an attacker can use it and other fileless malware to steal information, such as credentials and keystrokes, and obtain other sensitive data.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review CCCS’s Fileless Malware Advisory for potential infection vectors and recommended mitigations and refer to CISA’s Tip on Protecting Against Malicious Code.
 

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 18.

WaterISAC Releases Cybersecurity Fundamentals

Original release date: July 17, 2019

The Water Information Sharing and Analysis Center (WaterISAC) recently released an updated cybersecurity fundamentals guide for water and wastewater utilities. The guide includes cybersecurity best practices, grouped into 15 categories, to help sector utilities reduce exploitable weaknesses and attacks. WaterISAC is a CISA partner focused on protecting Water and Wastewater Systems Sector utilities from all hazards.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages sector utilities and critical infrastructure owners and operators to review WaterISAC's 15 Cybersecurity Fundamentals for Water and Wastewater Utilities for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 17.

Drupal Releases Security Update

Original release date: July 17, 2019

Drupal has released a security update to address a vulnerability in Drupal Core. An attacker could exploit this vulnerability to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisory SA-CORE-2019-008 and apply the necessary update.
 

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 17.

Cisco Releases Security Updates for Multiple Products

Original release date: July 17, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 17.

NCSC Releases 2019 Active Cyber Defence Report

Original release date: July 16, 2019

The United Kingdom’s National Cyber Security Centre (NCSC) has released their 2019 Active Cyber Defence (ACD) report, which provides an analysis of program outcomes throughout 2018. NCSC’s ACD program—stood up in 2016—seeks to reduce harm from commodity cyberattacks against the United Kingdom.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NCSC’s report for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 17.

Microsoft Releases Security Updates for PowerShell Core

Original release date: July 16, 2019

Microsoft has released updates to address a vulnerability in PowerShell Core versions 6.1 and 6.2. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 17.

Oracle Releases July 2019 Security Bulletin

Original release date: July 16, 2019

Oracle has released its Critical Patch Update for July 2019 to address 319 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle July 2019 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 17.

DHS Webinar: Cybersecurity Threats to the Healthcare Sector

Original release date: July 16, 2019

The Department of Homeland Security (DHS) and the American Hospital Association (AHA) are conducting a webinar focused on current cybersecurity threats to the healthcare sector. The webinar will be held on Wednesday, July 17, 2019, at 1 p.m. ET.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages healthcare professionals and their customers to register for the webinar to learn more about ransomware and best practices for securing medical devices.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 16.

IRS Releases Six Cybersecurity Safeguards

Original release date: July 16, 2019

The Internal Revenue Service (IRS) has issued a news release outlining six cybersecurity safeguards to protect computers, email, and sensitive data. The recommendations are part of the Taxes. Security. Together. Checklist, which the IRS created to help tax professionals protect sensitive taxpayer data.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages tax professionals and taxpayers to review the IRS news release and CISA’s Tip on Safeguarding Your Data for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 16.

Google Releases Security Updates for Chrome

Original release date: July 15, 2019

Google has released Chrome 75.0.3770.142 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 13.

NCSC Releases Advisory on Ongoing DNS Hijacking Campaign

Original release date: July 12, 2019

The United Kingdom’s National Cyber Security Centre (NCSC) has released an advisory about an ongoing Domain Name System (DNS) hijacking campaign. The advisory details risks and mitigations for organizations to defend against this campaign, in which attackers use compromised credentials to modify the location to which an organization’s domain name resources resolve to redirect users, obtain sensitive information, and cause man-in-the-middle attacks.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review the NCSC Advisory, apply the recommended mitigations, and refer to CISA’s Alert AA19-024A – DNS Infrastructure Hijacking Campaign for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 12.

Atlassian Releases Security Updates for Jira

Original release date: July 11, 2019

Atlassian has released security updates to address a vulnerability affecting Jira Server and Jira Data Center. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Atlassian Security Advisory 2019-07-10 and Canadian Centre for Cyber Security Advisory AV19-143 and apply the necessary updates or mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 9.

Microsoft Releases July 2019 Security Updates

Original release date: July 9, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s July 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 9.

Intel Releases Security Updates

Original release date: July 9, 2019

Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Intel Security Advisories INTEL-SA-00267 and INTEL-SA-00268 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 9.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: July 9, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 68 and Firefox ESR 60.8 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 9.

Adobe Releases Security Updates

Original release date: July 9, 2019

Adobe has released security updates to address vulnerabilities affecting Bridge CC, Experience Manager, and Dreamweaver. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-37, APSB19-38, and APSB19-40 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 9.

U.S. Coast Guard Releases Cybersecurity Measures for Commercial Vessels

Original release date: July 8, 2019

The U.S. Coast Guard has released a Safety Alert with recommended cybersecurity best practices for commercial vessels. With a dynamic cybersecurity threat landscape and growing reliance on technology to support vessels, the maritime community can help strengthen their defenses by implementing the following basic cybersecurity measures:

  • Implement network segmentation.
  • Create network profiles for each employee, require unique login credentials, and limit privileges to only those necessary.
  • Be wary of external media.
  • Install anti-virus software.
  • Keep software updated.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages vessel and facility owners and operators to review the U.S. Coast Guard’s Safety Alert 06-19 for additional information, see CISA’s Tip on Securing Network Infrastructure Devices, and implement the recommended cybersecurity measures.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 5.

ACSC Releases Updated Essential Eight Maturity Model

Original release date: July 5, 2019

The Australian Cyber Security Centre (ACSC) has released updates to its Essential Eight Maturity Model. The model assists organizations in determining the maturity of their implementation of the Essential Eight—ACSC’s list of the top mitigation strategies to help organizations protect their systems against adversary threats. The model identifies three levels of maturity for each mitigation strategy.
 
ACSC is the government authority for providing protective security advice to the private sector and state and territory governments across Australia’s national infrastructure.

This product is provided subject to this Notification and this Privacy & Use policy.

2019. július 3.

Cisco Releases Security Updates for Multiple Products

Original release date: July 3, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2019. június 27.

Google Releases Security Updates for Chrome OS

Original release date: June 27, 2019

Google has released Chrome OS version 75.0.3770.102 for Chrome devices. This version addresses multiple vulnerabilities that an attacker could exploit to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.