US CERT: Current Activity

Subscribe to US CERT: Current Activity hírcsatorna
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Frissítve: 1 óra 52 perc
2020. január 21.

Reminder: Safeguard Websites from Cyberattacks

Original release date: January 21, 2020

Protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.   

For more information, review:

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 21.

Samba Releases Security Updates

Original release date: January 21, 2020

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344 and apply the necessary updates and workarounds.

 

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 18.

Citrix Adds SD-WAN WANOP, Updated Mitigations to CVE-2019-19781 Advisory

Original release date: January 17, 2020

Citrix has released an article with updates on CVE-2019-19781, a vulnerability affecting Citrix Application Delivery Controller (ADC) and Citrix Gateway. This vulnerability also affects Citrix SD-WAN WANOP product versions 10.2.6 and version 11.0.3. The article includes updated mitigations for Citrix ADC and Citrix Gateway Release 12.1 build 50.28. An attacker could exploit CVE-2019-19781 to take control of an affected system. Citrix plans to begin releasing security updates for affected software starting January 20, 2020.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends users and administrators:

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 18.

Microsoft Releases Security Advisory on Internet Explorer Vulnerability

Original release date: January 17, 2020

Microsoft has released a security advisory to address a critical vulnerability in Internet Explorer. A remote attacker could exploit this vulnerability to take control of an affected system. According to the advisory, “Microsoft is aware of limited targeted attacks.”

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC's Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 17.

Google Releases Security Updates for Chrome

Original release date: January 17, 2020

Google has released Chrome version 79.0.3945.130 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 14.

Oracle Releases January 2020 Security Bulletin

Original release date: January 14, 2020

Oracle has released its Critical Patch Update for January 2020 containing 334 new security patches to address vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle January 2020 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 14.

Adobe Releases Security Updates

Original release date: January 14, 2020

Adobe has released security updates to address vulnerabilities in Illustrator CC and Experience Manager. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB20-03 and APSB20-01 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 14.

VMware Releases Security Update

Original release date: January 14, 2020

VMware has released a security update to address a vulnerability in VMware Tools. An attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0002 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 14.

Intel Releases Security Updates

Original release date: January 14, 2020

Intel has released security updates to address vulnerabilities in multiple products. An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 14.

Microsoft Releases January 2020 Security Updates

Original release date: January 14, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s January 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 14.

CISA Releases Emergency Directive and Activity Alert on Critical Microsoft Vulnerabilities

Original release date: January 14, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Windows CryptoAPI and Windows Remote Desktop Protocol (RDP) server and client. A remote attacker could exploit these vulnerabilities to decrypt, modify, or inject data on user connections.

Although Emergency Directive 20-02 applies only to certain Executive Branch departments and agencies, CISA strongly recommends state and local governments, the private sector, and others also patch these critical vulnerabilities as soon as possible. Review the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 13.

CISA Releases Test for Citrix ADC and Gateway Vulnerability

Original release date: January 13, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.

CISA strongly advises affected organizations to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 and apply the mitigations until Citrix releases new versions of the software.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 9.

Juniper Networks Releases Security Updates

Original release date: January 9, 2020

Juniper Networks has released security updates to address multiple vulnerabilities in various Juniper products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 9.

Cisco Releases Security Updates for Multiple Products

Original release date: January 9, 2020

Cisco has released security updates to address vulnerabilities in Cisco Webex Video Mesh, Cisco IOS, and Cisco IOS XE Software. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Webex Video Mesh Advisory and the Cisco IOS and IOS XE Software Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 8.

Citrix Application Delivery Controller and Citrix Gateway Vulnerability

Original release date: January 8, 2020

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Citrix Application Delivery Controller and Citrix Gateway. A remote attacker could exploit this vulnerability to run arbitrary code on a targeted system. This vulnerability was detected in exploits in the wild.   

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 for more information and workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 8.

Mozilla Patches Critical Vulnerability

Original release date: January 8, 2020

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Firefox 72.0.1 and Firefox ESR 68.4.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 8.

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: January 8, 2020

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisories for Firefox 72 and Firefox ESR 68.4 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 8.

Google Releases Security Updates for Chrome

Original release date: January 8, 2020

Google has released security updates for Chrome version 79.0.3945.117 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 7.

Cisco Releases Security Updates

Original release date: January 7, 2020

Cisco has released security updates to address multiple vulnerabilities in Data Center Network Manager (DCNM). A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities see the Cisco Security Advisories webpage.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.

2020. január 7.

Release of New CISA Insights on Increased Geopolitical Tensions and Threats

Original release date: January 6, 2020

Stakeholders,
 
Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued a CISA Insights document entitled, “Increased Geopolitical Tensions and Threats” pertaining to the increased tension with Iran. You can read the new CISA Insights at CISA.gov/insights.
 
As the Nation’s risk advisor, CISA is sharing this to ensure you consider how increased geopolitical tensions and threats of aggression might affect you—such as retaliatory cyber and physical attacks. As you read these insights, we hope they assist in how you look at yourself, your facilities, and your operations from the outside-in. Knowing how you may be exposed or targeted will help you to be better prepared (to act, collaborate, and report).
 
As always, we need to hear from you on whether these insights make a difference and what else you recommend for infrastructure resilience, safety of personnel, and protection of the greater public—collective defense works best when we share what works, communicate, and coordinate. Contact us via cisaservicedesk@cisa.dhs.gov or your local CISA field representative.
 
Stay vigilant, stay connected, and help us—If You See Something, Say Something. For useful tips, resources and information about our offerings, and how to reach us and report information, please visit CISA.gov.

This product is provided subject to this Notification and this Privacy & Use policy.