US-CERT Feed

Mozilla Releases Security Update for Thunderbird

US-Cert Current Activity - Thu, 06/13/2019 - 10:34pm
Original release date: June 13, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.7.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Google Releases Security Updates for Chrome

US-Cert Current Activity - Thu, 06/13/2019 - 6:27pm
Original release date: June 13, 2019

Google has released Chrome 75.0.3770.90 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker can exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Exim Releases Security Patches

US-Cert Current Activity - Thu, 06/13/2019 - 3:41pm
Original release date: June 13, 2019

Exim has released patches to address a vulnerability affecting Exim versions 4.87–4.91. A remote attacker could exploit this vulnerability to take control of an affected email server. This vulnerability was detected in exploits in the wild.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Exim CVE-2019-10149 page and either upgrade to Exim 4.92 or apply the necessary patches.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

FTC Releases Alert on Updating Software

US-Cert Current Activity - Thu, 06/13/2019 - 3:37pm
Original release date: June 13, 2019

The Federal Trade Commission (FTC) has released an alert on keeping software up to date to help protect sensitive information such as financial and tax information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages consumers to review the FTC article and FTC’s OnGuardOnline for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Update for Cisco IOS XE

US-Cert Current Activity - Wed, 06/12/2019 - 5:19pm
Original release date: June 12, 2019

Cisco has released a security update to address a vulnerability in Cisco IOS XE. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco security advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Intel Releases Security Updates, Mitigations for Multiple Products

US-Cert Current Activity - Tue, 06/11/2019 - 3:23pm
Original release date: June 11, 2019

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Microsoft Releases June 2019 Security Updates

US-Cert Current Activity - Tue, 06/11/2019 - 2:03pm
Original release date: June 11, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s June 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Updates

US-Cert Current Activity - Tue, 06/11/2019 - 10:14am
Original release date: June 11, 2019

Adobe has released security updates to address vulnerabilities affecting ColdFusion, Adobe Campaign, and Adobe Flash Player. An attacker could exploit some these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletins APSB19-27, APSB19-28, and APSB19-30 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

CIS Releases 2018 Year in Review

US-Cert Current Activity - Mon, 06/10/2019 - 9:47pm
Original release date: June 10, 2019

The Center for Internet Security (CIS) has released its 2018 Year in Review. CIS is home to the Multi-State Information Sharing & Analysis Center (MS-ISAC), a Cybersecurity and Infrastructure Security Agency (CISA) partner focused on cyber threat prevention, protection, response, and recovery for U.S. state, local, tribal, and territorial government entities. The review highlights the creation of the Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC), the collaborative production of “A Handbook for Elections Infrastructure Security,” and MS-ISAC's advances.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

IC3 Issues Alert on HTTPS Phishing

US-Cert Current Activity - Mon, 06/10/2019 - 5:23pm
Original release date: June 10, 2019

The Internet Crime Complaint Center (IC3) has released an alert on Hypertext Transfer Protocol Secure (HTTPS) phishing—a scheme which lures email recipients into visiting malicious websites that look legitimate and secure.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the IC3 Alert and the CISA Tip on Avoiding Social Engineering and Phishing Attacks. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

IRS Warns of New Tax Scams

US-Cert Current Activity - Fri, 06/07/2019 - 5:23pm
Original release date: June 07, 2019

The Internal Revenue Service (IRS) has issued a reminder urging consumers to look out for two new variations of tax-related phone and email scams. The phone scam involves pre-recorded messages threatening to suspend or cancel a victim’s Social Security number, and the email phishing scam involves a fake agency—the “Bureau of Tax Enforcement”—claiming that the victim owes past due taxes.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages taxpayers to review the IRS Alert and CISA’s Tip on Avoiding Social Engineering and Phishing Attacks for more information on avoiding tax scams year round. If you believe you have been a victim of a tax-related scam, visit the IRS web page on Tax Scams - How to Report Them.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

FBI Releases Article on Protected Voices Campaign

US-Cert Current Activity - Thu, 06/06/2019 - 2:56pm
Original release date: June 06, 2019

The Federal Bureau of Investigation (FBI) has released an article on the Protected Voices initiative designed to mitigate the risk of cyber influence operations targeting U.S. elections. As part of the initiative, FBI offices are coordinating with political campaigns at the local, state, and federal levels across the country to make them aware of potential cybersecurity vulnerabilities. In partnership with the Department of Homeland Security and the Office of the Director of National Intelligence, FBI has also released a series of short videos to help political campaigns defend their computer networks. The videos include tips and best practices on topics such as setting strong passwords and defending against social engineering.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to review the FBI Article and the CISA Tip Best Practices for Securing Elections Systems for more information. CISA encourages election officials or campaign staff to report suspicious activity to their local FBI field office and to FBI CyWatch at cywatch@fbi.gov.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

VMware Releases Security Updates for Tools and Workstation

US-Cert Current Activity - Thu, 06/06/2019 - 9:11am
Original release date: June 06, 2019

VMware has released security updates to address vulnerabilities affecting Tools 10 and Workstation 15. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory VMSA-2019-0009 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Updates for Multiple Products

US-Cert Current Activity - Wed, 06/05/2019 - 7:26pm
Original release date: June 05, 2019

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

NSA Releases Advisory on BlueKeep Vulnerability

US-Cert Current Activity - Tue, 06/04/2019 - 8:38pm
Original release date: June 04, 2019

The National Security Agency (NSA) has released a cybersecurity advisory for CVE-2019-0708—a vulnerability dubbed BlueKeep. Although Microsoft has issued a patch, potentially millions of machines are still unpatched and remain vulnerable.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review NSA’s news release and advisory, Microsoft Security Response Center’s "A Reminder to Update Your Systems to Prevent a Worm", and Microsoft Customer Guidance for CVE-2019-0708. CISA recommends patching the affected operating systems:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Google Releases Security Update for Chrome

US-Cert Current Activity - Tue, 06/04/2019 - 8:24pm
Original release date: June 04, 2019

Google has released Chrome version 75.0.3770.80 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apple Releases Security Updates for AirPort Extreme, AirPort Time Capsule

US-Cert Current Activity - Thu, 05/30/2019 - 10:11pm
Original release date: May 30, 2019

Apple has released AirPort Base Station Firmware Update 7.91 to address vulnerabilities in AirPort Extreme and AirPort Time Capsule wireless routers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Information Security Agency (CISA) encourages users and administrators to review the Apple security page for AirPort Base Station Firmware Update 7.9.1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Hurricane-Related Scams

US-Cert Current Activity - Thu, 05/30/2019 - 6:05pm
Original release date: May 30, 2019

As the 2019 hurricane season approaches, the Cybersecurity and Infrastructure Security Agency (CISA) warns users to remain vigilant for malicious cyber activity targeting disaster victims and potential donors. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a hurricane-related subject line, attachments, or hyperlinks. In addition, users should be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

To avoid becoming victims of malicious activity, users and administrators should review the following resources and take preventative measures:

If you believe you have been a victim of cybercrime, file a complaint with the Federal Bureau of Investigation Internet Crime Complaint Center at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

MS-ISAC Highlights Verizon Data Breach Report Release

US-Cert Current Activity - Wed, 05/29/2019 - 10:53am
Original release date: May 29, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Cybersecurity Spotlight on the 2019 Verizon Data Breach Report to raise awareness of data breach incidents and provide recommended best practices for election officials. The report—produced annually by the Verizon Threat Research Advisory Center (VTRAC)—provides analysis on data breach trends affecting a variety of sectors, including public administration, healthcare, and education.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages election officials to review MS-ISAC’s Cybersecurity Spotlight and Verizon’s 2019 Data Breach Investigations Report for more information and recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Tips for a Cyber Safe Vacation

US-Cert Current Activity - Fri, 05/24/2019 - 1:45pm
Original release date: May 24, 2019

As summer nears, many people will soon be taking vacations. When planning vacations, users should be aware of potential rental scams and “free” vacation ploys. Travelers should also keep in mind risks related to travelling with mobile devices.

The Cybersecurity and Information Security Agency (CISA) encourages travelers to review the following suggested tips and security practices to keep their vacation cyber safe:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Pages