US-CERT Feed

Cisco Releases Security Updates

US-Cert Current Activity - 4 hours 3 min ago
Original release date: February 20, 2019

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

VMware Releases Security Updates

US-Cert Current Activity - Fri, 02/15/2019 - 7:06pm
Original release date: February 15, 2019

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Update for Thunderbird

US-Cert Current Activity - Thu, 02/14/2019 - 3:22pm
Original release date: February 14, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Updates for Firefox

US-Cert Current Activity - Tue, 02/12/2019 - 7:26pm
Original release date: February 12, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Microsoft Releases February 2019 Security Updates

US-Cert Current Activity - Tue, 02/12/2019 - 3:12pm
Original release date: February 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Microsoft's February 2019 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Internet Romance Scams

US-Cert Current Activity - Tue, 02/12/2019 - 2:28pm
Original release date: February 12, 2019

The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. Use caution when online dating, and never send money or gifts to someone you have not met in person.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users to review FTC’s article on Romance Scams and NCCIC’s tip on Staying Safe on Social Networking Sites. If you think you have been a target of a romance scam, file a report with

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Update

US-Cert Current Activity - Tue, 02/12/2019 - 1:35pm
Original release date: February 12, 2019

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Updates

US-Cert Current Activity - Tue, 02/12/2019 - 11:39am
Original release date: February 12, 2019

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity

US-Cert Current Activity - Tue, 02/12/2019 - 8:19am
Original release date: February 12, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provide a background on the identified cyber activity and mitigation techniques. Click here to register.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

runc Open-Source Container Vulnerability

US-Cert Current Activity - Mon, 02/11/2019 - 2:26pm
Original release date: February 11, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that leverage runc.

NCCIC encourages users and administrators to review the runc security advisory, and the RedHat and Amazon Web Services blogs; and refer to OS and application vendors for mitigations and updates as they become available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apple Releases Multiple Security Updates

US-Cert Current Activity - Thu, 02/07/2019 - 2:12pm
Original release date: February 07, 2019

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Microsoft Releases Security Advisory for Exchange Server

US-Cert Current Activity - Tue, 02/05/2019 - 9:50pm
Original release date: February 05, 2019

Microsoft has released an advisory to address an elevation of privilege vulnerability in Microsoft Exchange Server. An attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center's Vulnerability Note VU#465632 and consider the workarounds until an update is available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Marvell Avastar Wi-Fi Vulnerability

US-Cert Current Activity - Tue, 02/05/2019 - 6:41pm
Original release date: February 05, 2019

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting Marvell Avastar wireless system on chip (SoC) models. An attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Note VU#730261 for more information and refer to vendors for appropriate updates, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

NSA Releases Updated Guidance on Side-Channel Vulnerabilities

US-Cert Current Activity - Fri, 02/01/2019 - 2:21pm
Original release date: February 01, 2019

The National Security Agency (NSA) has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the NSA Cybersecurity Advisory on Updated Guidance for Vulnerabilities Affecting Modern Processors and Hardware and Firmware Security Guidance GitHub website for more information and updated mitigations.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

NCCIC Awareness Briefing on Chinese Malicious Cyber Activity

US-Cert Current Activity - Wed, 01/30/2019 - 11:25am
Original release date: January 30, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers (MSPs). Briefings will be held from 1–2 p.m. ET on the dates listed below:

CISA encourages MSPs and their customers to register for the briefing by clicking on one of the dates listed above. The briefing will provide a background on the identified cyber activity and mitigation techniques.   

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

MS-ISAC Releases Advisory on DNS Flag Day

US-Cert Current Activity - Wed, 01/30/2019 - 11:17am
Original release date: January 30, 2019

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an alert on Domain Name System (DNS) Flag Day, which is Friday, February 1, 2019. On DNS Flag Day, DNS software and service providers will roll out updates to remove workarounds that allow users to bypass the Extension Mechanisms Protocol for DNS (EDNS). While the updates will improve DNS operations, some domains served by DNS servers operating out-of-date software may become unavailable.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review MS-ISAC's Cyber Alert: DNS Flag Day for more information and the DNS Flag Day website to determine whether a domain name will be affected.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Update for Thunderbird

US-Cert Current Activity - Wed, 01/30/2019 - 11:12am
Original release date: January 30, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit one of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Google Releases Security Updates for Chrome

US-Cert Current Activity - Tue, 01/29/2019 - 9:34pm
Original release date: January 29, 2019

Google has released Chrome version 72.0.3626.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker could exploit to take control of an affected system.  

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Chrome Releases page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Updates for Firefox

US-Cert Current Activity - Tue, 01/29/2019 - 2:27pm
Original release date: January 29, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65 and Firefox ESR 60.5 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

CERT/CC Reports Microsoft Exchange 2013 and Newer are Vulnerable to NTLM Relay Attacks

US-Cert Current Activity - Mon, 01/28/2019 - 8:53pm
Original release date: January 28, 2019

The CERT Coordination Center (CERT/CC) has released information to address NTLM relay attacks affecting Microsoft Exchange 2013 and newer versions. A remote attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Note VU#465632 and apply the necessary workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Pages