US-CERT Feed

Apple Releases Multiple Security Updates

US-Cert Current Activity - Mon, 09/17/2018 - 4:57pm
Original release date: September 17, 2018

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

MS-ISAC Releases Advisory on PHP Vulnerabilities

US-Cert Current Activity - Fri, 09/14/2018 - 2:29pm
Original release date: September 14, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-101 and the PHP Downloads page and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Potential Hurricane Florence Phishing Scams

US-Cert Current Activity - Fri, 09/14/2018 - 2:19pm
Original release date: September 14, 2018

NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. Contact information for many charities is available on the BBB National Charity Report Index. User should also be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the hurricane.

NCCIC encourages users and administrators to review the following resources for more information on phishing scams and malware campaigns:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Google Releases Security Update for Chrome

US-Cert Current Activity - Tue, 09/11/2018 - 5:30pm
Original release date: September 11, 2018

Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Microsoft Releases September 2018 Security Updates

US-Cert Current Activity - Tue, 09/11/2018 - 4:22pm
Original release date: September 11, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft's September 2018 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Updates

US-Cert Current Activity - Tue, 09/11/2018 - 12:30pm
Original release date: September 11, 2018

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and ColdFusion. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-31 and APSB18-33 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

VMware Releases Security Updates

US-Cert Current Activity - Thu, 09/06/2018 - 4:04pm
Original release date: September 06, 2018

VMware has released security updates to address vulnerabilities in VMware AirWatch Agent and Content Locker. An attacker could exploit these vulnerabilities to obtain access to sensitive information.

NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0023 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Mozilla Releases Security Updates for Firefox

US-Cert Current Activity - Wed, 09/05/2018 - 4:03pm
Original release date: September 05, 2018

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisories for Firefox 62 and Firefox ESR 60.2 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Updates

US-Cert Current Activity - Wed, 09/05/2018 - 4:00pm
Original release date: September 05, 2018

Cisco has released updates to address multiple vulnerabilities affecting Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.  

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Problems with Automatic DNS Registration and Autodiscovery

US-Cert Current Activity - Wed, 09/05/2018 - 2:05pm
Original release date: September 05, 2018

The CERT Coordination Center (CERT/CC) has released information on problems associated with small office/home office routers using automatic Domain Name System (DNS) registration and autodiscovery. An attacker could exploit these problems to obtain sensitive information.

NCCIC encourages users and administrators to review CERT/CC's VU#598349 for further information and mitigation recommendations.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

September is National Preparedness Month

US-Cert Current Activity - Wed, 09/05/2018 - 1:54pm
Original release date: September 05, 2018

National Preparedness Month is a good opportunity to assess your emergency preparedness. While general preparedness is essential to getting through an emergency related to a natural disaster, the same is true of preparing for a cyber-related event, such as identity theft or a ransomware infection.

NCCIC encourages users and administrators to be prepared in case of a cyber-related event by regularly backing up files, keeping digital copies of important documents somewhere other than your computer (e.g., in the cloud), and regularly running antivirus scans.

Learn more about individual and family emergency preparedness at Ready.gov. For additional resources on preparing for and responding to unexpected cyber-related events, see Ready.gov/Cybersecurity and the following NCICC Tips:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Google Releases Security Update for Chrome

US-Cert Current Activity - Tue, 09/04/2018 - 3:54pm
Original release date: September 04, 2018

Google has released Chrome version 69.0.3497.81 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Cisco Releases Security Update

US-Cert Current Activity - Tue, 08/28/2018 - 9:34pm
Original release date: August 28, 2018

Cisco has released a security update to address a vulnerability in Cisco Data Center Network Manager. A remote attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

FTC Promotes Resources to Prevent Cyberbullying

US-Cert Current Activity - Tue, 08/28/2018 - 7:27pm
Original release date: August 28, 2018

The Federal Trade Commission (FTC) has released an announcement on the importance of addressing cyberbullying. As children return to school, FTC encourages parents and educators to monitor kids' online activity and engage in conversations about preventing cyberbullying.

NCCIC encourages users to review FTC’s article and the following resources for more information:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Update for Creative Cloud

US-Cert Current Activity - Tue, 08/28/2018 - 1:36pm
Original release date: August 28, 2018

Adobe has released a security update to address a vulnerability in Adobe Creative Cloud Desktop Application. An attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-32 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

FTC Issues Alert on Bitcoin Blackmail Scams

US-Cert Current Activity - Wed, 08/22/2018 - 4:10pm
Original release date: August 22, 2018

The Federal Trade Commission has released an alert on Bitcoin blackmail scams. In these schemes, scammers threaten victims with public disclosure of their "secret" unless they send a payment in Bitcoin.

NCCIC encourages users and administrators to refer to the FTC Alert and a related FBI press release for more information. If you believe you have been a victim of these scams, report it to the FBI's Internet Crime Complaint Center at www.ic3.gov.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Apache Releases Security Update for Apache Struts 2

US-Cert Current Activity - Wed, 08/22/2018 - 1:04pm
Original release date: August 22, 2018

The Apache Software Foundation has released a security update to address a vulnerability in Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16.

NCCIC encourages users and administrators to review Apache Security Bulletin S2-057 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Adobe Releases Security Updates

US-Cert Current Activity - Wed, 08/22/2018 - 12:37pm
Original release date: August 22, 2018

Adobe has released security updates to address vulnerabilities in Adobe Photoshop CC. An attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletin APSB18-28 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed

Ghostscript Vulnerability

US-Cert Current Activity - Tue, 08/21/2018 - 11:19pm
Original release date: August 21, 2018 | Last revised: August 22, 2018

NCCIC is aware of a Ghostscript vulnerability affecting various vendors. An attacker could exploit this vulnerability to take control of an affected system.
    
NCCIC encourages users and administrators to review the Vulnerability Note VU#332928, apply the necessary workarounds, and refer to vendors for appropriate patches, when available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: US-CERT Feed