Subscribe: US-CERT Current Activity
http://www.us-cert.gov/current/index.atom
Preview: US-CERT Current Activity

US-CERT Current Activity



A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.



 



Google Releases Security Updates for Chrome

Fri, 02 Dec 2016 02:31:07 +0000

Original release date: December 01, 2016

Google has released Chrome version 55.0.2883.75 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Mozilla Releases Security Updates

Thu, 01 Dec 2016 01:28:05 +0000

Original release date: November 30, 2016

Mozilla has released security updates to address a vulnerability in Firefox, Firefox ESR, and Thunderbird. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 50.0.2
  • Firefox ESR 45.5.1
  • Thunderbird 45.5.1

US-CERT encourages users and administrators to review the Mozilla Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

Wed, 30 Nov 2016 17:40:45 +0000

Original release date: November 30, 2016

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking sites may request support for phony causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, users are encouraged to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.
  • Visit the Federal Trade Commission's Consumer Information page on Charity Scams.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Report the attack to the police and file a report with the Federal Trade Commission.
  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

This product is provided subject to this Notification and this Privacy & Use policy.





Mozilla Releases Security Update

Tue, 29 Nov 2016 02:57:28 +0000

Original release date: November 28, 2016

Mozilla has released a security update to address a vulnerability in Firefox versions 49 and 50. A remote attacker could exploit this vulnerability to take control of an affected system.

Available updates include:

  • Firefox 50.0.1   

Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Mon, 21 Nov 2016 18:50:19 +0000

Original release date: November 21, 2016

The Network Time Foundation's NTP Project has released version ntp-4.2.8p9 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review Vulnerability Note VU#633847 and the NTP Security Notice Page for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.





Symantec Releases Security Updates

Fri, 18 Nov 2016 17:14:34 +0000

Original release date: November 18, 2016

Symantec has released security updates to address a vulnerability in Norton and Symantec enterprise products. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and administrators are encouraged to review Symantec Security Advisory SYM16-021 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





VMware Releases Security Update

Thu, 17 Nov 2016 17:13:38 +0000

Original release date: November 17, 2016

VMware has released a security update to address a vulnerability in vRealize Operations. Exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0020 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





Mozilla Releases Security Updates

Wed, 16 Nov 2016 00:56:14 +0000

Original release date: November 15, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Available updates include:

  • Firefox 50
  • Firefox ESR 45.5

Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Symantec Releases Security Updates

Wed, 16 Nov 2016 00:47:28 +0000

Original release date: November 15, 2016

Symantec has released security updates to address a vulnerability in multiple products. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review Symantec Security Advisory SYM16-020 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Strategic Principles for Securing the IoT

Tue, 15 Nov 2016 22:42:46 +0000

Original release date: November 15, 2016

DHS has released a set of Strategic Principles for Securing the Internet of Things (IoT) to help inform consumers, operators and manufacturers in their decision-making regarding networked and networkable devices. While the IoT can provide efficiency, convenience, and interactivity features that are attractive, the IoT can also be vulnerable to manipulation by malicious actors, as observed in recent distributed denial-of-service (DDoS) attacks. US-CERT recommends reviewing the Strategic Principles for Securing the Internet of Things to learn more.


This product is provided subject to this Notification and this Privacy & Use policy.