Subscribe: US-CERT Current Activity
http://www.us-cert.gov/current/index.atom
Preview: US-CERT Current Activity

US-CERT Current Activity



A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.



 



Cisco Releases Security Updates

Wed, 22 Mar 2017 22:02:41 +0000

Original release date: March 22, 2017

Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

 


This product is provided subject to this Notification and this Privacy & Use policy.





Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Wed, 22 Mar 2017 17:20:27 +0000

Original release date: March 22, 2017

The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the NTP Security Notice Page for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates

Tue, 21 Mar 2017 15:57:06 +0000

Original release date: March 21, 2017

Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.





IRS Warns of Last-Minute Tax Scams

Sat, 18 Mar 2017 03:21:10 +0000

Original release date: March 17, 2017

The Internal Revenue Service (IRS) has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward suspicious emails to phishing@irs.gov.

Tax payers and tax professionals are encouraged to review the IRS alert and US-CERT's advice on Avoiding Social Engineering and Phishing Attacks.


This product is provided subject to this Notification and this Privacy & Use policy.





Mozilla Releases Security Updates

Sat, 18 Mar 2017 00:54:28 +0000

Original release date: March 17, 2017

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Microsoft Ending Support for Windows Vista

Fri, 17 Mar 2017 04:45:45 +0000

Original release date: March 17, 2017

All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive:

  • Security updates,
  • Non-security hotfixes,
  • Free or paid assisted support options, or
  • Online technical content updates from Microsoft.

Computers running the Windows Vista operating system will continue to work even after support ends. However, using unsupported software may increase the risks of viruses and other security threats.

Users and administrators are encouraged to upgrade to a currently supported operating system. For more information, see Microsoft's Vista support and product lifecycle articles.

US-CERT does not endorse or support any particular product or vendor.


This product is provided subject to this Notification and this Privacy & Use policy.





Microsoft SMBv1 Vulnerability

Thu, 16 Mar 2017 22:12:41 +0000

Original release date: March 16, 2017

Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 (SMBv1). Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Microsoft Security Bulletin MS17-010 and apply the update. For more information, see the Information Assurance Advisory and US-CERT's SMB Security Best Practices guidance.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates

Thu, 16 Mar 2017 00:26:05 +0000

Original release date: March 15, 2017

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.





Drupal Releases Security Update

Thu, 16 Mar 2017 00:21:25 +0000

Original release date: March 15, 2017

Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





VMware Releases Security Updates

Tue, 14 Mar 2017 19:52:20 +0000

Original release date: March 14, 2017

VMware has released security updates to address a vulnerability in Workstation and Fusion. A remote attacker could exploit this vulnerability and take control of an affected system.

Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0005 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.