Subscribe: US-CERT Current Activity
http://www.us-cert.gov/current/index.atom
Preview: US-CERT Current Activity

US-CERT Current Activity



A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.



 



OpenSSL Releases Security Update

Fri, 17 Feb 2017 02:23:11 +0000

Original release date: February 16, 2017

OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Update

Wed, 15 Feb 2017 19:20:15 +0000

Original release date: February 15, 2017

Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





FBI Releases Article on Romance Scams

Wed, 15 Feb 2017 04:01:16 +0000

Original release date: February 14, 2017

The Federal Bureau of Investigation (FBI) has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.

To stay safer online, review the FBI article on Romance Scams and US-CERT publication ST06-003 on staying safe on social networking sites. Please file a complaint with the FBI's Internet Crime Complaint Center if you believe you have been the victim of a romance scam.


This product is provided subject to this Notification and this Privacy & Use policy.





Adobe Releases Security Updates

Tue, 14 Feb 2017 15:57:23 +0000

Original release date: February 14, 2017

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04, APSB17-05, and APSB17-06 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Apple Releases Security Update

Tue, 14 Feb 2017 13:25:52 +0000

Original release date: February 14, 2017

Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.





Enhanced Analysis of GRIZZLY STEPPE

Sat, 11 Feb 2017 02:24:42 +0000

Original release date: February 10, 2017

The Department of Homeland Security (DHS) has released an Analysis Report (AR) related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to counter this threat.

US-CERT recommends that network administrators review the Analysis Report and the previously-released Joint Analysis Report for additional information and mitigation recommendations.


This product is provided subject to this Notification and this Privacy & Use policy.





ISC Releases Security Updates for BIND

Thu, 09 Feb 2017 00:29:07 +0000

Original release date: February 08, 2017 | Last revised: February 09, 2017

The Internet Systems Consortium (ISC) has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Available updates include:

  • BIND 9 version 9.9.9-P6
  • BIND 9 version 9.10.4-P6
  • BIND 9 version 9.11.0-P3
  • BIND 9 version 9.9.9-S8

Users and administrators are encouraged to review ISC Knowledge Base Article AA-01453 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Clock Signal Component Failure Advisory

Mon, 06 Feb 2017 23:40:32 +0000

Original release date: February 06, 2017

Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use.

US-CERT encourages users and administrators to review the Cisco advisory for more information and replacement guidance.


This product is provided subject to this Notification and this Privacy & Use policy.





CERT/CC Reports a Microsoft SMB Vulnerability

Fri, 03 Feb 2017 08:48:07 +0000

Original release date: February 03, 2017

CERT Coordination Center (CERT/CC) has released information on a Server Message Block (SMB) vulnerability affecting Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition.

No patches are currently available, but mitigations include blocking outbound SMB connections (TCP ports 139 and 445 and UDP ports 137 and 138) from the local network to the wide-area network. For more information, see VU#867968.


This product is provided subject to this Notification and this Privacy & Use policy.





Cisco Releases Security Updates

Wed, 01 Feb 2017 17:59:06 +0000

Original release date: February 01, 2017

Cisco has released security updates to address a vulnerability in its Prime Home platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability and mitigation details.


This product is provided subject to this Notification and this Privacy & Use policy.