National Consumer Protection Week

National Consumer Protection Week NCPW is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission FTC and its NCPW partners provide free resources to protect consumers from fraud, scams...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure...

DNS Infrastructure Hijacking Campaign

The National Cybersecurity and Communications Integration Center NCCIC, part of the Cybersecurity and Infrastructure Security Agency CISA, is aware of a global Domain Name System DNS infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere Data Protection. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0029 and apply the...

National Cybersecurity Awareness Month: Staying Secure

National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not. NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge. Thi...

DHS Webinar: Communicating Cyber Risk to Agency Decision Makers and Mission Owners

DHS Office of Cybersecurity and Communications Assistant Secretary Jeanette Manfra is hosting a webinar on communicating cybersecurity risk issues to federal department and agency executives and mission owners on Tuesday, October 30, 2018, from 12-1 p.m. ET. NCCIC encourages users and...

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center MS-ISAC has released an advisory on multiple Hypertext Preprocessor PHP vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review MS-ISAC...

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

NCCIC, in collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre, has released a joint Activity Alert that highlights five publicly available tools...

National Cybersecurity Awareness Month: Careers in Cybersecurity

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. The month’s themes educate students and professionals about cybersecurity attack methods, best practices, and preventive measures and are geared toward informing the next generation of...

NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices

NCCIC is conducting a series of webinars on protecting enterprise network infrastructure devices. The webinar on Thursday, October 4, 2018, is the last in the series, and will be held from 1-2:30 p.m. ET. NCCIC encourages decision makers, network defenders, and procurement analysts to register fo...

Google Releases Security Update for Chrome

Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system. NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary...

Apache Releases Security Updates for Tomcat Native

The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat Native. A remote attacker could exploit these vulnerabilities to take control of an affected server. NCCIC encourages users and administrators to review the Apache Advisory and Tomcat Native Downloads...

NCCIC Webinar Series on Russian Government Cyber Activity

NCCIC will conduct a series of webinars on Russian government cyber activity against critical infrastructure as detailed in NCCIC Alert TA18-074A, which will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources that are available to...

Microsoft Releases July 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Microsoft’s July 2018 Security Update Summary and Deployment...

Apple Releases Security Update for Boot Camp

Apple has released a security update to address vulnerabilities in Wi-Fi for Boot Camp 6.4.0. An attacker could exploit these vulnerabilities to obtain access to sensitive information. NCCIC encourages users and administrators to review Apple’s security page for Wi-Fi Update for Boot Camp 6.4.0 a...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in VMware ESXi, Workstation, and Fusion. An attacker could exploit these vulnerabilities to obtain sensitive information. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0016 and apply the...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified Trojan malware variants—referred to as TYPEFRAME—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. US-CERT...

Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC encourages users and administrators to review Intel's Security...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address vulnerabilities in Thunderbird. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.8 and apply th...

Red Hat Addresses DHCP Client Vulnerability

Red Hat has released security updates to address a vulnerability in its Dynamic Host Configuration Protocol DHCP client packages for Red Hat Enterprise Linux 6 and 7. An attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to...

VMware Releases Security Update

VMware has released a security update to address a vulnerability in NSX SD-WAN Edge by VeloCloud. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0011 and apply the...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader and Photoshop CC. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-09...

First Lady’s 'Be Best' Initiative Addresses Kids' Online Safety

First Lady Melania Trump has announced her initiative to help children be their best. As part of her initiative, the First Lady released a guide to help parents and other adults discuss online safety and responsibility with children. Children taught about internet safety, appropriate online...

NCCIC FY 2017 Year in Review Now Available

The Department of Homeland Security DHS National Cybersecurity and Communications Integration Center NCCIC is pleased to present the Fiscal Year 2017 NCCIC Year in Review. This review highlights NCCIC’s critical role in protecting the Nation’s cyber and communications systems. Throughout the...

Microsoft Releases March 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Microsoft's March 2018 Security Update Summary and...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 59 an...

Google Releases Security Update for Chrome

Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessa...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Adaptive Security Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Cisco Security...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.6...

VMware Releases Security Updates for Workstation, Fusion

VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0005 and appl...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in multiple products. An attacker could exploit this vulnerability to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0004 and apply the...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply...

NCSC Releases Security Advisory

The United Kingdom's National Cyber Security Centre NCSC has released an advisory to highlight Neuron and Nautilus tools used alongside Snake—malware that provides a platform to steal sensitive data. NCSC provides enhanced cybersecurity services to protect against cybersecurity threats. US-CERT...

WordPress Releases Security Update

WordPress versions prior to 4.8.3 are affected by a vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.3. This product is provided...

IC3 Issues Alert on DDoS Attacks

The Internet Crime Complaint Center IC3 has issued an alert on distributed denial-of-service DDoS-for-hire services advertised on criminal forums and marketplaces. Using DDoS attacks to prevent legitimate users from accessing websites or information can lead to serious consequences. US-CERT...

October is National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month NCSAM. NCSAM is a collaborative effort between DHS and its public and private partners--including the National Cyber Security Alliance NCSA--to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. US-CERT will be...

Apple Releases Security Update for iOS

Apple has released iOS 11.0.1 to address vulnerabilities in previous versions of iOS. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Apple security page for iOS 11.0.1 and...

Google Releases Security Updates for Chrome

Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary...

WordPress Releases Security Update

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2. Th...

DNSSEC Key Signing Key Rollover

On October 11, 2017, the Internet Corporation for Assigned Names and Numbers ICANN will be changing the Root Zone Key Signing Key KSK used in the domain name system DNS Security Extensions DNSSEC protocol. DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Apple security pages for the following products and apply t...

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in its WebEx browser extension on Google Chrome and Mozilla Firefox. A remote attacker could exploit this vulnerability to take control of a system. US-CERT encourages users and administrators to review the Cisco Security Advisory for...

Juniper Networks Releases Multiple Security Updates

Juniper Networks has released security updates to address multiple vulnerabilities in Junos OS and ScreenOS. A remote attacker could exploit several of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the Juniper Security Advisorie...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Connect. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins APSB17-21 and...

NIST Releases New Digital Identity Guidelines

The National Institute of Standards and Technology NIST has released the Digital Identity Guidelines document suite. The four-volume suite offers technical guidelines for organizations that use digital identity services. US-CERT encourages information security practitioners in industry, governmen...

Multiple Ransomware Infections Reported

US-CERT has received multiple reports of WannaCry ransomware infections in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and apply the necessary...

IBM Releases Security Update

IBM has released a security update to address a vulnerability in IBM Domino server IMAP EXAMINE. An attacker could exploit this vulnerability to take control of an affected system. Available updates include: Domino 9.0.1 Feature Pack 8 Interim Fix 2 Domino 8.5.3 Fix Pack 6 Interim Fix 17 Users an...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in Unified Access Gateway, Horizon View, and Workstation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VMware Securit...