FTC Releases Alert on Tax Identity Theft

The Federal Trade Commission FTC and the Internal Revenue Service IRS are offering consumers a new way to report tax-related identity theft to the IRS online. Tax-related identity theft happens when someone steals your Social Security number to file a tax return and claims your refund. To report...

NCCIC FY 2017 Year in Review Now Available

The Department of Homeland Security DHS National Cybersecurity and Communications Integration Center NCCIC is pleased to present the Fiscal Year 2017 NCCIC Year in Review. This review highlights NCCIC’s critical role in protecting the Nation’s cyber and communications systems. Throughout the...

Easter Holiday Phishing Scams and Malware Campaigns

As the Easter holiday approaches, NCCIC/US-CERT reminds users to be aware of potential holiday scams and cyber campaigns, which may include emails and ecards from unknown senders that may contain malicious links, fake advertisements or shipping notifications with attachments infected with malware...

Tax Guidance as Deadline Approaches

As this year's April 17 tax deadline approaches, NCCIC/US-CERT offers taxpayers guidance to help protect their personal, financial, and tax information. Hackers can take advantage of taxpayers by using social engineering scams to attempt to steal personally identifiable information. NCCIC...

Microsoft Release Patch for Windows 7 and Windows Server 2008 R2 Systems

Microsoft has released security updates to address a vulnerability in Windows 7 x64 and Windows Server 2008 R2 x64 systems. Exploitation of this vulnerability may allow an attacker to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Vulnerability Not...

Apache Software Foundation Releases Security Update

The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Apache Security Bulletin and make the...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply...

IC3 Issues Alert on Tech Support Fraud

The Internet Crime Complaint Center IC3 has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending...

Cisco Releases Security Updates

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

Drupal Releases Critical Security Updates

Drupal has released critical updates addressing a vulnerability in Drupal 8, 7, and 6. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified Trojan malware variants—referred to as SHARPKNOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA...

Creating and Managing Strong Passwords

NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping...

OpenSSL Releases Security Updates

OpenSSL has released security updates to address a vulnerability in previous versions of 1.1.0 and 1.0.2. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply the...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 59.0.2 and Firefo...

Citrix Releases Security Updates

Citrix has released security updates to address vulnerabilities in its XenServer. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Citrix Security Bulletin CTX232655 and apply the...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in VMware Workstation and Fusion. A remote attacker could exploit these vulnerabilities to cause a denial-of service condition. NCCIC/US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0008 a...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Connect, and Dreamweaver. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-0...

Microsoft Releases March 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Microsoft's March 2018 Security Update Summary and...

Samba Releases Security Updates

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2018-1050 an...

Mozilla Releases Security Updates for Firefox

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 59 an...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and...

Google Releases Security Update for Chrome

Google has released Chrome version 65.0.3325.146 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessa...

Red Hat Releases Security Guidance for Memcached

Red Hat has released security recommendations to address potential Distributed Denial of Service attacks using Memcached. This misconfiguration could allow an attacker to exploit Memcached services as a reflection and amplification vector, causing unexpected volumes of traffic to be sent to...

National Consumer Protection Week

March 4–10 is National Consumer Protection Week NCPW, an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission FTC and its partners highlight free resources to help protect consumers. NCCIC/US-CERT...

ISC Releases Security Advisories for DHCP, BIND

The Internet Systems Consortium ISC has released updates or workarounds that address vulnerabilities in versions of ISC Dynamic Host Configuration Protocol DHCP and Berkeley Internet Name Domain BIND. A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition...

ICSJWG Call for Abstracts

The Industrial Control Systems Joint Working Group ICSJWG—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council CIPAC framework—has issued a call for abstracts to be presented at the ICSJWG Spring Meeting in Albuquerque, New Mexico, April...

FTC Releases Article on Choosing VPN Apps for Mobile Phones

The Federal Trade Commission FTC has issued guidance to consumers considering using a Virtual Private Network VPN for their mobile phones. Some mobile phone users choose to use VPNs to shield the information on their phones when using public Wi-Fi networks. NCCIC/US-CERT encourages consumers to...

IC3 Issues Alert on Increase in W-2 Phishing Campaigns

The Internet Crime Complaint Center IC3 has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom. NCCIC/US-CERT encourages...

Drupal Releases Security Updates

Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information. NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and...

North Korean Malicious Cyber Activity

The Department of Homeland Security DHS and the Federal Bureau of Investigation FBI have identified Trojan malware variants—referred to as HARDRAIN and BADCALL—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBR...

Microsoft Releases February 2018 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Microsoft's February 2018 Security Update Summary and...

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Experience Manager, Acrobat, and Reader. A remote attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-...

Cisco Releases Security Updates for Multiple Products

Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address vulnerabilities in Flash Player. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Adobe Security Bulletin APSB18-03 and apply the necessary...

Cisco Releases Security Updates

Cisco has released an updated advisory and security updates to address a vulnerability affecting its Adaptive Security Appliance software. A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Cisco's...

Safer Internet Day

February 6, 2018, is Safer Internet Day SID, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's SID theme—Create, Connect and Share Respect: A better Internet starts with you—encourages everyone to play...

Pyeongchang 2018: Staying Cyber Safe during the Olympics

As the 2018 Olympic Games in Pyeongchang approach, NCCIC/US-CERT reminds travelers to be aware of cybersecurity risks. At high-profile events, cyber activists may take advantage of the large audience to spread their message. Cyber criminals may attempt to steal personally identifiable information...

IC3 Warns of Impersonation Scams

The Internet Crime Complaint Center IC3 has released an alert on impersonation scams. In these schemes, scammers send emails impersonating IC3 to trick recipients into providing personally identifiable information or downloading malicious files. Users should use caution when reviewing unsolicited...

FTC Warns of Online Dating Scams

The Federal Trade Commission FTC has released an article addressing scams targeting online daters. In this type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FTC article on Online Dating Scams and the...

Cisco Releases Security Updates

Cisco has released software updates to address a vulnerability in its IOS XR Software Release 5.3.4 for the Cisco Aggregation Services Router ASR 9000 Series. A remote attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrato...

Mozilla Releases Security Update for Firefox

Mozilla has released a security update to address a vulnerability in Firefox. Exploitation of this vulnerability may allow an attacker to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 58.0.1 and apply the...

Tax Identity Theft Awareness Week

Tax Identity Theft Awareness Week is January 29 to February 2, and many federal agencies are offering information and resources to help consumers learn to protect themselves from tax-related identity theft and Internal Revenue Service IRS imposter scams. NCCIC/US-CERT encourages consumers to revi...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Adaptive Security Appliance software. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Cisco Security...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vRealize Automation, vSphere Integrated Containers, and AirWatch Console. An attacker could exploit these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the VMwar...

Data Privacy Day

January 28 is Data Privacy Day DPD, an annual international effort to promote the importance of data privacy. DPD is sponsored in the United States by the National Cyber Security Alliance NCSA with the theme, Respecting Privacy, Safeguarding Data, and Enabling Trust. The NCSA Stay Safe Online...

Mozilla Releases Security Update for Thunderbird

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.6...

Google Releases Security Update for Chrome

Google has released Chrome version 64.0.3282.119 for Windows, Mac, and Linux. This version addresses vulnerabilities that a remote attacker could exploit to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Chrome Releases page and apply the...

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply...

Mozilla Releases Security Updates

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox E...