4188 matches found
Internet Information Services (IIS) 6.0 Vulnerability
US-CERT is aware of active exploitation of a vulnerability in Windows Server 2003 Operating System Internet Information Services IIS 6.0. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. On June 15, 2015, Microsoft ended support for Windows...
Google Releases Security Updates for Chrome
Google has released Chrome version 57.0.2987.133 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in ESXi, Workstation, and Fusion. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review VMware Security Advisory...
Apple Releases Multiple Security Updates
Apple has released security updates for several products to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the following Apple Support Articles...
Apple Releases Security Update for iTunes
Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review information on iTunes 12.6 and apply the...
Aviation Phishing Scams
US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information. US-CERT encourages users and administrators to review an airlin...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition. Users and administrators are encouraged to...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has has released version ntp-4.2.8p10 to address multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. Exploitation of one of these vulnerabilities could allow a remote attacker to cause a denial of service condition. Users and administrators are encouraged to review the following Cisco Security Advisori...
Microsoft Ending Support for Windows Vista
All software products have a lifecycle. After April 11, 2017, Microsoft is ending support for the Windows Vista operating system. After this date, this product will no longer receive: Security updates, Non-security hotfixes, Free or paid assisted support options, or Online technical content updat...
Mozilla Releases Security Updates
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox and Firefox...
IRS Warns of Last-Minute Tax Scams
The Internal Revenue Service IRS has released an alert warning of phishing email scams targeting last-minute tax filers. The alert describes common features of these cyber crimes and includes recommendations to protect against them: strengthen passwords, recognize phishing attempts, and forward...
Microsoft SMBv1 Vulnerability
Microsoft has released a security update to address a vulnerability in implementations of Server Message Block 1.0 SMBv1. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Securit...
Cisco Releases Security Updates
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary...
Drupal Releases Security Update
Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and apply th...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Shockwave Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin...
Microsoft Releases March 2017 Security Bulletin
Microsoft has released 18 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS17-006 through...
VMware Releases Security Updates
VMware has released security updates to address a vulnerability in Workstation and Fusion. A remote attacker could exploit this vulnerability and take control of an affected system. Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0005 and apply the necessary...
IRS Releases Tax-Time Guide
The Internal Revenue Service IRS has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses. Users and...
Google Releases Security Update for Chrome
Google has released Chrome version 57.0.2987.98 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page and apply th...
Apache Software Foundation Releases Security Updates
The Apache Software Foundation has released security updates to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the Apache Security Bulletin and upgrade to Struts 2.3.3...
National Consumer Protection Week
March 5–11 is National Consumer Protection Week NCPW, an event to encourage people and businesses to learn more about avoiding scams and understanding consumer rights. During NCPW, the Federal Trade Commission FTC and its fellow agencies highlight free resources to help protect against consumer...
Mozilla Releases Security Update
Mozilla has released a security update to address multiple vulnerabilities in Firefox. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the Mozilla Security Advisory for Firefox and apply the...
WordPress Releases Security Update
WordPress 4.7.2 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.3...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its NetFlow Generation Appliance NGA. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review the Cisco Security Advisory and apply...
Apple Releases Security Update
Apple has released a security update to address a vulnerability in Logic Pro X. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Apple security page for Logic Pro X and apply the necessary...
OpenSSL Releases Security Update
OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the...
Cisco Releases Security Update
Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary...
FBI Releases Article on Romance Scams
The Federal Bureau of Investigation FBI has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money. To stay safer online, review the FBI article on Romance Scams and...
Apple Releases Security Update
Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary...
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Securi...
Enhanced Analysis of GRIZZLY STEPPE
The Department of Homeland Security DHS has released an Analysis Report AR related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to...
ISC Releases Security Updates for BIND
The Internet Systems Consortium ISC has released updates that address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.9-P6 BIND 9 version 9.10.4-P6 BIND 9 version 9.11.0-P...
Cisco Clock Signal Component Failure Advisory
Cisco has released a hardware advisory for a clock signal component used in some of its devices, which include switches and routers. Devices that contain the faulty component could potentially fail after 18 months of use. US-CERT encourages users and administrators to review the Cisco advisory fo...
CERT/CC Reports a Microsoft SMB Vulnerability
CERT Coordination Center CERT/CC has released information on a Server Message Block SMB vulnerability affecting Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service condition. No patches are currently available, but mitigations include...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in its Prime Home platform. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory for vulnerability an...
VMware Releases Security Updates
VMware has released security updates to address vulnerabilities in Airwatch Agent, Airwatch Console, and AirWatch Inbox software. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review...
Tax Identity Theft Awareness Week
This is Tax Identity Theft Awareness Week, and many federal agencies are offering consumers information and resources on the topic. US-CERT encourages taxpayers, business owners, and tax preparers to educate themselves on tax identity theft by reading Internal Revenue Service IRS publication...
WordPress Releases Security Update
WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2. US-CERT encourages user...
Mozilla Releases Security Update
Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Mozilla Security Advisory for Thunderbi...
Google Releases Security Updates for Chrome
Google has released Chrome version 56.0.2924.76 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and apply the...
Cisco Releases Security Updates
Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply th...
Cisco Releases Security Updates
Cisco has released security updates to address a vulnerability in its WebEx browser extensions. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Cisco Security Advisory and Vulnerability...
Data Privacy Day Events
As Data Privacy Day DPD approaches, US-CERT recommends that users and businesses learn more about how to protect their privacy and personal information. DPD is celebrated every January 28 and is an international effort to promote the importance of data privacy. DPD is sponsored by the National...
Mozilla Releases Security Updates
Mozilla has released a security update to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Adviso...
Apple Releases Security Updates
Apple has released security updates to address multiple vulnerabilities in several products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security pages for the followin...
IC3 Warns of Employment Scams Targeting College Students
The Internet Crime Complaint Center IC3 has issued an alert on employment scams targeting college students. Phony job opportunities are advertised via college employment websites or students’ university emails. Unfortunately, students who take the bait suffer financial losses. US-CERT encourages...
Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for January 2017 to address 270 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle...
SMB Security Best Practices
In response to public reporting of a potential Server Message Block SMB vulnerability, US-CERT is providing known best practices related to SMB. This service is universally available for Windows systems, and legacy versions of SMB protocols could allow a remote attacker to obtain sensitive...
ISC Releases Security Updates for BIND
The Internet Systems Consortium ISC has released updates that address multiple vulnerabilities in BIND. A remote attacker could exploit any of these vulnerabilities to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.9-P5 BIND 9 version 9.10.4-P5 BIND 9 version...