Alerts

IC3 Issues Alert on Disaster-Related Fraud

Original release date: September 20, 2017 The Internet Crime Complaint Center (IC3) has released an announcement on fraudulent cyber activity related to natural disasters. IC3 reports that scammers have recently used email and social-networking sites to solicit money from disaster victims with scams on false temporary housing and job opportunities. In addition, IC3 warns the public to be cautious of solicitations for charitable donations. US-CERT encourages consumers to review the IC3 Alert and the US-CERT Tip on Avoiding Social Engineering …
Read More »


FTC Releases Alerts on Protecting Against Identity Theft

Original release date: September 20, 2017 The Federal Trade Commission (FTC) has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major credit reporting agencies: Equifax, Transunion, and Experian. Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax.  US-CERT encourages users to refer to the FTC alerts on Equifax credit freezes and fraud alerts vs. credit freezes. …
Read More »


WordPress Releases Security Update

Original release date: September 20, 2017 WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2. This product is provided subject to this Notification and this Privacy & Use policy.


Avast’s Piriform Releases Security Update for CCleaner

Original release date: September 19, 2017 Piriform, a subsidiary of Avast, has released CCleaner 5.34 and has pushed v1.07.3214 to CCleaner Cloud users. These versions do not contain the Floxif malware found in the 32-bit versions of CCleaner 5.33.6162 and CCleaner Cloud 1.07.3191. Floxif malware collects information from the victim’s system and can download additional malware to the system. US-CERT encourages users and administrators to review the Piriform Security Notification and apply the necessary update. This product is provided subject …
Read More »


Apache Releases Security Updates for Apache Tomcat

Original release date: September 19, 2017 The Apache Foundation has released security updates to address vulnerabilities in Apache Tomcat. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected server.  US-CERT encourages users and administrators to review the Apache advisories for CVE-2017-12615 and CVE-2017-12616 for more information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


SB17-261: Vulnerability Summary for the Week of September 11, 2017

Original release date: September 18, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


Potential Phishing Scams Related to Equifax Data Breach

Original release date: September 14, 2017 The Federal Trade Commission (FTC) has released an alert on scams related to the Equifax data breach. FTC warns consumers to be wary of calls or emails purporting to be from Equifax agents. Legitimate Equifax representatives will not contact consumers to ask for verification of their information. US-CERT encourages consumers to report fraudulent calls and emails to the FTC Complaint Assistant and to refer to the FTC Alert and US-CERT Tips on Avoiding Social …
Read More »


BlueBorne Bluetooth Vulnerabilities

Original release date: September 12, 2017 US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices. US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information. This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases September 2017 Security Updates

Original release date: September 12, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft’s September 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


SB17-254: Vulnerability Summary for the Week of September 4, 2017

Original release date: September 11, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »