Alerts

CERT/CC Reports WPA2 Vulnerabilities

Original release date: October 16, 2017 CERT Coordination Center (CERT/CC) has released information on Wi-Fi Protected Access II (WPA2) protocol vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. The vulnerabilities are in the WPA2 protocol, not within individual WPA2 implementations, which means that all WPA2 wireless networking may be affected. Mitigations include installing updates to affected products and hosts as they become available. US-CERT encourages users and administrators to review CERT/CC’s VU …
Read More »


Mozilla Releases Security Update

Original release date: October 11, 2017 Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.


Microsoft Releases October 2017 Security Updates

Original release date: October 10, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Microsoft’s October 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Cybersecurity in the Workplace is Everyone’s Business

Original release date: October 10, 2017 October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources including standards, guidelines, and best practices to help organizations of all sizes to strengthen cyber resilience. US-CERT encourages organizations and employees to review …
Read More »


Apple Releases Security Update for macOS High Sierra

Original release date: October 05, 2017 Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13. An attacker could exploit these vulnerabilities to obtain sensitive information. US-CERT encourages users and administrators to review the Apple security page for macOS High Sierra 10.13 and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.


Tragic Event-Related Scams

Original release date: October 03, 2017 In the wake of Sunday’s tragic event in Las Vegas, US-CERT warns users to be watchful for various malicious cyber activity targeting both victims and potential donors. Users should exercise caution when handling emails that relate to the event, even if those emails appear to originate from trusted sources. Event-related phishing emails may trick users into sharing sensitive information. Such emails could also contain links or attachments directing users to malware-infected websites. In addition, …
Read More »


National Cybersecurity Awareness Month: Simple Steps to Online Safety

Original release date: October 03, 2017 October is National Cybersecurity Awareness Month (NCSAM), an annual campaign to raise awareness about cybersecurity. The National Cyber Security Alliance (NCSA) has published general tips to help you increase your cybersecurity awareness—including whom to contact if you are the victim of cyber crime—and protect your online activities. US-CERT encourages users and administrators to review NCSA’s guidance for online safety basics and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for additional information. This …
Read More »


Dnsmasq Contains Multiple Vulnerabilities

Original release date: October 03, 2017 Dnsmasq versions 2.77 and prior contain multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review VUL Note VU#973527 for more information and update to dnsmasq version 2.78. This product is provided subject to this Notification and this Privacy & Use policy.


SB17-275: Vulnerability Summary for the Week of September 25, 2017

Original release date: October 02, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


October is National Cybersecurity Awareness Month

Original release date: October 01, 2017 October is National Cybersecurity Awareness Month (NCSAM). NSCAM is a collaborative effort between DHS and its public and private partners-including the National Cyber Security Alliance (NCSA)-to raise awareness about the vital role cybersecurity plays in the lives of U.S. citizens. US-CERT will be participating in NCSAM through weekly posts in the Current Activity section of the US-CERT website. Over the course of the month, these will touch on basic online safety, cybersecurity at work, …
Read More »