Alerts

Microsoft Releases July 2017 Security Updates

Original release date: July 11, 2017 Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system. US-CERT encourages users and administrators to review Microsoft’s July 2017 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


SB17-191: Vulnerability Summary for the Week of July 3, 2017

Original release date: July 10, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


FTC Releases Alert on Charity Scams

Original release date: July 06, 2017 The Federal Trade Commission (FTC) has released an alert on charity scams. Recent acts of fraud include solicitations from scammers requesting payment to claim a sweepstakes prize. Anytime someone asks you to pay to obtain a prize, it is a scam. US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information. This product is provided subject to this Notification and this …
Read More »


IRS Launches ‘Don’t Take the Bait’ Series

Original release date: July 06, 2017 As part of its Security Summit effort, the Internal Revenue Service (IRS) will be launching a new educational series called “Don’t Take the Bait” on July 11, 2017. As part of the Protect Your Clients, Protect Yourself campaign, this series provides information about phishing scams targeting tax professionals and their clients. US-CERT encourages tax payers and tax professionals to review the IRS alert and US-CERT’s advice on Avoiding Social Engineering and Phishing Attacks. This …
Read More »


Joomla! Releases Security Update

Original release date: July 05, 2017 Joomla! has released version 3.7.3 of its Content Management System (CMS) software to address several vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website. US-CERT encourages users and administrators to review the Joomla! Security Release and US-CERT’s Alert on Content Management Systems Security and Associated Risks and apply the necessary update. This product is provided subject to this Notification and this Privacy & Use policy.


SB17-184: Vulnerability Summary for the Week of June 26, 2017

Original release date: July 03, 2017 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


TA17-181A: Petya Ransomware

Original release date: July 01, 2017 Systems Affected Microsoft Windows operating systems Overview On June 27, 2017, NCCIC was notified of Petya ransomware events occurring in multiple countries and affecting multiple sectors. Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. The NCCIC Code Analysis Team produced a Malware Initial Findings Report (MIFR) to provide in-depth technical analysis of the malware. In coordination with public and private sector partners, NCCIC is also providing additional …
Read More »


Multiple Petya Ransomware Infections Reported

Original release date: June 27, 2017 US-CERT has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of …
Read More »


NIST Releases New Digital Identity Guidelines

Original release date: June 26, 2017 The National Institute of Standards and Technology (NIST) has released the Digital Identity Guidelines document suite. The four volumes included outline technical guidelines for organizations implementing digital identity services. US-CERT encourages information security practitioners in industry, government, and academic organizations to refer to the NIST blog post and SP 800-63 for more information. This product is provided subject to this Notification and this Privacy & Use policy.


IRS Warns of Summertime Scams

Original release date: June 26, 2017 The Internal Revenue Service (IRS) has released an alert warning of various types of scams targeting taxpayers this summer. The alert describes common features of these cyber crimes, including: robocalls, private debt collection, and scams that target taxpayers with limited English proficiency. Taxpayers and tax professionals are encouraged to review the IRS alert and US-CERT’s advice on Avoiding Social Engineering and Phishing Attacks.   This product is provided subject to this Notification and this …
Read More »