Alerts

Drupal Releases Critical Security Updates

Original release date: March 28, 2018 Drupal has released critical updates addressing a vulnerability in Drupal 8, 7, and 6.  A remote attacker could exploit this vulnerability to take control of an affected system. NCCIC/US-CERT encourages users and administrators to review Drupal’s Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


Cisco Patches Two Critical RCE Bugs in IOS XE Software

Cisco releases 22 patches as part of its semiannual Cisco IOS and IOS XE software security advisory.


Bad Microsoft Meltdown Patch Made Some Windows Systems Less Secure

Researcher finds Microsoft’s January Patch Tuesday release included a fix for the Intel Meltdown bug, however the update opened up a new vulnerability.


Creating and Managing Strong Passwords

Original release date: March 27, 2018 NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or “crack” passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information. NCCIC/US-CERT recommends users take the following actions: Use multi-factor authentication when available. Use different passwords on different systems …
Read More »


TA18-086A: Brute Force Attacks Conducted by Cyber Actors

Original release date: March 27, 2018 Systems Affected Networked systems Overview According to information derived from FBI investigations, malicious cyber actors are increasingly using a style of brute force attack known as password spraying against organizations in the United States and abroad. On February 2018, the Department of Justice in the Southern District of New York, indicted nine Iranian nationals who were associated with the Mabna Institute for computer intrusion offenses related to activity described in this report. The techniques …
Read More »


OpenSSL Releases Security Updates

Original release date: March 27, 2018 OpenSSL has released security updates to address a vulnerability in previous versions of 1.1.0 and 1.0.2. An attacker could exploit this vulnerability to cause a denial-of-service condition. NCCIC/US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.


SB18-085: Vulnerability Summary for the Week of March 19, 2018

Original release date: March 26, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »


Ransomware Attack Cripples Several Atlanta City Systems

The city of Atlanta is being extorted for $51,000 in a ransomware attack that occurred early Thursday that impacted several local government departments.


Drupal Forewarns ‘Highly Critical’ Bug to be Patched Next Week

Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.


Netflix Opens Public Bug Bounty Program with $15K Payout Cap

Netflix opens up bug bounty program to all white hat hackers and ups the ante for bugs to as much as $15,000.