System Alerts

Potential Hurricane Harvey Phishing Scams

Computer System and Cyber Alerts - August 28, 2017 - 19:40
Original release date: August 28, 2017

US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Harvey. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Harvey, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations commonly appear after major natural disasters.

US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

FCC Promotes Best Practices for SS7 Communications

Computer System and Cyber Alerts - August 24, 2017 - 17:27
Original release date: August 24, 2017

The Federal Communications Commission (FCC) has released a public notice encouraging communications service providers to voluntarily use security best practices recommended by the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC. These best practices help prevent exploitation of Signaling System 7 (SS7) network infrastructure, a signaling protocol that connects communication networks.

US-CERT encourages providers to review the FCC Public Notice and CSRIC's Legacy Systems Risk Reductions Report for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

DNSSEC Key Signing Key Rollover

Computer System and Cyber Alerts - August 21, 2017 - 16:38
Original release date: August 21, 2017

On October 11, 2017, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the domain name system (DNS) Security Extensions (DNSSEC) protocol. 

DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the rollover.

US-CERT encourages administrators to update their DNSSEC KSK before October 11, 2017. See the NIST/NTIA Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

Mozilla Releases Security Update

Computer System and Cyber Alerts - August 21, 2017 - 12:32
Original release date: August 21, 2017

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.3 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

Drupal Releases Security Updates

Computer System and Cyber Alerts - August 17, 2017 - 00:08
Original release date: August 16, 2017

Drupal has released an advisory to address several vulnerabilities in Drupal 8.x. A remote attacker could exploit one of these vulnerabilities to obtain or modify sensitive information.

US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 8.3.7.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

Cisco Releases Security Updates

Computer System and Cyber Alerts - August 16, 2017 - 23:36
Original release date: August 16, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

  • Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability cisco-sa-20170816-apic1
  • Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability cisco-sa-20170816-apic2
  • Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability cisco-sa-20170816-em

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

Symantec Releases Security Update

Computer System and Cyber Alerts - August 11, 2017 - 13:40
Original release date: August 11, 2017

Symantec has released an update to address vulnerabilities in the Symantec Messaging Gateway. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Symantec Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

Juniper Networks Releases Junos OS Security Advisory

Computer System and Cyber Alerts - August 10, 2017 - 04:08
Original release date: August 09, 2017 | Last revised: August 10, 2017

Juniper Networks has released a security advisory that addresses a vulnerability in Junos OS. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Juniper Security Advisory and apply necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

FTC Releases Alert on Government Grant Scams

Computer System and Cyber Alerts - August 9, 2017 - 01:30
Original release date: August 08, 2017

The Federal Trade Commission (FTC) has released an alert on government grant scams. In these schemes, scammers pose as government officials to get consumers to send them money. Anytime someone asks you to pay money to get money, stop and think twice.

US-CERT encourages consumers to refer to the FTC Alert and the US-CERT Tip on Real-World Warnings Keep You Safe Online for more information.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

Microsoft Releases August 2017 Security Updates

Computer System and Cyber Alerts - August 8, 2017 - 22:31
Original release date: August 08, 2017

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft's August 2017 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: System Alerts

January 1, 1970 - 01:00
Syndicate content