U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

US Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include the following: information that refers to a tax refund, warnings about unreported or under-reported income, offers to assist in filing for a refund, or details about fake e-file websites. These messages, which appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

At this time, US-CERT is aware of public reports indicating that there is active circulation of a tax season malware campaign. This malware campaign may be using malicious code commonly known as Zeus or Zbot.

Cisco Releases Security Advisories for IOS Software

Cisco has released a bundled publication, which contains seven security advisories, to address multiple vulnerabilities in Cisco IOS Software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the security advisories listed in the Cisco IOS Software Security Advisory bundled publication (cisco-sa-20100324-bundle) and apply any necessary updates to help mitigate the risks.

Mozilla Releases Firefox 3.6.2

The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code.

US-CERT encourages users and administrators to do the following to help mitigate the risks:

Additional information regarding this vulnerability, including a workaround for users who cannot upgrade, can be found in the Vulnerability Notes Database.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top