The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Google has released Google Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 26.0.1410.43.
US-CERT has received reports of apparently DHS-themed ransomware occurring in the wild. Users who are being targeted by the ransomware receive an email message claiming that use of their computer has been suspended and that the user must pay a fine to unblock it. The ransomware falsely claims to be from the U.S. Department of Homeland Security and the National Cyber Security Division.
Users who are infected with the malware should consult with a reputable security expert to assist in removing the malware, or perform a clean reinstallation of their OS after formatting their computer's hard drive.
US-CERT and DHS encourage users and administrators to use caution when encountering these types of email messages and take the following preventive measures to protect themselves from phishing scams and malware campaigns that attempt to frighten and deceive a recipient for the purpose of illegal gain.
Apple has released iOS 6.1.3 for the iPhone 3GS or later, iPod touch 4th generation or later, and iPad 2 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges, bypass security features or execute arbitrary code.
US-CERT encourages users and administrators to review Apple Support Article HT5704 and follow best practice security policies to determine which updates should be applied.