The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about potential scams. Tax season phishing campaigns may include, but are not limited to:
- Information that refers to a tax refund,
- Warnings about unreported or under-reported income,
- Offers to assist in filing for a refund, or
- Links to counterfeit e-file websites.
These messages, which can appear to be from the IRS, may ask users to submit personal information via email, or include links to sites that request personal information or host malicious code.
To protect themselves against these types of phishing scams and malware campaigns, users and administrators are encouraged to take the following measures:
Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges.
US-CERT encourages users and administrators to review the Cisco Security Advisory and apply any necessary updates to help mitigate the risk.
Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation.
Users and administrators are encouraged to review the Google Chrome release blog entry and apply the update.