US-CERT | United States Computer Emergency Readiness Team

The National Cybersecurity and Communications Integration Center (NCCIC) is the Nation’s flagship cyber defense, incident response, and operational integration center. Our mission is to reduce the Nation’s risk of systemic cybersecurity and communications challenges.

Contact Us

(888) 282-0870

Send us email

Download PGP/GPG keys

Incidents, Indicators, Phishing, Malware, or Vulnerabilities

Current Activity

View Current Activity Feed

Drupal Releases Security Updates

Published Wednesday, January 16, 2019

Drupal has released security updates addressing vulnerabilities in Drupal 7.x, 8.5.x, and 8.6.x. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-001 and SA-CORE-2019-002 and apply the necessary updates.

Read Full Entry »

Oracle Releases January 2019 Security Bulletin

Published Tuesday, January 15, 2019

Oracle has released its Critical Patch Update for January 2019 to address 284 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Oracle January 2019 Critical Patch Update and apply the necessary updates.

Read Full Entry »

DNS Infrastructure Hijacking Campaign

Published Thursday, January 10, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.

Read Full Entry »

Announcements

Chinese Malicious Cyber Activity
On December 20, 2018, the U.S. Government announced that a group of Chinese cyber actors associated with the Chinese government have carried out a campaign of cyber-enabled theft targeting global information technology (IT) service providers and their customers. Over the past four years, these actors have gained access to multiple U.S. and global IT service providers and their customers. For more information related to this activity, go to https://www.us-cert.gov/china.
SamSam Ransomware
On December 3, 2018, the Department of Homeland Security and the Federal Bureau of Investigation released a joint Activity Alert on cyber threat actors using SamSam ransomware—also known as MSIL/SAMAS.A—to target industries in the United States and worldwide. For more information, visit https://www.us-cert.gov/ncas/alerts/AA18-337A.
3ve – Fraudulent Online Advertising
On November 27, 2018, the Department of Homeland Security and the Federal Bureau of Investigation identified a major online ad fraud operation—referred to by the U.S. Government as "3ve." For more information on 3ve, visit https://www.us-cert.gov/ncas/alerts/TA18-331A.