US-CERT | United States Computer Emergency Readiness Team

Published Friday, September 15, 2017

VMware has released security updates to address vulnerabilities in ESXi, vCenter Server, Fusion, and Workstation. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2017-0015 and apply the necessary updates.

Read Full Entry »

Potential Phishing Scams Related to Equifax Data Breach

Published Thursday, September 14, 2017

The Federal Trade Commission (FTC) has released an alert on phishing attacks related to the Equifax data breach. Phishing attacks try to trick message recipients into sharing sensitive information with cyber criminals. FTC warns consumers to be wary of calls or emails purporting to be from Equifax agents. Legitimate Equifax representatives will not contact consumers to ask for verification of their information.

Read Full Entry »

BlueBorne Bluetooth Vulnerabilities

Published Tuesday, September 12, 2017

US-CERT is aware of a collection of Bluetooth vulnerabilities, known as BlueBorne, potentially affecting millions of unpatched mobile phones, computers, and Internet of Things (IoT) devices. A remote attacker could exploit several of these vulnerabilities to take control of affected devices.

US-CERT recommends that users and administrators read Vulnerability Note VU#240311 for more information.

Read Full Entry »

Announcements

Automated Indicator Sharing (AIS)
Learn how your organization can use the DHS AIS capability to automatically share cyber threat indicators and defensive measures via STIX and TAXII.
Federal Incident Notification Guidelines
As of April 1, 2017, all federal Executive Branch civilian agencies are required to use the revised Federal Incident Notification Guidelines. Major changes include an updated reporting requirement to include potentially impactful incidents, a new system for assessing impact and severity and the incorporation of guidance for reporting major incidents in accordance with OMB memoranda.
National Cyber Incident Response Plan (NCIRP) Refresh Draft
DHS is currently soliciting public feedback for the NCIRP refresh. National engagement provides an opportunity for interested parties to comment on the draft of the refreshed NCIRP, so that it reflects the collective expertise and experience of the whole community in response to cyber incidents.