U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Comodo Chromodo Browsers Vulnerable to Cross-Domain Attacks

Some Comodo Chromodo browser versions (45.8.12.392, 45.8.12.391, and possibly earlier) are vulnerable to cross-domain attacks. When a user of a vulnerable Chromodo browser visits a specially crafted web page, an attacker may obtain access to web content from another domain.

US-CERT recommends users and administrators review Vulnerability Note VU#305096 for additional information and mitigation details.

WordPress Releases Security Update

WordPress 4.4.1 and prior versions contain two security vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to obtain sensitive information.

Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.4.2.

FTC Announces Enhancements to IdentityTheft.gov

The Federal Trade Commission (FTC) has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the FTC's consumer complaint system. Resources are also available for those who want to avoid becoming victims of identity theft.

Consumers are encouraged to visit FTC's IdentityTheft.gov site and review US-CERT's tip on Preventing and Responding to Identity Theft for more information.

OpenSSL Releases Security Advisory

OpenSSL versions 1.0.2f and 1.0.1r have been released to address vulnerabilities in prior versions. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information.

US-CERT encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update. For more information, please see Vulnerability Note VU#257823.

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Users and administrators are encouraged to review the Cisco Security Advisory and US-CERT's tip on Securing Your Home Network and apply the necessary update.

Mozilla Releases Security Updates

Mozilla has released security updates to address multiple vulnerabilities in Firefox. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 44
  • Firefox ESR 38.6

US-CERT encourages users and administrators to review Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top