The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
NCCIC will conduct a series of webinars on Russian government cyber activity against critical infrastructure (as detailed in NCCIC Alert TA18-074A), which will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources that are available to help protect critical assets.
The same webinar will be held from 1-2:30 p.m. ET on the dates listed below:
- Monday, July 23
- Wednesday, July 25
- Monday, July 30
- Wednesday, August 1
NCCIC encourages users and administrators to attend one of the webinar sessions by visiting https://share.dhs.gov/nccicbriefings or dialing 1-888-221-6227. Attendees may access the webinar as a guest on the day of each event; a registered account is not required for attendees to join.
Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates.
Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Oracle July 2018 Critical Patch Update and apply the necessary updates.
The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any stranger offering to fix problems.
NCCIC encourages users and administrators to refer to the FTC Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint at www.FTC.gov/complaint.
The Internet Crime Complaint Center (IC3) has released an alert on business email compromise scams. This type of scam targets businesses and individuals by using social engineering or computer intrusion to compromise legitimate email accounts and conduct unauthorized fund transfers or obtain personally identifiable information.
Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates.