U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

OpenSSL Releases Security Update

OpenSSL version 1.1.0e has been released to address a vulnerability for users of version 1.1.0. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update.

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its UCS Director software. Exploitation of this vulnerability could allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.

FBI Releases Article on Romance Scams

The Federal Bureau of Investigation (FBI) has released an article addressing the rise of Internet romance scams. In this common type of fraud, cyber criminals target victims, gain their confidence, and trick them into sending money.

To stay safer online, review the FBI article on Romance Scams and US-CERT publication ST06-003 on staying safe on social networking sites. Please file a complaint with the FBI's Internet Crime Complaint Center if you believe you have been the victim of a romance scam.

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Digital Editions, and Campaign. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Adobe Security Bulletins APSB17-04, APSB17-05, and APSB17-06 and apply the necessary updates.

Apple Releases Security Update

Apple has released a security updates to address a vulnerability in GarageBand. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security page for GarageBand and apply the necessary update.

Enhanced Analysis of GRIZZLY STEPPE

The Department of Homeland Security (DHS) has released an Analysis Report (AR) related to malicious cyber activity designated as GRIZZLY STEPPE. This AR provides a thorough analysis of the methods threat actors use to infiltrate systems, as well as specific mitigation techniques that may be used to counter this threat.

US-CERT recommends that network administrators review the Analysis Report and the previously-released Joint Analysis Report for additional information and mitigation recommendations.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top