The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected appliance.
US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.
The Financial Services Information Sharing and Analysis Center (FS-ISAC) and federal law enforcement agencies have released a joint alert warning companies of a sophisticated wire payment scam referred to as business email compromise (BEC). Scammers use fraudulent information to trick companies into directing financial transactions into accounts scammers control.
The Internet Crime Complaint Center (IC3) has issued an alert warning that U.S. individuals and businesses are still at risk of CryptoWall ransomware fraud. Scam operators use ransomware—a type of malicious software—to infect a device and restrict access until a ransom fee is paid. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee files will be released.