U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

November is National Critical Infrastructure Security and Resilience Month

November is National Critical Infrastructure Security and Resilience Month. Critical Infrastructure (CI) is our Nation’s backbone; it is the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.

Everyone is involved in the mission to protect CI. Users and administrators can help by using cybersecurity best practices, reporting cybersecurity incidents and phishing attempts, and submitting malware for review. Keeping your systems secured can help NCCIC identify cyber threats and inform the CI community.

Mozilla Releases Security Update for Thunderbird ESR

Mozilla has released a security update to address vulnerabilities in Thunderbird ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Mozilla Security Advisory for Thunderbird ESR 60.3 and apply the necessary update.

Apache Releases Security Update for Apache Tomcat JK Connectors

The Apache Software Foundation has released a security update to address a vulnerability affecting Apache Tomcat JK Connectors 1.2.0 to 1.2.44. A remote attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC encourages users and administrators to review the Apache security advisory for CVE-2018-11759 and apply the necessary update or mitigation.

Apple Releases Multiple Security Updates

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:

National Cybersecurity Awareness Month: Staying Secure

National Cybersecurity Awareness Month is over, but your work securing your home and business systems and networks is not.

NCCIC recommends users and administrators subscribe to NCCIC National Cyber Awareness System product notifications to keep on top of cybersecurity threats as they emerge.

FTC Releases Alert with Cybersecurity Resources for Non-Profits and Small Businesses

The Federal Trade Commission (FTC) has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information.

NCCIC encourages non-profits and small businesses to review FTC's Cybersecurity Resources for Non-Profits article, FTC's Cybersecurity for Small Business web page, and NCCIC's Resources for Small and Midsize Businesses web page for more information.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top