U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server

The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security advisories for CVE-2018-8611 and CVE-2018-8626 and apply the necessary updates.

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. An attacker could exploit these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Adobe Security Bulletin APSB19-02 and apply the necessary updates.

Securing New Devices

During the holidays, internet-connected devices also known as Internet of Things (IoT) are often popular gifts—such as smart TVs, watches, toys, phones, and tablets. This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), recommends these important steps you should consider to make your Internet of Things more secure:

Use strong passwords. Passwords are a common form of authentication and are often the only barrier between you and your personal information. Some internet-enabled devices are configured with default passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Choose strong passwords to help secure your device. See Choosing and Protecting Passwords for more information.

Chinese Malicious Cyber Activity

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released information on Chinese government malicious cyber activity targeting global information technology (IT) service providers—such as managed service providers and cloud service providers—and their customers. These threat actors are actively exploiting trust relationships between IT service providers and their customers.

NCCIC, part of CISA, encourages users and administrators to review the page on Chinese Malicious Cyber Activity for more information.

Cisco Releases Security Updates

Cisco has released security updates to address a vulnerability in Adaptive Security Appliance. A remote attacker could exploit this vulnerability to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

Microsoft Releases Out-of-Band Security Updates

Microsoft has released out-of-band security updates to address a vulnerability in Internet Explorer 9, 10, and 11. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability was detected in exploits in the wild.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Microsoft Security Advisory and the CERT Coordination Center's Vulnerability Note VU#573168 and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top