U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Evolution in Attacks Against Cisco IOS Software Platforms

Cisco has observed increasingly complex attacks that could allow an attacker to gain administrative access to a Cisco IOS device by installing a malicious ROMMON image. Successful exploitation using this image could allow an attacker to manipulate device behavior after the device is rebooted.

US-CERT encourages users and administrators to review the Cisco Security Activity Bulletin and apply recommendations to protect Cisco IOS devices.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Firefox OS

The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox, Firefox ESR, and Firefox OS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 40
  • Firefox ESR 38.2
  • Firefox OS 2.2

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Firefox OS and apply the necessary updates.

Microsoft Releases August 2015 Security Bulletin

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges and information disclosure.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-079 through MS15-092 and apply the necessary updates.

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-19 and apply the necessary updates.

Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025

US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025. Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from their environment. An attacker may decrypt these passwords and use them to gain escalated privileges.

US-CERT strongly recommends that administrators employ the PowerShell script provided in Microsoft  Knowledge Base Article 2962486 and follow the included instructions for clearing all "CPassword" preferences from their environment.

Mozilla Releases Security Updates for Firefox

The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. Exploitation of the vulnerability may allow an attacker to steal files from an affected computer.

Available updates include:

  • Firefox 39.0.3
  • Firefox ESR 38.1.1

US-CERT encourages users and administrators to review the Security Advisory for Firefox and Firefox ESR and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top