The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for September 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied.
US-CERT is aware of public reports of the existence of fraudulent SSL certificates issued by DigiNotar. These fraudulent SSL certificates could be used by an attacker to masquerade as legitimate sites.
Mozilla has released Firefox 3.6.22 and Firefox 6.0.2 to address this issue. Additional information can be found in the Mozilla Security Blog.
Microsoft has removed the DigiNotar root certificates from the Microsoft Certificate Trust List. This change affects all versions of Windows Vista, Windows 7, Windows XP, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2003. Additional information can be found in Microsoft Security Advisory 2607712.
In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem relevant to a high-interest subject and appear to originate from a valid sender. US-CERT reminds users to remain vigilant for potential malicious cyber activity seeking to capitalize on interest in Hurricane Irene. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Irene, even if it appears to originate from a trusted source.
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns: