U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Adobe Security Bulletins and Advisories page and apply the necessary updates.

Intel Releases Security Updates, Mitigations for Multiple Products

Intel has released security updates and recommendations to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel Security Advisories and apply the necessary updates and mitigations:

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Samba Security Announcements for CVE-2019-3870 and CVE-2019-3880 and apply the necessary updates.

Apache Releases Security Update for Apache HTTP Server

The Apache Software Foundation has released Apache HTTP Server version 2.4.39 to address multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache HTTP Server 2.4 vulnerabilities page and apply the necessary update.

MS-ISAC Releases Security Primer on LockerGoga Ransomware

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid.

Ransomware can be devastating to an individual or an organization. The Cybersecurity and Infrastructure Security Agency (CISA) discourages individuals and organizations from paying the ransom, as this does not guarantee access will be restored.

CISA encourages users and administrators to review MS-ISAC’s White Paper: Security Primer – LockerGoga and associated indicators of compromise (IOCs), CISA’s Ransomware page, and the U.S. Government’s Interagency Joint Guidance for further information and to implement the following best practices:

Supply Chain Integrity Month

April is Supply Chain Integrity Month. The Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the Department of Defense (DOD) are partnering to promote the importance of supply chain security and risk management. Breaches in the supply chain provide an opportunity for malicious software or hardware to be installed on equipment. Lack of awareness or validation of the legitimacy of hardware and software presents a serious risk to users’ information and the overall integrity of a network environment.

CISA recommends users and administrators review ODNI’s guidance on Supply Chain Risk Management for more information.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top