U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

FTC, Partners Help Small Businesses Stop Scams

The Federal Trade Commission (FTC) has launched Operation Main Street, an effort with the Better Business Bureau (BBB) and law enforcement to educate small business owners on how to stop scams targeting their businesses. Accordingly, FTC released Scams and Your Small Business, a guide for businesses detailing how to avoid, identify, and report scams.

NCCIC encourages business owners and other consumers to review the FTC article and NCCIC's Resources for Small and Midsize Businesses.

North Korean Malicious Cyber Activity

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as TYPEFRAME—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-12 and the US-CERT page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

ISC Releases Security Advisory for BIND

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit this vulnerability to obtain sensitive information.

NCCIC encourages users and administrators to review the ISC Knowledge Base Article AA-01616 and apply the necessary workarounds.

Intel Releases Security Advisory on Lazy FP State Restore Vulnerability

Intel has released recommendations to address a vulnerability—dubbed Lazy FP state restore—affecting Intel Core-based microprocessors. An attacker could exploit this vulnerability to obtain access to sensitive information.

NCCIC encourages users and administrators to review Intel's Security Advisory INTEL-SA-00145, apply the necessary mitigations, and refer to software vendors for appropriate patches, when available.

Apple Releases Security Update for Xcode

Apple has released a security update to address vulnerabilities in Xcode. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Apple’s security page for Xcode 9.4.1 and apply the necessary update.

Google Releases Security Update for Chrome

Google has released Chrome version 67.0.3396.87 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Release page and apply the necessary update.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top