U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in ESXi, Workstation, and Fusion. An attacker could exploit this vulnerability to take control of an affected system.

NCCIC encourages users and administrators to review VMware Security Advisory VMSA-2018-0026 and apply the necessary updates.

Google Releases Security Update for Chrome

Google has released Chrome version 70.0.3538.67 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.

Oracle Releases October 2018 Security Bulletin

Oracle has released its Critical Patch Update for October 2018 to address 301 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle October 2018 Critical Patch Update and apply the necessary updates.

National Cybersecurity Awareness Month: Workplace Cybersecurity

October is National Cybersecurity Awareness Month, an annual campaign to raise awareness about cybersecurity. Creating a culture of cybersecurity is critical for all organizations—large and small businesses, academic institutions, non-profits, and government agencies—and is a responsibility shared among all employees. The National Institute of Standards and Technology (NIST) has published resources, including standards, guidelines, and best practices, to help organizations of all sizes to strengthen their cyber resilience.

NCCIC encourages organizations and employees to review the following resources:

MS-ISAC Releases Advisory on PHP Vulnerabilities

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-113 and the PHP Downloads page and apply the necessary updates.

NCCIC Releases Joint Alert on Worldwide Malicious Activity Using Publicly Available Tools

NCCIC, in collaboration with the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the New Zealand National Cyber Security Centre, and the United Kingdom National Cyber Security Centre, has released a joint Activity Alert that highlights five publicly available tools frequently observed in cyber incidents worldwide. The Activity Alert provides an overview of each tool, its capabilities, and recommended best practices network defenders can use to protect their networks against these tools.

NCCIC encourages users and administrators to review the joint Activity Alert AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide for more information.

 

 

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top