The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Safer Internet Day

February 11, 2020, is Safer Internet Day, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year's theme—Together for a better internet—encourages everyone to play their part in creating a safer, more secure internet.
 
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to view the Safer Internet Day website and the following tips:

ACSC Releases Advisory on Mailto Ransomware Incidents

The Australian Cyber Security Centre (ACSC) has released an advisory on Mailto ransomware incidents. The ACSC has limited information regarding the initial intrusion vector for Mailto, also known as Kazakavkovkiz, but evidence suggests that Mailto actors may have used phishing and password spray attacks to comprise user accounts. The ACSC provides recommendations for users to detect and mitigate these types of attacks and assist with limiting their spread within networks.

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories webpage.

Google Releases Security Updates for Chrome

Google has released Chrome 80 (version 80.0.3987.87) for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release and apply the necessary updates.

IRS Launches “Identity Theft Central” Webpage

The Internal Revenue Service (IRS) has launched its “Identity Theft Central” webpage to provide 24/7 access to online information regarding tax-related identity theft and data security protection. Tax-related identity theft occurs when someone steals personal information to commit tax fraud.

OpenSMTPD Vulnerability

The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting OpenSMTPD. An attacker could exploit this vulnerability to take control of an affected system. OpenSMTPD is an open-source server-side implementation of the Simple Mail Transfer Protocol (SMTP) that is part of the OpenBSD Project.

This product is provided subject to this Notification and this Privacy & Use policy.