U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Drupal Releases Security Updates

Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-005 and SA-CORE-2019-006 and apply the necessary updates.

Cisco Releases Security Updates

Cisco has released a security update to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates.

ICSJWG Spring Meeting April 23–25

The Industrial Control Systems Joint Working Group (ICSJWG)—a collaborative and coordinating body operating under the Critical Infrastructure Partnership Advisory Council framework—will hold the 2019 ICSJWG Spring Meeting in Kansas City, MO, April 23–25, 2019. ICSJWG facilitates information sharing to reduce the risk to the Nation’s industrial control systems.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages interested participants to visit the ICSJWG website to register for the Spring Meeting by April 17, 2019, and for additional information.

 

Multiple Vulnerabilities in Broadcom WiFi Chipset Drivers

The CERT Coordination Center (CERT/CC) has released information on multiple vulnerabilities in Broadcom Wi-Fi chipset drivers. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the CERT/CC Vulnerability Note VU#166939 for more information and refer to vendors for appropriate updates, when available.

Oracle Releases April 2019 Security Bulletin

Oracle has released its Critical Patch Update for April 2019 to address 297 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Oracle April 2019 Critical Patch Update and apply the necessary updates.

Apache Releases Security Updates for Apache Tomcat

The Apache Software Foundation has released Apache Tomcat versions 7.0.94, 8.5.40, and 9.0.19 to address a vulnerability. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apache security advisory for CVE-2019-0232 and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top