US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 1 hour 30 min ago

Breach of Patient Identification Information

Mon, 08/18/2014 - 14:43
Original release date: August 18, 2014

US-CERT is aware of a breach of sensitive patient identification information affecting approximately 4.5 million patients and customers of Community Health Systems, Inc. As part of DHS, US-CERT is working together with the FBI and the Department of Health and Human Services to assist in sharing specific vulnerabilities and mitigations with the healthcare industry to prevent additional breaches from occurring.

US-CERT recommends that individuals who suspect they may have been victimized as a result of this breach report any incidents to the FBI's Internet Crime Complaint Center. Tips and advice to stay safe online can be found at STOP. THINK. CONNECT.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

NCSC Spearphishing Security Advisory

Thu, 08/14/2014 - 18:29
Original release date: August 14, 2014

New Zealand’s National Cyber Security Centre (NCSC) has released Security Advisory NCSC-C-2014-17 which highlights a spearphishing campaign targeting government employees. The NCSC provides enhanced cybersecurity services to the New Zealand Government and private sector organizations against cybersecurity threats.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Update for Safari

Thu, 08/14/2014 - 18:27
Original release date: August 14, 2014

Apple has released security updates for Safari to address vulnerabilities which could allow an attacker to execute arbitrary code or cause an unexpected application termination.

Updates include Safari 6.1.6 and Safari 7.0.6 for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.4.

Users and administrators are encouraged to review Apple security update HT6367 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Updates for Chrome

Wed, 08/13/2014 - 15:53
Original release date: August 13, 2014

Google has released security updates to address multiple vulnerabilities in Chrome, Chrome OS and Chrome for Android. Some of these vulnerabilities could potentially allow an attacker to obtain sensitive information or cause a denial of service. 

Updates available include:

  • Chrome 36.0.1985.143 for Windows, Mac, Linux, and all Chrome OS devices
  • Chrome 36.0.1985.135 for Android 

US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player, Adobe Reader and Acrobat

Tue, 08/12/2014 - 17:55
Original release date: August 12, 2014

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB14-18 and APSB14-19, and apply the necessary updates. 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases August 2014 Security Bulletin

Tue, 08/12/2014 - 15:41
Original release date: August 12, 2014

Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass.

US-CERT encourages users and administrators to review the bulletin and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

OpenSSL Patches Nine Vulnerabilities

Thu, 08/07/2014 - 15:19
Original release date: August 07, 2014

OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are available:

  • OpenSSL 0.9.8 users should upgrade to 0.9.8zb
  • OpenSSL 1.0.0 users should upgrade to 1.0.0n
  • OpenSSL 1.0.1 users should upgrade to 1.0.1i

US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

OpenSSL Patches Nine Vulnerabilities

Thu, 08/07/2014 - 15:19
Original release date: August 07, 2014

OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or force the client to revert to a less secure Transport Layer Security (TLS) 1.0 protocol. The following updates are available:

  • OpenSSL 0.9.8 users should upgrade to 0.9.8zb
  • OpenSSL 1.0.0 users should upgrade to 1.0.0n
  • OpenSSL 1.0.1 users should upgrade to 1.0.1i

US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco EnergyWise Module Vulnerability

Wed, 08/06/2014 - 19:46
Original release date: August 06, 2014

Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected system.

Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco EnergyWise Module Vulnerability

Wed, 08/06/2014 - 19:46
Original release date: August 06, 2014

Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected system.

Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

Mon, 08/04/2014 - 19:34
Original release date: August 04, 2014

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain full privileges on an affected system.

US-CERT recommends that users and administrators review the associated Symantec Knowledge Base Article TECH223338 and CERT Vulnerability Note VU#252068 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

Mon, 08/04/2014 - 19:34
Original release date: August 04, 2014

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain full privileges on an affected system.

US-CERT recommends that users and administrators review the associated Symantec Knowledge Base Article TECH223338 and CERT Vulnerability Note VU#252068 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas