US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 23 min 16 sec ago

Google Releases Security Update for Chrome

Tue, 05/19/2015 - 22:28
Original release date: May 19, 2015

Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco Releases Security Advisories for TelePresence Products

Thu, 05/14/2015 - 19:09
Original release date: May 14, 2015

Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service condition.

Users and administrators are encouraged to review Cisco Advisories cisco-sa-20150513-tc and cisco-sa-20150513-tp and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Tue, 05/12/2015 - 22:05
Original release date: May 12, 2015

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive information.

Available updates include:

  • Firefox 38
  • Firefox ESR 31.7
  • Thunderbird 31.7

US-CERT encourages users and administrators to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player, Reader, and Acrobat

Tue, 05/12/2015 - 20:38
Original release date: May 12, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Reader, and Acrobat. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB15-09 and APSB15-10 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases May 2015 Security Bulletin

Tue, 05/12/2015 - 15:25
Original release date: May 12, 2015

Microsoft has released 13 updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-043 - MS15-055 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco UCS Central Software Vulnerability

Fri, 05/08/2015 - 06:03
Original release date: May 08, 2015

Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

WordPress Security and Maintenance Release

Thu, 05/07/2015 - 04:25
Original release date: May 07, 2015

WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.2.2.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Updates for Safari

Thu, 05/07/2015 - 04:23
Original release date: May 07, 2015

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system.

Available updates include:

  • Safari 8.0.6 for OS X Yosemite v10.10.3
  • Safari 7.1.6 for OS X Mavericks v10.9.5
  • Safari 6.2.6 for OS X Mountain Lion v10.8.5

US-CERT encourages users and administrators to review Apple security update HT204826 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Nepal Earthquake Disaster Email Scams

Thu, 04/30/2015 - 11:01
Original release date: April 30, 2015

US-CERT warns users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

  • Do not follow unsolicited web links or attachments in email messages.
  • Maintain up-to-date antivirus software.
  • Review the Federal Trade Commission's Charity Checklist.
  • Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
  • Refer to the Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Update for Chrome

Wed, 04/29/2015 - 22:28
Original release date: April 29, 2015

Google has released Chrome version 42.0.2311.135 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

WordPress Releases Security Update

Mon, 04/27/2015 - 21:03
Original release date: April 27, 2015

WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website.

Users and administrators are encouraged to review the WordPress Security Release and upgrade to WordPress 4.2.1.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas