US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 1 hour 13 min ago

WordPress Releases Security Update

Thu, 04/23/2015 - 04:47
Original release date: April 23, 2015

WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability.

US-CERT recommends users and administrators review the WordPress Security Release and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

Tue, 04/21/2015 - 23:33
Original release date: April 21, 2015

The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking collectives may exploit publicly available information identifying officers or officials, their employers, and their families. These target groups should protect their online presence and exposure.

Users are encouraged to review the IC3 Alert for details and refer to US-CERT Tip ST06-003 for information on staying safe on social network sites.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Update for Firefox

Tue, 04/21/2015 - 19:18
Original release date: April 21, 2015

The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Oracle Releases April 2015 Security Advisory

Wed, 04/15/2015 - 22:29
Original release date: April 15, 2015 | Last revised: April 16, 2015

Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Oracle April 2015 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Update for Chrome

Wed, 04/15/2015 - 22:10
Original release date: April 15, 2015

Google has released Chrome 42.0.2311.90 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex

Wed, 04/15/2015 - 07:24
Original release date: April 15, 2015

Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack.

Users and administrators are encouraged to review Adobe Security Bulletins APSB15-06, APSB15-07, and APSB15-08 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases April 2015 Security Bulletin

Tue, 04/14/2015 - 15:32
Original release date: April 14, 2015

Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-032 - MS15-042 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

WP Super Cache Cross-Site Scripting (XSS) Vulnerability

Thu, 04/09/2015 - 19:59
Original release date: April 09, 2015

WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system.

Users and administrators are encouraged to review the WP Super Cache Changelog for more information and update to version 1.4.4 if affected.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV

Wed, 04/08/2015 - 19:52
Original release date: April 08, 2015

Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system.

Available updates include:

  • OS X Yosemite v10.10.3 and Security Update 2015-004 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 to v10.10.2
  • iOS 8.3 for iPhones 4s and later, iPod touch 5th generation and later, and iPad 2 and later
  • Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Apple TV 7.2 for Apple TV 3rd generation and later

US-CERT encourages users and administrators to review Apple security updates HT204659, HT204661, HT204658, and HT204662, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Wed, 04/08/2015 - 19:47
Original release date: April 08, 2015

The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition.

Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and update to NTP 4.2.8p2 if necessary.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

IC3 Issues Alert for Fake Government Websites

Wed, 04/08/2015 - 01:21
Original release date: April 07, 2015

The Internet Crime Complaint Center (IC3) has released an alert that warns consumers of fraudulent government-services websites that mimic legitimate ones.  Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information (PII) and collect fees for services that are never delivered.

US-CERT encourages users to review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

IC3 Releases Alert on Web Site Defacements

Wed, 04/08/2015 - 01:18
Original release date: April 07, 2015

The Internet Crime Complaint Center (IC3) has issued an alert addressing recently perpetrated Web site defacements. The defacements advertise themselves as associated with the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS). However, FBI assesses that the perpetrators are not actually associated with this group. The perpetrators exploit WordPress content management system (CMS) vulnerabilities, leading to disruptive and costly effects.

Users and administrators are encouraged to review the IC3 Alert for details and refer to the US-CERT Alert TA13-024A for information on CMS security.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Update for Firefox

Mon, 04/06/2015 - 23:55
Original release date: April 06, 2015

The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks.

Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Update for Chrome

Wed, 04/01/2015 - 20:30
Original release date: April 01, 2015

Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Tue, 03/31/2015 - 19:05
Original release date: March 31, 2015

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 37
  • Firefox ESR 31.6
  • Thunderbird 31.6

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas