US-CERT Current Activity
Apple Releases Security Updates
Original release date: September 25, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


25-09-2017
Oracle Patches Apache Vulnerabilities
Original release date: September 25, 2017

Oracle has released security updates to address Apache Struts 2 vulnerabilities found across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. 

US-CERT encourages users and administrators to review the Oracle Security Alert and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


25-09-2017
Google Releases Security Updates for Chrome
Original release date: September 22, 2017

Google has released Chrome version 61.0.3163.100 for Windows, Mac, and Linux. This update addresses multiple vulnerabilities that an attacker may exploit to cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


22-09-2017
Joomla! Releases Security Update
Original release date: September 21, 2017

Joomla! has released version 3.8.0 of its Content Management System (CMS) software to address a vulnerability. A remote attacker could exploit this vulnerability to obtain access to sensitive information.

US-CERT encourages users and administrators to review the Joomla! Security Release and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


21-09-2017
Samba Releases Security Updates
Original release date: September 20, 2017

The Samba Team has released security updates to address several vulnerabilities in Samba. An attacker could exploit any of these vulnerabilities to obtain access to potentially sensitive information.

US-CERT encourages users and administrators to review the Samba Security Announcements for CVE-2017-12150, CVE-2017-12151, and CVE-2017-12163 and apply the necessary updates, or refer to their Linux or Unix-based OS vendors for appropriate patches.


This product is provided subject to this Notification and this Privacy & Use policy.


20-09-2017
Cisco Releases Security Updates
Original release date: September 20, 2017

Cisco has released updates to address vulnerabilities affecting multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


20-09-2017
IC3 Issues Alert on Disaster-Related Fraud
Original release date: September 20, 2017

The Internet Crime Complaint Center (IC3) has released an announcement on fraudulent cyber activity related to natural disasters. IC3 reports that scammers have recently used email and social-networking sites to solicit money from disaster victims with scams on false temporary housing and job opportunities. In addition, IC3 warns the public to be cautious of solicitations for charitable donations.

US-CERT encourages consumers to review the IC3 Alert and the US-CERT Tip on Avoiding Social Engineering and Phishing Attacks.


This product is provided subject to this Notification and this Privacy & Use policy.


20-09-2017
FTC Releases Alerts on Protecting Against Identity Theft
Original release date: September 20, 2017

The Federal Trade Commission (FTC) has released two alerts to educate consumers on recommended protections against identity theft after the recent data breach at Equifax. Users should consider placing security freezes with the three major credit reporting agencies: Equifax, Transunion, and Experian. Alternative security recommendations include using fraud alerts and free credit monitoring from Equifax. 

US-CERT encourages users to refer to the FTC alerts on Equifax credit freezes and fraud alerts vs. credit freezes. See the US-CERT Tip on Preventing and Responding to Identity Theft for more information.


This product is provided subject to this Notification and this Privacy & Use policy.


20-09-2017
WordPress Releases Security Update
Original release date: September 20, 2017

WordPress versions prior to 4.8.2 are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.8.2.


This product is provided subject to this Notification and this Privacy & Use policy.


20-09-2017
Apple Releases Security Updates
Original release date: September 19, 2017 | Last revised: September 20, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker may exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review the following Apple security pages and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


19-09-2017