US-CERT Current Activity
VMware Releases Security Updates
Original release date: February 15, 2019

VMware has released security updates to address a vulnerability affecting multiple VMware products. An attacker could exploit this vulnerability to take control of an affected system.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2019-0001 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


15-02-2019
Mozilla Releases Security Update for Thunderbird
Original release date: February 14, 2019

Mozilla has released a security update to address vulnerabilities in Thunderbird. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 60.5.1 and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


14-02-2019
Mozilla Releases Security Updates for Firefox
Original release date: February 12, 2019

Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Mozilla Security Advisories for Firefox 65.0.1 and Firefox ESR 60.5.1 and apply the necessary updates. 


This product is provided subject to this Notification and this Privacy & Use policy.


12-02-2019
Microsoft Releases February 2019 Security Updates
Original release date: February 12, 2019

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Microsoft's February 2019 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


12-02-2019
Internet Romance Scams
Original release date: February 12, 2019

The Federal Trade Commission (FTC) has released an article addressing a rise in reports of internet romance scams. In this type of fraud, cyber criminals gain the confidence of their victims and trick them into sending money. Use caution when online dating, and never send money or gifts to someone you have not met in person.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users to review FTC’s article on Romance Scams and NCCIC’s tip on Staying Safe on Social Networking Sites. If you think you have been a target of a romance scam, file a report with


This product is provided subject to this Notification and this Privacy & Use policy.


12-02-2019
Cisco Releases Security Update
Original release date: February 12, 2019

Cisco has released a security update to address a vulnerability in Network Assurance Engine. An attacker could exploit this vulnerability to obtain sensitive information.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Cisco Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


12-02-2019
Adobe Releases Security Updates
Original release date: February 12, 2019

Adobe has released security updates to address vulnerabilities affecting Adobe Flash Player, Acrobat and Reader, ColdFusion, and Creative Cloud Desktop Application. An attacker could exploit some of these vulnerabilities to take control of an affected system.

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review Adobe Security Bulletins, APSB19-06, APSB19-07, APSB19-10, and APSB19-11, and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


12-02-2019
New Session Added: CISA Awareness Briefing on Chinese Malicious Cyber Activity
Original release date: February 12, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) has added an additional session to the virtual awareness briefing on Chinese malicious cyber activity targeting managed service providers. The briefing will be held on Thursday, February 14, 2019, from 1-2 p.m. ET. The briefing will provide a background on the identified cyber activity and mitigation techniques. Click here to register.


This product is provided subject to this Notification and this Privacy & Use policy.


12-02-2019
runc Open-Source Container Vulnerability
Original release date: February 11, 2019 | Last revised: February 12, 2019

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a vulnerability affecting several open-source container management systems that leverage runc.

NCCIC encourages users and administrators to review the runc security advisory, and the RedHat and Amazon Web Services blogs; and refer to OS and application vendors for mitigations and updates as they become available.


This product is provided subject to this Notification and this Privacy & Use policy.


11-02-2019
Apple Releases Multiple Security Updates
Original release date: February 07, 2019

Apple has released security updates to address vulnerabilities in multiple products, including the recently discovered FaceTime vulnerability. An attacker could exploit some of these vulnerabilities to take control of an affected system.  

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


07-02-2019