US-CERT Current Activity
Cisco Releases Security Update
Original release date: September 21, 2018

Cisco has released a security update to address a vulnerability in Cisco Video Surveillance Manager. A remote attacker could exploit this vulnerability to take control of an affected system. 

NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary update. 


This product is provided subject to this Notification and this Privacy & Use policy.


21-09-2018
ISC Releases Security Advisory for BIND
Original release date: September 19, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a vulnerability affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). Under certain conditions, a remote attacker could exploit this vulnerability to modify records on an affected server.

NCCIC encourages users and administrators to review the ISC advisory and apply the necessary mitigations.


This product is provided subject to this Notification and this Privacy & Use policy.


19-09-2018
Adobe Releases Security Updates
Original release date: September 19, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Adobe Security Bulletin APSB-18-34 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


19-09-2018
Cisco Releases Security Updates
Original release date: September 19, 2018

Cisco has released security updates to address multiple vulnerabilities in Cisco Webex Network Recording Player. A remote attacker could exploit these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


19-09-2018
NCCIC Webinar Series on Protecting Enterprise Network Infrastructure Devices
Original release date: September 18, 2018

NCCIC will conduct a series of webinars on Protecting Enterprise Network Infrastructure Devices over the next two weeks. Each webinar will be held from 1-2:30 p.m. ET on the dates listed below:

NCCIC encourages decision makers, network defenders, and procurement analysts to register for the webinar by clicking on one of the dates listed above. The webinar will feature a discussion on identified threats, trends in the field, and insights from DHS’s binding operational directive impacting federal agencies.


This product is provided subject to this Notification and this Privacy & Use policy.


18-09-2018
Apple Releases Multiple Security Updates
Original release date: September 17, 2018

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


17-09-2018
MS-ISAC Releases Advisory on PHP Vulnerabilities
Original release date: September 14, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-101 and the PHP Downloads page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


14-09-2018
Potential Hurricane Florence Phishing Scams
Original release date: September 14, 2018

NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. Contact information for many charities is available on the BBB National Charity Report Index. User should also be wary of fraudulent social media pleas, calls, texts, donation websites, and door-to-door solicitations relating to the hurricane.

NCCIC encourages users and administrators to review the following resources for more information on phishing scams and malware campaigns:


This product is provided subject to this Notification and this Privacy & Use policy.


14-09-2018
Google Releases Security Update for Chrome
Original release date: September 11, 2018

Google has released Chrome version 69.0.3497.92 for Windows, Mac, and Linux. This version addresses vulnerabilities, one of which an attacker could exploit to take control of an affected system.

NCCIC encourages users and administrators to review the Chrome Releases page and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


11-09-2018
Microsoft Releases September 2018 Security Updates
Original release date: September 11, 2018

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft's September 2018 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


11-09-2018