US-CERT Current Activity
NCCIC Webinar Series on Russian Government Cyber Activity
Original release date: July 19, 2018

NCCIC will conduct a series of webinars on Russian government cyber activity against critical infrastructure (as detailed in NCCIC Alert TA18-074A), which will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources that are available to help protect critical assets.

The same webinar will be held from 1-2:30 p.m. ET on the dates listed below:

NCCIC encourages users and administrators to attend one of the webinar sessions by visiting https://share.dhs.gov/nccicbriefings or dialing 1-888-221-6227. Attendees may access the webinar as a guest on the day of each event; a registered account is not required for attendees to join.


This product is provided subject to this Notification and this Privacy & Use policy.


19-07-2018
Cisco Releases Security Updates
Original release date: July 18, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Cisco Security Advisories and Alerts website and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


18-07-2018
Oracle Releases July 2018 Security Bulletin
Original release date: July 17, 2018

Oracle has released its Critical Patch Update for July 2018 to address 334 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Oracle July 2018 Critical Patch Update and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


17-07-2018
FTC Issues Alert on Tech Support Scams
Original release date: July 16, 2018

The Federal Trade Commission has released an alert on tech support scams. Scammers use pop-up messages, websites, emails, and phone calls to entice users to pay for fraudulent tech support services to repair problems that don’t exist. Users should not pay or give control of their devices to any stranger offering to fix problems. 

NCCIC encourages users and administrators to refer to the FTC Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint at www.FTC.gov/complaint.


This product is provided subject to this Notification and this Privacy & Use policy.


16-07-2018
IC3 Warns of Business Email Compromise Scams
Original release date: July 13, 2018

The Internet Crime Complaint Center (IC3) has released an alert on business email compromise scams. This type of scam targets businesses and individuals by using social engineering or computer intrusion to compromise legitimate email accounts and conduct unauthorized fund transfers or obtain personally identifiable information.

NCCIC encourages businesses and individuals to refer to the IC3 Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks.


This product is provided subject to this Notification and this Privacy & Use policy.


13-07-2018
Juniper Networks Releases Security Updates
Original release date: July 12, 2018

Juniper Networks has released security updates to address vulnerabilities affecting multiple Junos OS versions. An attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the Juniper Security Advisories website and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


12-07-2018
ISC Releases Security Advisory for Kea DHCP
Original release date: July 12, 2018

The Internet Systems Consortium (ISC) has released a security advisory that addresses a memory leak vulnerability in Kea DHCP 1.4.0. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.

NCCIC encourages users and administrators to review ISC Knowledge Base Article AA-01626 and apply the necessary update or workaround.


This product is provided subject to this Notification and this Privacy & Use policy.


12-07-2018
Cisco Releases Security Updates
Original release date: July 11, 2018

Cisco has released updates to address vulnerabilities affecting Cisco products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


This product is provided subject to this Notification and this Privacy & Use policy.


11-07-2018
Microsoft Releases July 2018 Security Updates
Original release date: July 10, 2018

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review Microsoft’s July 2018 Security Update Summary and Deployment Information and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


10-07-2018
Adobe Releases Security Updates
Original release date: July 10, 2018

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader, Adobe Flash Player, Adobe Connect, and Adobe Experience Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.   

NCCIC encourages users and administrators to review Adobe Security Bulletins APSB18-21, APSB18-24, APSB18-22, and APSB18-23 and apply the necessary updates.

 


This product is provided subject to this Notification and this Privacy & Use policy.


10-07-2018