Posts in Category: Security Alerts

DISCLAIMER: Most of the posts in this category will be taken from third party sites, especially from US-CERT, Department of Homeland Security, IC3, etc. Links to the sources will be provided.

Apple Releases Security Update for MacOS High Sierra (urgent!)

National Cyber Awareness System:

Apple Releases Security Update for macOS High Sierra

11/29/2017 12:10 PM EST

Original release date: November 29, 2017

Apple has released a supplemental security update to address a vulnerability in macOS High Sierra 10.13.1. An attacker could exploit this vulnerability to take control of an affected system.

US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU#113765 and the Apple security page for macOS High Sierra 10.13.1, and apply the necessary update.

Apple releases multiple security updates

National Cyber Awareness System:

Apple Releases Multiple Security Updates

10/31/2017 04:26 PM EDT

Original release date: October 31, 2017

Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

Cloud for Windows 7.1

iOS 11.1

iTunes 12.7.1 for Windows

macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan

Safari 11.1

tvOS 11.1

watchOS 4.1

Multiple Ransomware Infections Reported

National Cyber Awareness System:

Multiple Ransomware Infections Reported

10/24/2017 01:16 PM EDT

Original release date: October 24, 2017

US-CERT has received multiple reports of Bad Rabbit ransomware infections in many countries around the world. This suspected variant of Petya ransomware is malicious software that infects a computer and restricts user access to the infected machine until a ransom is paid to unlock it. US-CERT discourages individuals and organizations from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.

US-CERT encourages users and administrators to review US-CERT Alerts TA16-181A and TA17-132A that describe recent ransomware events. Please report ransomware incidents to the Internet Crime Complaint Center (IC3). US-CERT will provide updated information as it becomes available.

Advanced Persistent Threat Activity

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:

TA17-293A: Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

10/20/2017 06:50 PM EDT

Original release date: October 20, 2017

Systems Affected

  • Domain Controllers
  • File Servers
  • Email Servers

Mozilla Releases Security Update

Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird and apply the necessary update.

Source: https://www.us-cert.gov/ncas/current-activity/2017/10/11/Mozilla-Releases-Security-Update