Security News

A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
  1. Original release date: February 22, 2018

    The Federal Trade Commission (FTC) has issued guidance to consumers considering using a Virtual Private Network (VPN) for their mobile phones. Some mobile phone users choose to use VPNs to shield the information on their phones when using public Wi-Fi networks.

    NCCIC/US-CERT encourages consumers to review the FTC article for more information.


    This product is provided subject to this Notification and this Privacy & Use policy.


  2. Original release date: February 21, 2018

    Drupal has released an advisory to address multiple vulnerabilities in Drupal 7.x and 8.4.x. An attacker could exploit some of these vulnerabilities to obtain access to sensitive information.

    NCCIC/US-CERT encourages users and administrators to review Drupal's Security Advisory and upgrade to version 7.57 or 8.4.5.


    This product is provided subject to this Notification and this Privacy & Use policy.


  3. Original release date: February 21, 2018

    The Internet Crime Complaint Center (IC3) has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.

    NCCIC/US-CERT encourages taxpayers to review the IC3 Alert and refer to the NCCIC/US-CERT Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you have been a victim of a phishing campaign, report it to IC3 at www.ic3.gov


    This product is provided subject to this Notification and this Privacy & Use policy.


  4. Original release date: February 21, 2018

    Cisco has released several updates to address vulnerabilities affecting multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC/US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:


    This product is provided subject to this Notification and this Privacy & Use policy.


  5. Original release date: February 13, 2018

    Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

    NCCIC/US-CERT encourages users and administrators to review Microsoft's February 2018 Security Update Summary and Deployment Informationand apply the necessary updates.


    This product is provided subject to this Notification and this Privacy & Use policy.