Original release date: August 03, 2016

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:

• Cisco RV110W, RV130W, and RV215W Routers Static Credential Vulnerability
• Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability
• Cisco Unified Communications Manager IM and Presence Service SIP Packet Processing Denial of Service Vulnerability
• Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Unauthorized Access Vulnerability
• Cisco RV110W, RV130W, and RV215W Routers Command Shell Injection Vulnerability
• Cisco TelePresence Video Communication Server Expressway Command Injection Vulnerability
• Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 03, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

• Firefox 48
• Firefox ESR 45.3

Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 02, 2016

As the 2016 Olympic Games begin in Rio de Janeiro, US-CERT reminds travelers to be aware of cybersecurity risks. At high-profile events, hacktivists may take advantage of the large audience to spread their message. Cyber criminals may attempt to steal personally identifiable information or harvest users’ credentials for financial gain. There’s also the possibility that mobile or other communications will be monitored.

US-CERT encourages users to protect themselves against these risks, especially risks associated with portable devices such as smart phones and tablets. Following the security practices suggested in the documents listed below will help travelers stay more secure in Rio and other travel destinations:

• US-CERT Security Tip ST13-002: International Mobile Safety Tips
• US-CERT Security Tip ST05-017: Cybersecurity for Electronic Devices
• Stop.Think.Connect. Tip Card: Cybersecurity While Traveling
• Stop.Think.Connect. Tip Card: Mobile Security

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 01, 2016

The Australian Cyber Security Centre (ACSC) has published guidance to organizations on risks posed by malicious email. Systems infected through targeted email phishing campaigns act as an entry point for attackers to spread throughout an organization’s entire enterprise, steal sensitive business or personal information, or disrupt business operations.

US-CERT encourages users and administrators to review the ACSC publication on Malicious Email Mitigation Strategies and US-CERT Alert TA15-213A for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: August 01, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 29, 2016

The United States Department of Homeland Security (DHS) has released guidelines and points of contact for reporting cyber incidents to the Federal Government. This communication follows the recent release of Presidential Policy Directive 41 (PPD-41)—United States Cyber Incident Coordination—which outlines how the Federal Government will handle cyber incidents.

Users and administrators are encouraged to review these documents to learn when, what, and how to report cyber incidents to the National Cybersecurity and Communications Integration Center (NCCIC) and other entities.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 25, 2016

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 21, 2016

Google has released Chrome version 52.0.2743.82 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 20, 2016

Cisco has released a security update to address a vulnerability in its Unified Computing System (UCS) Performance Manager. Exploitation of this vulnerability could allow an authenticated remote attacker to take control of an affected system.

Users and administrators are encouraged to review the following Cisco Security Advisory and apply the necessary update:

• UCS Performance Manager versions 2.0.0 and prior

This product is provided subject to this Notification and this Privacy & Use policy.

Original release date: July 19, 2016

Oracle has released its Critical Patch Update for July 2016 to address 276 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Oracle July 2016 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.