Tom Potter

US-CERT Current

1. VMware Releases Security Updates

   Original release date: January 02, 2018
   

   VMware has released security updates to address vulnerabilities in vSphere Data Protection. A remote attacker could exploit these vulnerabilities to take control of an affected system.

   US-CERT encourages users and administrators to review the VMware Security Advisory VMSA-2018-0001 and apply the necessary updates.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

2. Mozilla Releases Security Update for Thunderbird

   Original release date: December 25, 2017
   

   Mozilla has released a security update to address multiple vulnerabilities in Thunderbird. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

   US-CERT encourages users and administrators to review the Mozilla Security Advisory for Thunderbird 52.5.2 and apply the necessary update.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

3. North Korean Malicious Cyber Activity

   Original release date: December 21, 2017
   

   The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified Trojan malware variants—referred to as BANKSHOT—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

   US-CERT encourages users and administrators to review Malware Analysis Report (MAR) 10135536-B and the US-CERT page on HIDDEN COBRA - North Korean Malicious Cyber Activity for more information.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

4. Google Releases Security Update for Chrome

   Original release date: December 14, 2017
   

   Google has released Chrome version 63.0.3239.108 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system.

   US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary update.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

5. Apple Releases Security Updates

   Original release date: December 13, 2017
   

   Apple has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

   US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:

   • iOS 11.2.1
   • tvOS 11.2.1
   • iCloud for Windows 7.2

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

6. Transport Layer Security (TLS) Vulnerability

   Original release date: December 13, 2017
   

   CERT Coordination Center (CERT/CC) has released information on a Transport Layer Security (TLS) vulnerability. Exploitation of this vulnerability could allow an attacker to access sensitive information.

   The TLS vulnerability is also known as Return of Bleichenbacher's Oracle Threat (ROBOT). ROBOT allows an attacker to obtain the RSA key necessary to decrypt TLS traffic under certain conditions. Mitigations include installing updates to affected products as they become available. US-CERT encourages users and administrators to review CERT/CC Vulnerability Note VU #144389.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

7. Apple Releases Security Updates

   Original release date: December 12, 2017
   

   Apple has released security updates to address vulnerabilities in AirPort Base Station. An attacker could exploit some of these vulnerabilities to take control of an affected system.

   US-CERT encourages users and administrators to review the Apple security pages for AirPort Base Station Firmware Update 7.6.9 and Firmware Update 7.7.9 and apply the necessary updates.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

8. Microsoft Releases December 2017 Security Updates

   Original release date: December 12, 2017
   

   Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

   US-CERT encourages users and administrators to review Microsoft's December 2017 Security Update Summary and Deployment Information and apply the necessary updates.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

9. Mozilla Releases Security Updates

   Original release date: December 07, 2017
   

   Mozilla has released security updates to address vulnerabilities in Firefox and Firefox ESR. A remote attacker could exploit these vulnerabilities to take control of an affected system.

   US-CERT encourages users and administrators to review the Mozilla Security Advisory for Firefox 57.0.2 and ESR 52.5.2 and apply the necessary updates.

   ---

   This product is provided subject to this Notification and this Privacy & Use policy.

   
   

10. Microsoft Releases Security Updates for its Malware Protection Engine

    Original release date: December 07, 2017
    

    Microsoft has released updates to address a vulnerability in Microsoft Malware Protection Engine affecting multiple products. A remote attacker could exploit this vulnerability to take control of an affected system.

    US-CERT encourages users and administrators to review Microsoft's Advisory and apply the necessary updates.

    ---

    This product is provided subject to this Notification and this Privacy & Use policy.