Multiple Ransomware Infections Reported

US-CERT has received multiple reports of ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

Users and administrators are encouraged to review the US-CERT Alert TA16-091A to learn how to best protect against ransomware. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/12/Multiple-Ransomware-Infections-Reported

Adobe Releases Security Updates

Adobe has released security updates to address vulnerabilities in Adobe Flash Player and Adobe Experience Manager Forms. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB17-15 (link is external) and APSB17-16 (link is external) and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/09/Adobe-Releases-Security-Updates

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its IOS and IOS XE Software. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

Users and administrators are encouraged to review the Cisco Security Advisory (link is external) and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/09/Cisco-Releases-Security-Updates

Microsoft Releases May 2017 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft’s May 2017 Security Update Summary (link is external) and Deployment Information (link is external) and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/09/Microsoft-Releases-May-2017-Security-Updates

FTC Announces Resource for Small Business Owners

The Federal Trade Commission (FTC) has released an announcement about its new website devoted to protecting small businesses. This resource aims to help business owners avoid scams, protect their computers and networks, and keep their customers’ and employees’ data safe.

Business owners and other interested parties are encouraged to explore the new FTC website and review US-CERT resources for small and midsize businesses.

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/09/FTC-Announces-Resources-Small-Businesses

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition.

Users and administrators are encouraged to review the following Cisco Security Advisories and apply the necessary updates:

Source: https://www.us-cert.gov/ncas/current-activity/2017/03/22/Cisco-Releases-Security-Updates

Aviation Phishing Scams

US-CERT has received reports of email-based phishing campaigns targeting airline consumers. Systems infected through phishing campaigns act as an entry point for attackers to gain access to sensitive business or personal information.

US-CERT encourages users and administrators to review an airline Security Advisory (link is external) and US-CERT’s Security Tip ST04-014 for more information on phishing attacks.

Source: https://www.us-cert.gov/ncas/current-activity/2017/03/23/Aviation-Phishing-Scams