The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

VMware vCenter Server Vulnerability CVE-2021-22005 Under Active Exploit

On September 21, 2021, VMware disclosed that its vCenter Server is affected by an arbitrary file upload vulnerability—CVE-2021-22005—in the Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.

Google Releases Security Updates for Chrome

Google has released Chrome version 94.0.4606.61 for Windows, Mac, and Linux. This version addresses a vulnerability—CVE-2021-37973—that an attacker could exploit to take control of an affected system. An exploit for this vulnerability exists in the wild.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update as soon as possible.

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected system. These vulnerabilities have been detected in exploits in the wild.

CISA encourages users and administrators to review the Apple security page for iOS 12.5.5 and Security Update 2021-006 Catalina and apply the necessary updates as soon as possible.

Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Cisco Security Advisories page and apply the necessary updates.                                                                                

CISA Releases Guidance: IPv6 Considerations for TIC 3.0

The federal government has prioritized the transition of federal networks to Internet Protocol version 6 (IPv6) since the release of Office of Management and Budget (OMB) Memorandum 05-22 in 2005. In 2020, OMB renewed its focus on IPv6 through the publication of OMB Memorandum 21-07.

CISA, FBI, and NSA Release Joint Cybersecurity Advisory on Conti Ransomware 

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) alerting organizations of increased Conti ransomware attacks. Malicious cyber actors use Conti ransomware to steal sensitive files from domestic and international organizations, encrypt the targeted organizations’ servers and workstations, and demand a ransom payment from the victims.