The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

WordPress Releases Security and Maintenance Update

WordPress versions 4.7-5.7 are affected by multiple vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected website. 

CISA encourages users and administrators to review the WordPress Security and Maintenance Release and upgrade to WordPress 5.7.1.

CISA and CNMF Analysis of SolarWinds-related Malware

CISA and the Department of Defense (DoD) Cyber National Mission Force (CNMF) have analyzed additional SolarWinds-related malware variants—referred to as SUNSHUTTLE and SOLARFLARE. One of the analyzed files was identified as a China Chopper webshell server-side component that was observed on a network with an active SUNSHUTTLE infection. The webshell can provide a cyber threat actor an alternative method of accessing a network, even if the SUNSHUTTLE infection was remediated.

The U.S. Government attributes this activity to the Russian Foreign Intelligence Service (SVR).

NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks

CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have released a Joint Cybersecurity Advisory (CSA) on Russian Foreign Intelligence Service (SVR) actors scanning for and exploiting vulnerabilities to compromise U.S. and allied networks, including national security and government-related systems.

Google Releases Security Updates for Chrome

Google has updated the stable channel for Chrome to 90.0.4430.72 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome release and apply the necessary changes.

Juniper Networks Releases Security Updates

Juniper Networks has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Juniper Security Advisories webpage and apply the necessary updates or workarounds.

NAME:WRECK DNS Vulnerabilities

Cybersecurity researchers from Forescout and JSOF have released a report on a set of nine vulnerabilities—referred to as NAME:WRECK—affecting Domain Name System (DNS) implementations. NAME:WRECK affects at least four common TCP/IP stacks—FreeBSD, IPNet, NetX, and Nucleus NET—that are used in Internet of Things (IoT), operational technology (OT), and information technology (IT) devices. A remote attacker could exploit these vulnerabilities to take control of an affected system.