The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

SonicWall Releases Patches for Email Security Products

CISA is aware of three vulnerabilities affecting SonicWall Email Security products: CVE-2021-20021, CVE-2021-20022, and CVE-2021-20023. A remote attacker could exploit these vulnerabilities to take control of an affected system. According to SonicWall, "In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild.’"

Google Releases Security Updates for Chrome

Google has released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

CISA Issues Emergency Directive on Pulse Connect Secure

CISA has issued Emergency Directive (ED) 21-03, as well as Alert AA21-110A, to address the exploitation of vulnerabilities affecting Pulse Connect Secure (PCS) software. An attacker could exploit these vulnerabilities to gain persistent system access and take control of the enterprise network operating the vulnerable PCS device. These vulnerabilities are being exploited in the wild. 

CISA Releases Alert on Exploitation of Pulse Connect Secure Vulnerabilities

CISA is aware of ongoing exploitation of Ivanti Pulse Connect Secure vulnerabilities compromising U.S. government agencies, critical infrastructure entities, and private sector organizations.

Oracle Releases April 2021 Critical Patch Update

Oracle has released its Critical Patch Update for April 2021 to address 384 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle April 2021 Critical Patch Update and apply the necessary updates.

VMware Releases Security Update

VMware has released a security update to address a vulnerability affecting NSX-T. An attacker can exploit this vulnerability to take control of an affected system

CISA encourages users and administrators to review VMSA-2021-0006 and apply the necessary update and workaround.