The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Cisco Releases Advisories for Multiple Products

Cisco has released security updates to address vulnerabilities in multiple Cisco products. A remote attacker could exploit these vulnerabilities to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

CISA encourages users and administrators to review the following Cisco Advisories and apply the necessary updates:

Drupal Releases Security Updates

Drupal has released security updates to address a vulnerability affecting Drupal. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Drupal Advisory SA-CORE-2021-001 and apply the necessary updates or mitigations.

CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

CISA and the CERT Coordination Center (CERT/CC) are aware of multiple vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a widely-used, open-source software that provides Domain Name Service forwarding and caching and is common in Internet-of-Things (IoT) and other embedded devices. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Google Releases Security Updates for Chrome

Google has released Chrome version 88.0.4324.96 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

CISA encourages users and administrators to review the Chrome Release and apply the necessary updates.

 

Oracle Releases January 2021 Security Bulletin

Oracle has released its Critical Patch Update for January 2021 to address 329 vulnerabilities across multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Oracle January 2021 Critical Patch Update and apply the necessary updates.

NSA Releases Guidance on Encrypted DNS in Enterprise Environments  

The National Security Agency (NSA) has released an information sheet with guidance on adopting encrypted Domain Name System (DNS) over Hypertext Transfer Protocol over Transport Layer Security (HTTPS), referred to as DNS over HTTPS (DoH). When configured appropriately, strong enterprise DNS controls can help prevent many initial access, command and control, and exfiltration techniques used by threat actors.