The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

Apache Releases Security Advisory for Tomcat  

The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to cause a denial of service condition.

CISA encourages users and administrators to review Apache’s security advisory for CVE-2021-42340 and apply the necessary updates.

Ongoing Cyber Threats to U.S. Water and Wastewater Systems Sector Facilities

CISA, the Federal Bureau of Investigation (FBI), the Environmental Protection Agency (EPA), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) that details ongoing cyber threats to U.S. Water and Wastewater Systems (WWS) Sector. This activity—which includes cyber intrusions leading to ransomware attacks—threatens the ability of WWS facilities to provide clean, potable water to, and effectively manage the wastewater of, their communities.

Juniper Networks Releases Security Updates for Multiple Products

Juniper Networks has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
 
CISA encourages users and administrators to review the Juniper Networks security advisories page and apply the necessary updates.

Microsoft Releases October 2021 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review Microsoft’s October 2021 Security Update Summary and Deployment Information and apply the necessary updates.

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address vulnerabilities in multiple Adobe products. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:

Apple Releases Security Update to Address CVE-2021-30883

Apple has released a security update to address a vulnerability—CVE-2021-30883—in multiple products. An attacker could exploit this vulnerability to take control of an affected system. This vulnerability has been detected in exploits in the wild.

CISA encourages users to review the Apple security page for iOS 15.0.2 and iPadOS 15.0.2 and apply the necessary updates as soon as possible.