The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

RSS feed for current activities

Google Releases Security Updates for Chrome

Google has released Chrome version 89.0.4389.114 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.
 
CISA encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

VMware Releases Security Updates

VMware has released security updates to address multiple vulnerabilities affecting vRealize Operations, Cloud Foundation, and vRealize Suite Lifecycle Manager. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review VMware Security Advisory VMSA-2021-004 and apply the necessary updates or workarounds.

Citrix Releases Security Updates for Hypervisor

Citrix has released security updates to address vulnerabilities in Hypervisor (formerly XenServer). An attacker could exploit some of these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review Citrix Security Update CTX306565 and apply the necessary updates.

Apple Releases Security Updates 

Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. 

CISA encourages users and administrators to review the Apple security pages for the following products and apply the necessary updates. 

•    watchOS 7.3.3
•    iOS 12.5.2 
•    iOS 14.4.2 and iPadOS 14.4.2 

OpenSSL Releases Security Update

OpenSSL has released a security update to address vulnerabilities affecting versions 1.1.1–1.1.1j. An attacker could exploit these vulnerabilities to cause a denial-of-service condition.

CISA encourages users and administrators to review the OpenSSL Security Advisory and apply the necessary update.

Samba Releases Security Updates

The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba. An attacker could exploit some of these vulnerabilities to take control of an affected system.

CISA encourages users and administrators to review the Samba Security Announcements for CVE-2020-27840 and CVE-2021-20277 and apply the necessary updates and workarounds.