I don't know if you're aware of this or not, but the US-CERT (short for United States Computer Emergency Readiness Team) can be a great resource for some of the most recent patches and updates released by technology companies.
Their mission is to "strive for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world."
In early 2000, Federal Government networks began to experience an alarming number of cyber breaches. In response, Congress created the Federal Computer Incident Response Center (FedCIRC) at the General Services Administration as a centralized hub of coordination and information sharing between federal organizations. With the creation of the Department of Homeland Security in 2002, Congress transferred these responsibilities to the new Department. In 2003, FedCIRC was renamed “US-CERT,” and its mission was expanded to include providing boundary protection for the federal civilian executive domain and cybersecurity leadership. This shared responsibility has evolved over time to make US-CERT a trusted partner and authoritative source in cyberspace for the Federal Government; SLTT governments; private industry; and international organizations.
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT. Here are some of the most recent ones:
Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system.
Google has released Chrome version 58.0.3029.81 for Windows, Mac, and Linux. This version addresses multiple vulnerabilities that an attacker may exploit to take control of an affected system.
Users and administrators are encouraged to review the Chrome Releases(link is external) page and apply the necessary updates.
VMware has released security updates to address a vulnerability in vCenter Server. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2017-0007(link is external) and apply the necessary update.
The Microsoft Security Response Center (MSRC) has published information on several recently publicized exploit tools which affect various Microsoft products.
Users and administrators are reminded that software no longer supported by Microsoft (also known as end-of-life (EOL) software) is particularly at risk for exploitation. US-CERT recommends retiring EOL products. For more information on EOL Microsoft products, see US-CERT Alerts TA14-310A and TA14-069A, and the previous US-CERT Current Activity on Windows Vista.
US-CERT encourages users and administrators to review the MSRC post(link is external) and apply any necessary updates.
Microsoft has released 61 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of a system. This Security Update addresses a Microsoft Office vulnerability that is actively being exploited to spread malicious code.
Adobe has released security updates to address vulnerabilities in Adobe Campaign, Flash Player, Acrobat and Reader, Photoshop CC, and Creative Cloud. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletins APSB17-09(link is external), APSB17-10(link is external), APSB17-11(link is external), APSB17-12(link is external), and APSB17-13(link is external) and apply the necessary updates.
And these are only some of the ones released in the last week! Good thing our NOC (Network Operations Center) deal with all of our clients' patching and update needs!
If you have any questions, please feel free to reach out to us at any time.
Does knowing about the US-CERT help? Let us know in the Comment box below or shoot me an email if you’d like to chat about this specifically.