us-cert.govHomepage | CISA

Skip to main content Official website of the Department of Homeland Security Enter Search Terms(s): Toggle navigation Enter Search Terms(s): CertMain Menu About Us Alerts and Tips Resources Industrial Control Systems Report TLP:WHITE TLP:WHITE Defend Today. Secure Tomorrow. As part of its mission, CISA leads the effort to enhance the security, resiliency, and reliability of the Nation's cybersecurity and communications infrastructure. High-Profile Activity Chinese Malicious Cyber Activity HIDDEN COBRA - North Korean Malicious Cyber Activity GRIZZLY STEPPE - Russian Malicious Cyber Activity Ransomware Guidance Current Activity Wednesday, January 29, 2020 Tax Identity Theft Awareness Week Tuesday, January 28, 2020 Apple Releases Multiple Security Updates Tuesday, January 28, 2020 Data Privacy Day: A Vision for the Future Friday, January 24, 2020 Cisco Releases Security Updates View Current Activities Report Incidents Report Phishing Report Malware Report Vulnerabilities Share Indicators Contact US-CERT Recent Vulnerabilities 1/28 1/28 VU#619785 Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability 1/22 1/22 VU#338824 Microsoft Internet Explorer Scripting Engine memory corruption vulnerability 1/18 1/18 VU#491944 Microsoft Windows Remote Desktop Gateway allows for unauthenticated remote code execution 1/14 1/14 VU#849224 Microsoft Windows CryptoAPI fails to properly validate ECC certificate chains 1/14 1/14 VU#335217 Multiple caching service providers are vulnerable to HTTP cache poisoning 12/20 12/20 VU#941987 Apple devices vulnerable to arbitrary code execution in SecureROM Other Resources: National Vulnerability Database View Vulnerability Notes National Cyber Awareness System Current Activity Provides up-to-date information about high-impact security activity affecting the community at large. Alerts Timely information about current security issues, vulnerabilities, and exploits. Bulletins Weekly summaries of new vulnerabilities along with patch information. Analysis Reports Provide in-depth analysis on a new or evolving cyber threat. Announcements HIDDEN COBRA – North Korean Malicious Cyber Activity On October 31, 2019, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Defense (DoD) identified a Trojan malware variant—referred to as HOPLIGHT—used by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/HiddenCobra . HIDDEN COBRA – North Korean Malicious Cyber Activity On September 9, 2019, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) identified two malware variants—referred to as ELECTRICFISH and BADCALL—used by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information, visit https://www.us-cert.gov/HiddenCobra . View Announcements Contact Us (888)282-0870 Send us email Download PGP/GPG keys Subscribe to Alerts Receive security alerts, tips, and other updates. Enter your email address HSIN Report Home Site Map FAQ Contact Us Traffic Light Protocol PCII Accountability Disclaimer Privacy Policy FOIA No Fear Act Accessibility Plain Writing Plug-ins Inspector General The White House USA.gov CISA is part of the Department of Homeland Security...