US-CERT Alerts

CISA Alerts

Alerts warn about vulnerabilities, incidents, and other security issues that pose a significant risk.

AA19-290A: Microsoft Ending Support for Windows 7 and Windows Server 2008 R2

Author: CISA
Posted: October 17, 2019, 4:36 pm
Original release date: October 17, 2019 | Last revised: October 18, 2019

Summary

Note: This alert does not apply to federally certified voting systems running Windows 7. Microsoft will continue to provide free security updates to those systems through the 2020 election. See Microsoft’s article, Extending free Windows 7 security updates to voting systems, for more information.

On January 14, 2020, Microsoft will end extended support for their Windows 7 and Windows Server 2008 R2 operating syste...


Read More

AA19-168A: Microsoft Operating Systems BlueKeep Vulnerability

Author: CISA
Posted: June 17, 2019, 1:37 pm
Original release date: June 17, 2019

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:

  • Windows 2000
  • Windows Vista
  • Windows XP
  • Windows 7
  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2

An attacker can exploit ...


Read More

AA19-122A: New Exploits for Unsecure SAP Systems

Author: CISA
Posted: May 2, 2019, 10:54 pm
Original release date: May 2, 2019 | Last revised: May 3, 2019

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1]

Technical Details

A presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems ar...


Read More

AA19-024A: DNS Infrastructure Hijacking Campaign

Author: CISA
Posted: January 24, 2019, 8:01 pm
Original release date: January 24, 2019 | Last revised: February 13, 2019

Summary

The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-contr...


Read More

AA18-337A: SamSam Ransomware

Author: CISA
Posted: December 3, 2018, 4:18 pm
Original release date: December 3, 2018

Summary

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for p...


Read More