4188 matches found
WordPress Releases Security Update
WordPress 4.0.1 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 3.9.2 and earlier are affected by this vulnerability. US-CERT recommends users and administrators review the WordPress Maintenance and Security...
Google Releases Security Update for Chrome
Google has released Chrome 39.0.2171.65 for Windows, Mac and Linux. This update addresses multiple vulnerabilities, one of which could cause a denial of service condition. Users and administrators are encouraged to review the Google Chrome blog and apply the necessary updates. This product is...
Bourne-Again Shell (Bash) Remote Code Execution Vulnerability
US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review TA14-268A, Vulnerability...
Microsoft Releases September 2014 Security Bulletin
Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service...
Cisco EnergyWise Module Vulnerability
Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected system. Users and administrators are...
Cisco Releases Security Advisories
Cisco has released two security advisories to address multiple product vulnerabilities, one of which may allow a remote attacker to execute arbitrary code with elevated privileges. The advisories are listed below: Cisco Wide Area Application Services Remote Code Execution Vulnerability Multiple...
Firmware Update for Apple AirPort Devices
Apple has released firmware update 7.7.3 for AirPort Extreme and AirPort Time Capsule base stations with 802.11ac. The update addresses the OpenSSL "Heartbleed" vulnerability where an attacker may obtain memory contents. US-CERT recommends that users and administrators review Apple Security Updat...
OpenSSL 'Heartbleed' Vulnerability
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL...
GnuTLS Releases Security Update
GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks. Many Linux...
Security Updates Available for Adobe Flash Player
Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. Exploitation of this vulnerability could allow an attacker to take control of an affect...
BlackBerry Releases Security Advisory
BlackBerry has released a security advisory that addresses Adobe® Flash® remote code execution vulnerabilities that affect BlackBerry® Z10, BlackBerry® Q10 smartphone and BlackBerry® PlayBook™ tablet customers. These vulnerabilities could potentially allow an attacker to execute code with the...
UK CPNI Releases Spear Phishing Paper
The United Kingdom's Centre for the Protection of National Infrastructure CPNI has recently released a paper titled "Spear Phishing - Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations c...
Apple Releases Security Updates for Safari
Apple has released security updates for Safari 6.1.1 and Safari 7.0.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to obtain sensitive information, execute arbitrary code or cause a denial-of-service condition. Safari 6.1.1 and Safari 7.0.1 updates are...
Microsoft Releases Advance Notification for December Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its December 2013 release will contain 11 bulletins. These bulletins will have severity ratings of critical and important and will be for Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft...
Apple Releases Security Update for Java on OS X
Apple has released a security update for Java on Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, and OS X Mountain Lion 10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code wi...
Microsoft Releases October 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight as part of the Microsoft Security Bulletin Summary for October 2013. These vulnerabilities could allow remote code execution or information...
Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication
Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes eight Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...
Apple Releases Security Update for OS X Server
Apple has released a security update for OS X Server v2.2.2 for OS X Mountain Lion v10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial of service, execute arbitrary code or cause a cross-site scripting attack. US-CERT encourages...
Microsoft Releases Security Advisory
Microsoft has released Security Advisory 2862973 impacting applications and services using certificates with the MD5 hashing algorithm. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. US-CERT...
OpenX Releases Security Update
OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...
Microsoft Releases April 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...
Apple Releases Security Update for Java on OS X
Apple has released a security update for Java on OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later, Mac OS X v10.6.8, and Mac OS X Server v10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code...
Microsoft Releases December 2012 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, and Microsoft Server Software as part of the Microsoft Security Bulletin summary for December 2012. These vulnerabilities could allow an attacker to bypass security features or...
Adobe Releases Security Bulletin for Flash Player
Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and...
Malware Campaigns Impersonating U.S. Government Agencies
US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command USCYBERCOM and the Federal Bureau of Investigation FBI. Once installed on a system, the malware displays a screen claiming that a Federal Government agency has...
Adobe Releases Security Bulletins for Multiple Products
Adobe has released security bulletins to alert users of critical vulnerabilities in multiple products. The following products are affected: Adobe Illustrator CS 5.5 and earlier versions for Windows and Macintosh Adobe Photoshop CS 5.5 and earlier versions for Windows and Macintosh Adobe Flash...
Oracle Releases Critical Patch Update for April 2012
Oracle has released its Critical Patch Update for April 2012 to address 88 vulnerabilities across multiple products. This updates contains the following security fixes: 6 for Oracle Database Server 11 for Oracle Fusion Middleware 6 for Oracle Enterprise Manager Grid Control 4 for Oracle E-Busines...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 11 Firefox 3.6.28 Firefox ESR 10.0.3 Thunderbird 11 Thunderbird 3.1.20 Thunderbird ESR 10.0.3 SeaMonkey 2.8 These vulnerabilities may allow an attacker to execute arbitrary code,...
Google Releases Chrome 17.0.963.79
Google has released Chrome 17.0.963.79 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...
U.S. Tax Season Phishing Scams and Malware Campaigns
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potenti...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities affecting Cisco ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module, Cisco Firewall Services Module, and Cisco Network Admission Control Manager. These vulnerabilities may allow an...
SSL/TLS Protocol Vulnerability
US-CERT is aware of a vulnerability affecting the Secure Socket Layer SSL and Transport Layer Security TLS protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information. Microsoft has released Security Advisory 2588513 to...
Fraudulent DigiNotar SSL Certificate
US-CERT is aware of public reports of the existence of fraudulent SSL certificates issued by DigiNotar. These fraudulent SSL certificates could be used by an attacker to masquerade as legitimate sites. Mozilla has released Firefox 3.6.22 and Firefox 6.0.2 to address this issue. Additional...
Apple Releases iOS 4.3.5 and iOS 4.2.10
Apple has released iOS 4.3.5 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.10 for the iPhone CDMA model to address a vulnerability. This vulnerability may allow an attacker with a privileged network position to capture or modify data in SSL/TLS sessions. US-CERT encourages users and...
RIM Releases Security Advisory for BlackBerry PlayBook
RIM has released a security advisory to address vulnerabilities in the Adobe Flash Player version included with the BlackBerry PlayBook tablet software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users and...
Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for four products to address multiple vulnerabilities. These products include Cisco Unified IP phones, Cisco Network Registrar, Cisco AnyConnect Secure Mobility Client, and Cisco Media Experience. Exploitation of the vulnerabilities may allow an attacker to...
WebGL Security Risks
US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari. US-CER...
Apple Releases iOS 4.3.3
Apple released iOS 4.3.3 for the iPhone, iPod Touch, and iPad to address location tracking history capabilities. This update specifically addresses two bugs in iOS that resulted in the devices storing historical location data for too long. US-CERT encourages users and administrators to review App...
WordPress Releases Version 3.1.2
WordPress has released WordPress 3.1.2 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.2 and apply any necessary updates to hel...
RealNetworks, Inc. Releases Update for Helix Server and Helix Mobile Server
RealNetworks, Inc. has released a security update for multiple vulnerabilities affecting Helix Server and Helix Mobile Server. The vulnerabilities affect versions 12.x, 13.x, and 14.x of Helix Server and Helix Mobile Server installed on Red Hat Enterprise Linux 5, Sun Solaris 10, Windows 2003, an...
Mozilla Releases Updates for Firefox, Thunderbird, and SeaMonkey
The Mozilla Foundation has released Firefox 3.6.14 and Firefox 3.5.17 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site request forgery attacks, cause a denial-of-service condition, or operate with elevat...
Adobe Prenotification Security Advisory for Adobe Reader and Acrobat
Adobe had issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on February 8, 2011. An update for UNIX will be available the...
WordPress.org has released WordPress 3.0.4
WordPress.org has released WordPress 3.0.4 to address a vulnerability in the HTML sanitation library. Exploitation of this vulnerability may allow an attacker to insert arbitrary HTML and script code into the browser session. US-CERT encourages users and administrators to review the WordPress.org...
Microsoft Releases August Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, and Silverlight as part of the Microsoft Security Bulletin Summary for August 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges...
Apple Releases iTunes 9.2
Apple has released iTunes 9.2 for Windows systems to address multiple vulnerabilities affecting the ColorSync, ImageIO, and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to...
Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
Adobe has released a security advisory to notify users of a vulnerability in Adobe Flash Player, Reader, and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code and take control of the affected system. The advisory indicates that Adobe is aware of active...
Adobe Releases Update for Shockwave Player
Adobe has released a security update to address multiple vulnerabilities in Adobe Shockwave Player 11.5.6.606 and earlier versions for both Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...
Microsoft Re-Releases Security Update for MS10-025
Microsoft has re-released the security update related to Microsoft security bulletin MS10-025. This vulnerability affects Windows Media Services running on Windows 2000 Server. The original release of this update had been revoked last week because it did not effectively correct the underlying...
VideoLAN Releases Security Advisory for VLC Media Player
VideoLAN has released a security advisory to address multiple vulnerabilities in VLC Media Player. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review VideoLAN security advisory...
Apple Releases Safari 4.0.5
Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions...