Mozilla Releases Security Updates

Mozilla has released security updates to address a vulnerability in Firefox and Firefox ESR. An attacker could exploit this vulnerability to take control of an affected system. US-CERT encourages users and administrators to review the Mozilla Security Advisories for Firefox 53.0.2 and Firefox ESR...

Intel Firmware Vulnerability

Intel has released recommendations to address a vulnerability in the firmware of the following Intel products: Active Management Technology, Standard Manageability, and Small Business Technology, firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability does not affect...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its IOS, IOS XE, and IOx Software. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system or cause a denial-of-service condition. Users and administrators are encouraged to...

Drupal Releases Security Update

Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.2.7. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review Drupal's Security Advisory and apply th...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in iCloud for Windows, Safari, iTunes for Windows, and macOS Sierra. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review th...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its Cisco WebEx Meetings Player. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply t...

Mozilla Releases Security Update for Firefox

Mozilla has released Firefox 49.0.2 to address a security vulnerability. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Mozilla Security Advisory for Firefox and apply the necessary update...

Week Two of National Cyber Security Awareness Month

October is National Cyber Security Awareness Month, an annual campaign to raise awareness about cybersecurity. In partnership with DHS, the National Cyber Security Alliance has released information on “Cyber from the Break Room to the Board Room” describing how users can protect their businesses...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the...

Google Releases Security Update for Chrome

Google has released Chrome version 53.0.2785.113 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases pa...

Apple Releases Security Updates

Apple has released security updates to address vulnerabilities in watchOS, Xcode, and iOS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security page for watchOS, Xcode,...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in its IOS XR Software for ASR 9001 Aggregation Services Routers. Exploitation of this vulnerability could allow an remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Cis...

VMware Releases Security Update

VMware has released a security update to address vulnerabilities in vCenter Server, vSphere Hypervisor ESXi, Workstation Pro, Workstation Player, Fusion, and Tools. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in several products. Exploitation of some of these vulnerabilities could allow an unauthenticated remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the following Cisco Securit...

Mozilla Releases Security Updates

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 48 Firefox ESR 45.3 Users and administrators ar...

ImageMagick Vulnerability

ImageMagick, an open-source image processing software suite, has released versions 7.0.1-1 and 6.9.3-10 to address a vulnerability in previous software versions. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and administrators are encouraged...

OpenSSL Releases Security Updates

OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OpenSSL 1.0.2h for 1.0.2 users OpenSSL 1.0.1t for 1.0.1 users US-CERT...

Google Releases Security Update for Chrome

Google has released Chrome version 50.0.2661.94 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releas...

IRS Warns Taxpayers About Scams as Tax Deadline Approaches

The Internal Revenue Service IRS has issued a press release to warn of a potential increase in scams targeting taxpayers around the April 18 tax deadline. Before and after the deadline, scammers may tempt or pressure taxpayers into revealing personal information. US-CERT and IRS recommend taxpaye...

Symantec Releases Security Update

Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from...

OpenSSL Releases Security Advisory

OpenSSL has released updates to address vulnerabilities in prior versions. Exploitation of some of these vulnerabilities may allow a remote attacker to obtain sensitive information. Updates available include: OpenSSL 1.0.2g for 1.0.2 users OpenSSL 1.0.1s for 1.0.1 users Users and administrators a...

GNU glibc Vulnerability

GNU glibc contains a buffer overflow vulnerability in the DNS resolver. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Vulnerability Note VU457759 and the glibc Project Notification for...

FTC Announces Enhancements to IdentityTheft.gov

The Federal Trade Commission FTC has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P3 BIND 9 version 9.10.3-P3 BIND 9 versio...

Microsoft Releases January 2016 Security Bulletin

Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS16-001...

OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released updates patching four vulnerabilities. Exploitation of one of these vulnerabilities could allow an attacker to cause a denial-of-service condition. Updates available include: OpenSSL 1.0.2e for 1.0.2 users OpenSSL 1.0.1q for 1.0.1 users OpenSSL 1.0.0t for 1.0.0 users OpenSSL...

Symantec Releases Security Update

Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from...

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial-of-service DoS condition. Users and administrators are encouraged to review the NTP Security Notice...

Mozilla Releases Security Update for Firefox

Mozilla has released Firefox 41.0.2 to address a security vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. US-CERT encourages users and administrators to review Mozilla Security Advisory 2015-115 and apply the...

Microsoft Releases September 2015 Security Bulletin

Microsoft has released 12 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-094 through...

Mozilla Releases Security Updates for Firefox

The Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Available updates include: Firefox 40.0.3 Firefox ESR 38.2.1 US-CERT encourage...

Evolution in Attacks Against Cisco IOS Software Platforms

Cisco has observed increasingly complex attacks that could allow an attacker to gain administrative access to a Cisco IOS device by installing a malicious ROMMON image. Successful exploitation using this image could allow an attacker to manipulate device behavior after the device is rebooted...

‘Stagefright’ Android Vulnerability

Android devices running Android versions 2.2 through 5.1.1r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device. Users and administrators are...

OPM Identity-Protection Phishing Campaigns

US-CERT is aware of suspicious domain names that may be used in phishing campaigns masquerading as official communication from the Office of Personnel Management OPM or the identity protection firm CSID. Https://opm.csid.com is the legitimate domain used by CSID, which is responsible for identity...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates for Adobe Photoshop Creative Cloud CC and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe...

Cisco IOS XR Denial-of-Service Vulnerability

Cisco has identified a vulnerability that could allow an unauthenticated remote attacker to cause a denial-of-service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. A Cisco Carrier Routing System 3 CRS-3 running a version of Cisco...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive information. Available updates include:...

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking...

IC3 Releases Alert on Web Site Defacements

The Internet Crime Complaint Center IC3 has issued an alert addressing recently perpetrated Web site defacements. The defacements advertise themselves as associated with the Islamic State in the Levant ISIL a.k.a. Islamic State of Iraq and al-Shams ISIS. However, FBI assesses that the perpetrator...

OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server. Updates available include: OpenSSL 1.0.2a for 1.0.2 users OpenSSL...

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV

Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X...

IC3 Releases Alert for a Scam Targeting Businesses

The Internet Crime Complaint Center IC3 has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control. Users are encouraged...

Google Releases Security Updates for Chrome

Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information. US-CERT encourages users and administrators to review t...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address multiple vulnerabilities in BIND, one of which may allow a remote attacker to cause a denial of service. Updates available include: BIND 9 version 9.9.6-P1 BIND 9 version 9.10.1-P1 Users and administrators are encouraged...

IBM Releases Security Update for MDM

IBM has released Tivoli Endpoint Manager Mobile Device Management MDM version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system. Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates...

Mozilla Releases Security Updates for Firefox and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial of service, or exploit a buffer overflow on an affected browser. Updates...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address a vulnerability in Flash Player which could potentially allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB14-26 and apply the necessary updates. This product i...

Google Releases Security Update for Chrome

Google has released Chrome 38.0.2125.122 for Windows, Mac and Linux. This update addresses a vulnerability which could potentially allow an attacker to take over an affected system. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary update...

Apple Releases Security Updates for QuickTime

Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service. Users and administrators are encouraged to review Apple Support Article HT6493 and apply a...