Oracle Releases October 2014 Security Advisory

Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the Oracle October 2014 Critical Patch Update and apply the necessary updates. This product is provided subject to this...

Google Releases Security Updates for Chrome and Chrome OS

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition. Updates available include: Chrome 38.0.2125.101 for Windows, Mac and...

Adobe Releases Security Updates for Adobe Reader and Acrobat

Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB14-20 and...

Adobe Releases Security Updates for Flash Player and Air

Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to revi...

Backoff Point-of-Sale Malware Campaign

US-CERT is aware of Backoff malware compromising a significant number of major enterprise networks as well as small and medium businesses. US-CERT encourages administrators and operators of Point-of-Sale systems to review the Backoff malware alert to help determine if your network may be affected...

NCSC Spearphishing Security Advisory

New Zealand’s National Cyber Security Centre NCSC has released Security Advisory NCSC-C-2014-17 which highlights a spearphishing campaign targeting government employees. The NCSC provides enhanced cybersecurity services to the New Zealand Government and private sector organizations against...

Risks of Exposing the Intelligent Platform Management Interface (IPMI)

Multiple weaknesses exist in several server platforms employing IPMI. Exploitation of these vulnerabilities could allow an attacker to take control of the affected system or expose sensitive server information. Server administrators are encouraged to review US-CERT Alert TA13-207A and restrict IP...

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine

Microsoft has released a security advisory to address a vulnerability to the Microsoft Malware Protection Engine. Successful exploitation of the vulnerability could allow an attacker to cause a denial of service. An update is available for the following affected software: Microsoft Forefront Clie...

Adobe Releases Security Updates for Reader, Acrobat, Flash Player, and Illustrator

Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, Flash Player, and Illustrator. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Reader XI 11.0.07...

Cisco Releases Security Advisory for WebEx Players

Cisco has released a security advisory to address multiple buffer overflow vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players. Successful exploitation of the vulnerabilities could cause an affected player to crash or allow a remote attacker to execute arbitrary...

Adobe Releases Security Updates for Flash Player

US-CERT is aware of active exploitation of a vulnerability in versions of Flash Player which could potentially allow an attacker to take control of an affected system. Adobe has released security updates to address these vulnerabilities. The following updates are available: Flash Player 13.0.0.20...

Security Updates Released for iOS devices and Apple TV

Apple has released security updates for iOS and Apple TV devices to address multiple vulnerabilities, some of which may lead to unexpected system termination or arbitrary code execution. Updates available include: iOS 7.1 for iPhone 4 and later, iPod touch 5th generation and later, or iPad 2 and...

Security Updates Available for Adobe Flash Player

Adobe has released security updates to address important vulnerabilities in Adobe Flash Player 12.0.0.70 or earlier versions for Windows and Macintosh, and Adobe Flash Player 11.2.202.341 or earlier versions for Linux. Exploitation of these vulnerabilities could compromise data security in a user...

Apple Releases Safari 6.1.2 and Safari 7.0.2

Apple has released Safari 6.1.2 and 7.0.2 for OS X to address multiple vulnerabilities in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT614...

Cisco Releases Security Advisory for Prime Infrastructure Command Execution Vulnerability

Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges. US-CERT encourages users and administrators to...

Microsoft Releases January 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...

Adobe Releases Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe is aware of reports that an exploit designed to trick a user into opening a Microsoft Word document with malicious Flash .swf content exists. These vulnerabilities could cause a crash and...

Adobe Releases Security Update for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system. US-CERT recommends...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 25.0.1 Firefox ESR 24.1.1 Firefox ESR 17.0.11 Seamonkey 2.22.1 These vulnerabilities could allow a remote attacker to bypass intended security restrictions or cause a...

Google Releases Google Chrome 31.0.1650.48

Google has released Google Chrome 31.0.1650.48 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition or bypass intended security restrictions. US-CERT encourages users and...

Microsoft Releases Advance Notification for November Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its November 2013 release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, and Microsoft Office. These bulletins...

Cisco Releases Security Advisory

Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR. These vulnerabilities, which are independent of each other, could allow an unauthenticated remote attacker to cause a denial-of-service condition...

Cisco Releases Security Advisories

Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to successfully execute arbitrary code, authentication bypass or cause a denial-of-service DoS condition. US-CERT encourages users and administrators to review the followi...

Security Updates Available for Adobe Reader and Acrobat

Adobe has released security updates for Adobe Reader and Acrobat XI 11.0.04 for Windows. These updates address a regression that occurred in version 11.0.04 affecting Javascript security controls. US-CERT recommends that users and administrators review Adobe Security Bulletin APSB13-25 and follow...

Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)

Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager DCNM. These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected devic...

Security Updates Available for Adobe Flash Player, Adobe Reader, and Acrobat

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe has also released security updates for Adobe Reader and Acrobat XI 11.0.03 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities could cause a...

Spear-Phishing E-mail with Missing Children Theme

The FBI is aware of a spear-phishing e-mail appearing as if it were sent from the National Center for Missing and Exploited Children. The subject of the e-mail is "Search for Missing Children," and a zip file containing three malicious files is attached. E-mail recipients should always treat link...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 23.0 Firefox ESR 17.0.8 Thunderbird 17.0.8 Thunderbird ESR 17.0.8 Seamonkey 2.20 These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct ...

Security Update Available for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems to address a vulnerability. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CE...

Cisco Releases Security Advisories

Cisco has released four security advisories to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system or cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco...

Microsoft Releases June 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for June 2013. These vulnerabilities could allow remote code execution, information disclosure, denial of service, or elevatio...

Google Releases Google Chrome 27.0.1453.110

Google has released Google Chrome 27.0.1453.110 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial-of-service condition, bypass security controls or execute arbitrary code. US-CERT encourages user...

Apple Releases OS X 10.8.4 and Security Update 2013-002

Apple has released OS X 10.8.4 and Security Update 2013-002 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security controls, or cause denial-of-service conditions. US-CERT encourages users and...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...

WordPress Sites Targeted by Mass Brute-force Botnet Attack

US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are...

Google Releases Google Chrome 26.0.1410.43

Google has released Google Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or execute arbitrary code. US-CERT encourages users and administrators to review the Googl...

Microsoft Releases March 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Silverlight, and Server Software as part of the Microsoft Security Bulletin summary for March 2013. These vulnerabilities could allow remote code execution, elevation of privilege, or...

Google Releases Google Chrome 25.0.1364.87

Google has released Google Chrome 25.0.1364.87 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or bypass security features. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update...

Microsoft Releases February 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Server Software, Office, and .NET Framework as part of the Microsoft Security Bulletin summary for February 2013. These vulnerabilities could allow remote code execution, allow elevation of privileg...

Google Releases Google Chrome 23.0.1271.97

Google has released Google Chrome 23.0.1271.97 for Windows, Mac, Linux, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome...

Increased Exploitation in Web Content Management Systems

US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems CMSs such as Wordpress and Joomla. Compromised CMS installations can be used to host malicious content. US-CERT recommends that users and administrators ensure that their CMS...

Microsoft Releases September Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Development Tools and Server Software as part of the Microsoft Security Bulletin summary for September 2012. These vulnerabilities may allow an attacker to operate with elevated privileges. US-CERT encourages users and...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 13.0 Firefox ESR 10.0.5 Thunderbird 13.0 Thunderbird ESR 10.0.5 SeaMonkey 2.10 These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...

Adobe Releases Security Bulletins for Multiple Products

Adobe has released security bulletins to address multiple vulnerabilities for the following products: Adobe Illustrator CS5 15.0.x for Windows and Macintosh Adobe Illustrator CS5.5 15.1 for Windows and Macintosh Adobe Photoshop CS5 12.0 for Windows and Macintosh Adobe Photoshop CS5.1 12.1 for...

Microsoft Releases Advanced Notification for May Security Bulletin

Microsoft has issued a Security Bulletin Advanced Notification indicating that its May release will contain seven bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Office, .NET Framework, and Silverlight. Releases of these...

HP ProCurve 5400 zl Switches Security Bulletin

Hewlett-Packard HP has released a security bulletin to address a security vulnerability affecting HP 5400 zl series switches purchased after April 30, 2011. These switches contain a compact flash card that may be infected with malware. US-CERT encourages users and administrators to review HP...

Adobe Releases Security Bulletin for Adobe Reader and Acrobat

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader X 10.1.2 and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X 10.1.2 and earlier versions for Windows and Macintosh. Exploitation of these...

Google Releases Google Chrome 18.0.1025.142

Google has released Chrome 18.0.1025.142 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages...

Google Releases Google Chrome 17.0.963.83

Google has released Chrome 17.0.963.83 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Googl...

Microsoft Releases March Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Visual Studio, and Express Design as part of the Microsoft Security Bulletin Summary for March 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or opera...