4188 matches found
Microsoft Releases January 2016 Security Bulletin
Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS16-001...
IRS Releases Eighth Security Tip
The Internal Revenue Service IRS has released the eighth in a series of tips intended to help the public protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. This tip describes methods users should follow t...
Internet Systems Consortium (ISC) Releases Security Updates for BIND
ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P2 BIND 9 version 9.10.3-P2 BIND 9 version 9.9.8-S3 Users and...
OpenSSL Patches Multiple Vulnerabilities
OpenSSL has released updates patching four vulnerabilities. Exploitation of one of these vulnerabilities could allow an attacker to cause a denial-of-service condition. Updates available include: OpenSSL 1.0.2e for 1.0.2 users OpenSSL 1.0.1q for 1.0.1 users OpenSSL 1.0.0t for 1.0.0 users OpenSSL...
Symantec Releases Security Update
Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial-of-service DoS condition. Users and administrators are encouraged to review the NTP Security Notice...
Mozilla Releases Security Update for Firefox
Mozilla has released Firefox 41.0.2 to address a security vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. US-CERT encourages users and administrators to review Mozilla Security Advisory 2015-115 and apply the...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities in Prime Collaboration Assurance, Prime Collaboration Provisioning, and TelePresence Server software. Exploitation of these vulnerabilities could allow a remote attacker to escalate privileges, obtain sensitive information, or cause a...
Apple Releases Security Updates for OS X Server, iTunes, Xcode, and iOS
Apple has released security updates for OS X Server, iTunes, Xcode, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OS X Server v5.0.3 for OS X Yosemite v10.10....
Adobe Releases Security Update for ColdFusion
Adobe has released a security update for ColdFusion to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the Adobe Security Bulletin APSB15-21 and apply...
Internet Systems Consortium (ISC) Releases Security Updates for BIND
ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updates available include: BIND 9-version 9.9.7-P2 BIND 9-version 9.10.2-P3 Users and administrators are encouraged to revie...
Microsoft Releases July 2015 Security Bulletin
Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065...
OPM Identity-Protection Phishing Campaigns
US-CERT is aware of suspicious domain names that may be used in phishing campaigns masquerading as official communication from the Office of Personnel Management OPM or the identity protection firm CSID. Https://opm.csid.com is the legitimate domain used by CSID, which is responsible for identity...
Fraud Alert Issued on Business Email Compromise Scam
The Financial Services Information Sharing and Analysis Center FS-ISAC and federal law enforcement agencies have released a joint alert warning companies of a sophisticated wire payment scam referred to as business email compromise BEC. Scammers use fraudulent information to trick companies into...
Adobe Releases Security Updates for Multiple Products
Adobe has released security updates for Adobe Photoshop Creative Cloud CC and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive information. Available updates include:...
Mozilla Releases Security Update for Firefox
The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates. This product is...
Drupal Releases Security Updates
Drupal has released updates to address multiple vulnerabilities, one of which could allow a remote attacker to gain access to a system account. Available updates include: Drupal core 6.35 for 6.x users Drupal core 7.35 for 7.x users US-CERT encourages users and administrators to review Drupal's...
FTC Details the Top 10 Imposter Scams of 2014
The Federal Trade Commission FTC has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions. Users are encouraged to review the FT...
IRS Issues Warning for a Scam Targeting Tax Preparers
The Internal Revenue Service IRS has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials. US-CERT encourages users and administrators to...
Google Releases Security Updates for Chrome
Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information. US-CERT encourages users and administrators to review t...
Ubuntu Releases Security Updates
Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Users and administrators are encouraged to revi...
IBM Releases Security Update for MDM
IBM has released Tivoli Endpoint Manager Mobile Device Management MDM version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system. Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates...
Google Releases Security Update for Chrome
Google has released Chrome 38.0.2125.122 for Windows, Mac and Linux. This update addresses a vulnerability which could potentially allow an attacker to take over an affected system. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary update...
Apple Releases Security Updates for QuickTime
Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service. Users and administrators are encouraged to review Apple Support Article HT6493 and apply a...
Oracle Releases October 2014 Security Advisory
Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the Oracle October 2014 Critical Patch Update and apply the necessary updates. This product is provided subject to this...
Google Releases Security Updates for Chrome and Chrome OS
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition. Updates available include: Chrome 38.0.2125.101 for Windows, Mac and...
Adobe Releases Security Updates for Adobe Reader and Acrobat
Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB14-20 and...
Adobe Releases Security Updates for Flash Player and Air
Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to revi...
Backoff Point-of-Sale Malware Campaign
US-CERT is aware of Backoff malware compromising a significant number of major enterprise networks as well as small and medium businesses. US-CERT encourages administrators and operators of Point-of-Sale systems to review the Backoff malware alert to help determine if your network may be affected...
NCSC Spearphishing Security Advisory
New Zealand’s National Cyber Security Centre NCSC has released Security Advisory NCSC-C-2014-17 which highlights a spearphishing campaign targeting government employees. The NCSC provides enhanced cybersecurity services to the New Zealand Government and private sector organizations against...
Microsoft Releases Security Advisory for Microsoft Malware Protection Engine
Microsoft has released a security advisory to address a vulnerability to the Microsoft Malware Protection Engine. Successful exploitation of the vulnerability could allow an attacker to cause a denial of service. An update is available for the following affected software: Microsoft Forefront Clie...
Adobe Releases Security Updates for Reader, Acrobat, Flash Player, and Illustrator
Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, Flash Player, and Illustrator. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Reader XI 11.0.07...
Cisco Releases Security Advisory for WebEx Players
Cisco has released a security advisory to address multiple buffer overflow vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players. Successful exploitation of the vulnerabilities could cause an affected player to crash or allow a remote attacker to execute arbitrary...
Adobe Releases Security Updates for Flash Player
US-CERT is aware of active exploitation of a vulnerability in versions of Flash Player which could potentially allow an attacker to take control of an affected system. Adobe has released security updates to address these vulnerabilities. The following updates are available: Flash Player 13.0.0.20...
Security Updates Released for iOS devices and Apple TV
Apple has released security updates for iOS and Apple TV devices to address multiple vulnerabilities, some of which may lead to unexpected system termination or arbitrary code execution. Updates available include: iOS 7.1 for iPhone 4 and later, iPod touch 5th generation and later, or iPad 2 and...
Apple Releases Safari 6.1.2 and Safari 7.0.2
Apple has released Safari 6.1.2 and 7.0.2 for OS X to address multiple vulnerabilities in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT614...
Cisco Releases Security Advisory for Prime Infrastructure Command Execution Vulnerability
Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root-level privileges. US-CERT encourages users and administrators to...
Microsoft Releases January 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, as part of the Microsoft Security Bulletin Summary for January 2014. These vulnerabilities could allow remote code execution, elevation of privilege or a denial of...
Adobe Releases Security Update for Adobe Shockwave Player
Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system. US-CERT recommends...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe is aware of reports that an exploit designed to trick a user into opening a Microsoft Word document with malicious Flash .swf content exists. These vulnerabilities could cause a crash and...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 25.0.1 Firefox ESR 24.1.1 Firefox ESR 17.0.11 Seamonkey 2.22.1 These vulnerabilities could allow a remote attacker to bypass intended security restrictions or cause a...
Google Releases Google Chrome 31.0.1650.48
Google has released Google Chrome 31.0.1650.48 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition or bypass intended security restrictions. US-CERT encourages users and...
Microsoft Releases Advance Notification for November Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its November 2013 release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, and Microsoft Office. These bulletins...
Cisco Releases Security Advisory
Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR. These vulnerabilities, which are independent of each other, could allow an unauthenticated remote attacker to cause a denial-of-service condition...
Cisco Releases Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to successfully execute arbitrary code, authentication bypass or cause a denial-of-service DoS condition. US-CERT encourages users and administrators to review the followi...
Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)
Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager DCNM. These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected devic...
Security Updates Available for Adobe Flash Player, Adobe Reader, and Acrobat
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe has also released security updates for Adobe Reader and Acrobat XI 11.0.03 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities could cause a...
Spear-Phishing E-mail with Missing Children Theme
The FBI is aware of a spear-phishing e-mail appearing as if it were sent from the National Center for Missing and Exploited Children. The subject of the e-mail is "Search for Missing Children," and a zip file containing three malicious files is attached. E-mail recipients should always treat link...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 23.0 Firefox ESR 17.0.8 Thunderbird 17.0.8 Thunderbird ESR 17.0.8 Seamonkey 2.20 These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct ...