4188 matches found
Apple Releases OS X 10.8.4 and Security Update 2013-002
Apple has released OS X 10.8.4 and Security Update 2013-002 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security controls, or cause denial-of-service conditions. US-CERT encourages users and...
Apple Releases Security Update for Safari on OS X
Apple has released security updates for Safari 6.0.5 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Safari 6.0.5 WebKit updates are available for the following versions: OS X Lion v10.7.5 O...
Cisco Releases Security Advisories
Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...
Google Releases Google Chrome 26.0.1410.43
Google has released Google Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or execute arbitrary code. US-CERT encourages users and administrators to review the Googl...
Apple Releases iOS 6.1.3
Apple has released iOS 6.1.3 for the iPhone 3GS or later, iPod touch 4th generation or later, and iPad 2 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges, bypass security features or execute arbitrary code. US-CERT...
Microsoft Releases March 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Silverlight, and Server Software as part of the Microsoft Security Bulletin summary for March 2013. These vulnerabilities could allow remote code execution, elevation of privilege, or...
Microsoft Releases February 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Server Software, Office, and .NET Framework as part of the Microsoft Security Bulletin summary for February 2013. These vulnerabilities could allow remote code execution, allow elevation of privileg...
Google Releases Google Chrome 23.0.1271.97
Google has released Google Chrome 23.0.1271.97 for Windows, Mac, Linux, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome...
Microsoft Releases October Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, SQL Server, Server Software, Office, and Lync as part of the Microsoft Security Bulletin summary for October 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service...
Microsoft Releases September Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Development Tools and Server Software as part of the Microsoft Security Bulletin summary for September 2012. These vulnerabilities may allow an attacker to operate with elevated privileges. US-CERT encourages users and...
Adobe Releases Security Bulletins for Multiple Products
Adobe has released security bulletins to address multiple vulnerabilities for the following products: Adobe Illustrator CS5 15.0.x for Windows and Macintosh Adobe Illustrator CS5.5 15.1 for Windows and Macintosh Adobe Photoshop CS5 12.0 for Windows and Macintosh Adobe Photoshop CS5.1 12.1 for...
Microsoft Releases Advanced Notification for May Security Bulletin
Microsoft has issued a Security Bulletin Advanced Notification indicating that its May release will contain seven bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Office, .NET Framework, and Silverlight. Releases of these...
HP ProCurve 5400 zl Switches Security Bulletin
Hewlett-Packard HP has released a security bulletin to address a security vulnerability affecting HP 5400 zl series switches purchased after April 30, 2011. These switches contain a compact flash card that may be infected with malware. US-CERT encourages users and administrators to review HP...
Adobe Releases Security Bulletin for Adobe Reader and Acrobat
Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader X 10.1.2 and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X 10.1.2 and earlier versions for Windows and Macintosh. Exploitation of these...
Microsoft Releases March Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Visual Studio, and Express Design as part of the Microsoft Security Bulletin Summary for March 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or opera...
Adobe Releases Security Bulletins for Adobe Shockwave Player and RoboHelp
Adobe has released a security bulletins for Adobe Shockwave Player and RoboHelp to address multiple vulnerabilities affecting the following software versions: Adobe Shockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh Adobe RoboHelp 9 or 8 for Word on Windows Exploitation of...
Mozilla Releases Firefox 10 and 3.6.26
The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or perform a cross-site scripting attack. US-CERT...
Best Practices for Recovery from the Malicious Erasure of Files
There are many ways in which cyber criminals can damage computer systems and data, including changing or deleting files, wiping hard drives, and erasing backups to hide their malicious activity. Hard drives are wiped, or "zeroed out," when the original data is overwritten with zeros or different...
Google Releases Chrome 16.0.912.63
Google has released Chrome 16.0.912.63 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Mozilla Releases Firefox 8 and 3.6.24
The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-si...
Apple Releases iTunes 10.5
Apple has released iTunes 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4981 and apply any necessary updates to help...
Google Releases Chrome 14.0.835.163
Google has released Chrome 14.0.835.163 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Apple Releases QuickTime 7.7
Apple has released QuickTime 7.7 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple Support Article HT4826 and apply any necessary updates to...
WordPress Themes Vulnerability
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site. US-CERT encourages users and administrators to: determine if any hosted blogs use TimThumb by...
Google Releases Chrome 12.0.742.112
Google released Chrome 12.0.742.112 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. This update also contains an updated version of Adobe Flash. US-CERT encourages users and...
Mozilla Releases Firefox 5 and 3.6.18
The Mozilla Foundation has released Firefox 5 and Firefox 3.6.18 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, violate the same origin policy, or perform a cross-site scripting attack. US-CERT encourages users and administrators to...
Adobe Releases Security Bulletin for Adobe Reader and Acrobat
Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Reader 10.0.1 and earlier versions for Windows, Adobe Reader 10.0.3 and earlier versions of Macintosh, and Adobe Acrobat 10.0.3 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities...
VMware Releases Security Advisory
VMware has released security advisory VMSA-2011-0009 to address multiple vulnerabilities in the following products: VMware Workstation 7.1.3 and earlier VMware Player 3.1.3 and earlier VMware Fusion 3.1.2 and earlier ESXi 4.1 without patch ESXi410-201104402-BG ESXi 4.0 without patch...
Google Chrome Releases 11.0.696.71
Google has released Chrome 11.0.696.71 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Mozilla Releases Firefox updates
Mozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure. US-CERT encourages users and administrators to review the Mozil...
Video Game Phishing
US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that a...
Fraudulent SSL Certificates
US-CERT is aware of public reports of the existence of fraudulent SSL certificates. These fraudulent SSL certificates could be used by an attacker to masquerade as a trusted website. Multiple web browser vendors have provided updates to recognize and block these fraudulent SSL certificates. Mozil...
Adobe Releases Security Updates for Reader and Acrobat
Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe...
Japan Earthquake and Tsunami Disaster Email Scams, Fake Antivirus and Phishing Attack Warning
US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in th...
Microsoft Releases Advance Notification for March Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its March release will contain three bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining two bulletins will have the severity rating of important...
Google Releases Chrome 9.0.597.107
Google has released Chrome 9.0.597.107 for all platforms to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...
Cisco Releases Multiple Security Advisories
Cisco has released six security advisories to address vulnerabilities in multiple Cisco products. Security advisory cisco-sa-20110223-asa, addresses multiple vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances. Successful exploitation of these vulnerabilities could cause a...
RealNetworks, Inc. Releases Security Updates for RealPlayer
RealNetworks, Inc. has released security updates to address a vulnerability affecting Windows RealPlayer 14.0.1 and earlier versions and RealPlayer Enterprise 2.1.4 and earlier versions. Exploitation of this vulnerability may allow an attacker to execute arbitrary code in the context of the...
Google Releases Chrome 9.0.597.84
Google has released Chrome 9.0.597.84 for all platforms to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry an...
Microsoft Releases Blog Entry Regarding Recent Outlook 2007 Update
The Microsoft Outlook product team has posted a blog entry to inform users of several issues related to the Outlook 2007 update KB2412171 that was released on December 14. The product team has identified these issues as: Outlook fails to connect if Secure Password Authentication SPA is configured...
RealNetworks Releases Security Update for RealPlayer
RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the RealNetworks notice released on December 10, 2010 and appl...
WordPress Releases Version 3.0.3
WordPress has released WordPress 3.0.3 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.0.3 and apply any necessary updates to hel...
VMware Releases Security Patch for ESX
VMware has released a security patch for ESX to address a vulnerability. Exploitation of this vulnerability may allow a local user to gain additional privileges on the affected system. US-CERT encourages users and administrators to review VMware knowledgebase article 1029397 and apply any necessa...
Linux Root Access Vulnerabilities
US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges. The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram...
Google Releases Chrome 7.0.517.41
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions. US-CERT encourages users and...
Microsoft Releases Security Advisory 2416728
Microsoft has released a security advisory to alert users of a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages administrators to review Microsoft security advisory 2416728 and apply a...
Adobe Releases Security Advisory for Flash Player
Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability...
Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat
Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited...
Mozilla Releases Firefox 3.6.9
The Mozilla Foundation has released Firefox 3.6.9 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, leverage cross-site scripting attacks, or cause a denial-of-service condition. The Mozilla Foundation has als...
Apple Releases iTunes 10
Apple has released iTunes 10 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4328 and apply any...