FTC Releases "Package Delivery" Themed Scam Alert

The Federal Trade Commission FTC has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to reputable organizations to imply the email is legitimate...

Microsoft Releases Out-of-Band Security Bulletin for Windows Kerberos Vulnerability

Microsoft has released security updates to address a remote elevation of privilege vulnerability which exists in implementations of Kerberos KDC in Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users a...

IC3 Releases Scam Alert for Fraudulent Online Advertisements

The Internet Crime Complaint Center IC3 released a Scam Alert regarding fraudulent ads for normally expensive items, such as cars and boats, at discounted prices. Scam operators often use false contact information linked to reputable online marketplaces to imply that the transaction is legitimate...

IC3 Releases “Tech Support” Themed Scam Alert

The Internet Crime Complaint Center IC3, a partnership between the Federal Bureau of Investigation FBI and the National White Collar Crime Center NW3C to combat Internet crime, has released a Scam Alert advising the public of an ongoing telephone scam in which callers purport to be an employee of...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB 14-24 and apply the necessary updates...

Mozilla Releases Security Updates for Firefox and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause an exploitable crash, conduct a...

Adobe Releases Security Updates for ColdFusion and Flash Player

Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system. Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23 and APSB 14-22 and apply the...

Apple Releases Security Updates for iOS, Apple TV, and Xcode

Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination. Updates available include: iOS 8 for iPhone 4s and later, iPod touch...

Mozilla Releases Security Updates for Firefox and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to cause an exploitable crash or execute arbitrary code. The following updates are available: Firefox 32 Firefox ESR 24....

Apple Releases Security Update for Safari

Apple has released security updates for Safari to address vulnerabilities which could allow an attacker to execute arbitrary code or cause an unexpected application termination. Updates include Safari 6.1.6 and Safari 7.0.6 for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8...

Microsoft Releases August 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...

OpenSSL Patches Nine Vulnerabilities

OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service DoS condition or force the client to revert to a less secure Transport Layer Security TLS 1.0 protocol. The following updates are available: OpenSSL 0.9.8 users should...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code. The following updates are available: Firefox 31 Thunderbird 31 Firefox ESR 24.7 Thunderbird 24.7 Users an...

Microsoft Releases June 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Lync, and Lync Server as part of the Microsoft Security Bulletin Summary for June 2014. Some of these vulnerabilities could allow remote code executions. US-CERT encourages users and administrators to...

Apple Releases Security Updates for Safari

Apple has released updates for Safari to address multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code or cause a denial of service. Safari 6.1.4 and Safari 7.0.4 updates are available for: OS X Lion v10.7.5 OS X Lion Server v10.7.5 OS X Mountain Lion...

Microsoft Releases Security Update for Internet Explorer Use-After-Free Vulnerability

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessa...

Easter Holiday Phishing Scams and Malware Campaigns

As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include: shipping notifications that may be phishing scams or may contain malware electronic greeting cards that may contain malware requests for charitable contributions that may...

Google Releases Google Chrome Update

Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation. Users and administrators are encouraged to review the Google Chrome release blog entry and apply the updat...

Google Releases Google Chrome Update

Google has released Google Chrome 33.0.1750.117 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to completely compromise a vulnerable system. Users and administrators are encouraged to review the Google Chrome Release...

Adobe Releases Security Update for Adobe Shockwave Player

Adobe has released a security update to address a vulnerability in Adobe Shockwave Player 12.0.7.148 and earlier versions for Windows and Macintosh operating systems. Exploitation of this vulnerability could allow an attacker to take control of the affected system. US-CERT recommends that users a...

Google Releases Google Chrome 31.0.1650.63

Google has released Google Chrome 31.0.1650.63 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to hijack a web session, spoof the address bar or cause a denial of service condition. US-CERT encourages users and...

Microsoft Releases September 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for September 2013. These vulnerabilities could allow remote code execution, elevation of privilege...

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is only present when Cisco ACS is configur...

Microsoft Releases August 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for August 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, ...

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in the Cisco TelePresence System. This vulnerability may allow a remote attacker to access the web server via a user account created with default credentials, which gives the attacker full administrative rights to the system. US-CE...

Google Releases Google Chrome 28.0.1500.71

Google has released Google Chrome 28.0.1500.71 for Windows, Macintosh, and Chrome Frame platforms to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended restrictions, obtain sensitive information or cause a...

Security Updates Available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Security updates are available for the following versions of Adobe Flash Player: Adobe Flash Player...

Apple Releases Security Updates for Apple QuickTime 7.7.4

Apple has released security updates for Apple QuickTime 7.7.4 for Windows 7, Vista, and XP SP2 or later to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...

Microsoft Releases Security Advisory for Internet Explorer

Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsof...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates to address multiple vulnerabilities. These vulnerabilities could allow an attacker to initiate a cross-site scripting attack or obtain sensitive information, enable privilege escalation or execute arbitrary code, or cause a denial-of-service condition...

Apple Releases iOS 6.1.3

Apple has released iOS 6.1.3 for the iPhone 3GS or later, iPod touch 4th generation or later, and iPad 2 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges, bypass security features or execute arbitrary code. US-CERT...

Google Releases Google Chrome 25.0.1364.173

Google has released Google Chrome 25.0.1364.173 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update ...

Microsoft Releases Advance Notification for February Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain eleven bulletins. These bulletins will have the severity rating of critical and important, and will be for Microsoft Windows, Internet Explorer, Server Software, and .NET Framework. The...

Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advanced Notification indicating that its January release will contain seven bulletins. These bulletins will have the serverity rating of critical and important and will be for Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framewor...

Adobe Releases Security Update for ColdFusion

Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services IIS, which could result in a denial of service. US-CERT encourages users and administrators to review Adobe...

Google Releases Google Chrome 23.0.1271.64

Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and...

Microsoft Releases August Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute...

Google Releases Google Chrome 20.0.1132.57

Google has released Google Chrome 20.0.1132.57 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Google Releases Google Chrome 20.0.1132.43

Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Unauthorized Microsoft Digital Certificates

Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack. The followi...

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a Security Advisory for Adobe Flash Player to address a vulnerability affecting the following software versions: Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems Adobe Flash Player 11.1.115.7 and earlier versions for Andro...

DNSChanger Malware

US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group DCWG website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the...

Apple Releases Safari 5.1.4

Apple has released Safari 5.1.4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, spoof a domain name, obtain sensitive information, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review Apple...

Google Releases Chrome 17.0.963.56

Google has released Chrome 17.0.963.56 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

Google Releases Chrome 17.0.963.46

Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code and cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

Adobe Releases Security Advisory for Adobe Flex SDK

Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attack...

Cisco Releases Security Advisory and Applied Mitigation Bulletin

Cisco has released a security advisory and an applied mitigation bulletin to address vulnerabilities in Cisco TelePresence Recording Server Software Release 1.7.2.0. Successful exploitation of these vulnerabilities may allow an attacker to bypass security restrictions or take control of the...

Apple Releases iOS 4.3.4 and iOS 4.2.9

Apple has released iOS 4.3.4 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.9 for the iPhone CDMA model to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and...

Microsoft Releases July Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for July 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users...

Mozilla Releases Firefox 5 and 3.6.18

The Mozilla Foundation has released Firefox 5 and Firefox 3.6.18 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, violate the same origin policy, or perform a cross-site scripting attack. US-CERT encourages users and administrators to...