4188 matches found
Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for October 2015 to address 154 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Oracle...
Apple Releases Security Updates for Keynote, Pages, and Numbers
Apple has released security updates for Keynote, Pages, and Numbers for OS and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Keynote 6.6, Pages 5.6, and Numbers 3...
IC3 Releases Alert on Microchip-Enabled Credit Cards
The Internet Crime Complaint Center IC3 has issued an alert to consumers and merchants about the security risks involved with EMV Cards. An EMV card is a credit or debit card with a microchip that helps protect cardholder data. However, EMV cards may still be vulnerable to exploitation. US-CERT...
WordPress Releases Security Update
WordPress 4.3 and prior versions contain two cross-site scripting vulnerabilities and a potential privilege escalation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress...
Adobe Releases Security Update for Shockwave Player
Adobe has released a security update to address vulnerabilities in Shockwave Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-22 and apply the necessary...
Best Practices to Protect You, Your Network, and Your Information
The National Cybersecurity and Communications Integration Center NCCIC and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration...
Cisco Releases Security Updates
Cisco has released software updates to address a vulnerability in Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review...
Security Updates for Node.js and io.js
Networking applications using Node.js or io.js contain a vulnerability in the V8 JavaScript engine. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: node.js-v0.12.6 io.js-v2.2.3 io.js-v1.8.3 Users and administrators...
Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOS
Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface EFI, OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications. Available updates include: QuickTime 7.7.7 for Windows...
Google Releases Security Update for Chrome
Google has released Chrome version 43.0.2357.130 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to obtain sensitive information. Users and administrators are encouraged to review the Chrome Releases Page and appl...
Drupal Releases Security Updates
Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator's. Available updates include: • Drupal core 6.36 for 6.x users • Drupal core 7.38 for 7.x user...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe...
Cisco Releases Security Advisories for TelePresence Products
Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service condition. Users and administrato...
WordPress Releases Security Update
WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Security Release and upgrade to...
Mozilla Releases Security Update for Firefox
The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary update. This product is provided subjec...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 37 Firefox ESR 31.6...
Installer Hijacking Vulnerability in Android Devices
A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user...
Ubuntu Releases Security Update
Ubuntu has released a security update to address multiple vulnerabilities in PHP5 affecting Ubuntu 14.10, 14.04 LTS, 12.04 LTS, and 10.04 LTS. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Users and administrators are encourage...
Cisco IPv6 Denial of Service Vulnerability
Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier...
Microsoft Releases February 2015 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information. US-CERT...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-04 and apply the necessary updates. This...
Google Releases Security Updates for Chrome
Google has released Chrome 40.0.2214.111 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry a...
Apple Releases Security Updates for OS X
Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and...
FTC Releases "Package Delivery" Themed Scam Alert
The Federal Trade Commission FTC has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to reputable organizations to imply the email is legitimate...
VMware Releases Updates for vCAC
VMware has released security updates to address a critical vulnerability in vCloud Automation Center vCAC, which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the...
US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns
US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may...
IC3 Releases Scam Alert for Fraudulent Online Advertisements
The Internet Crime Complaint Center IC3 released a Scam Alert regarding fraudulent ads for normally expensive items, such as cars and boats, at discounted prices. Scam operators often use false contact information linked to reputable online marketplaces to imply that the transaction is legitimate...
Microsoft Releases Out-of-Band Security Bulletin for Windows Kerberos Vulnerability
Microsoft has released security updates to address a remote elevation of privilege vulnerability which exists in implementations of Kerberos KDC in Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users a...
Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV
Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 a...
IC3 Releases “Tech Support” Themed Scam Alert
The Internet Crime Complaint Center IC3, a partnership between the Federal Bureau of Investigation FBI and the National White Collar Crime Center NW3C to combat Internet crime, has released a Scam Alert advising the public of an ongoing telephone scam in which callers purport to be an employee of...
Mozilla Releases Security Updates for Firefox and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause an exploitable crash, conduct a...
Adobe Releases Security Updates for ColdFusion and Flash Player
Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system. Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23 and APSB 14-22 and apply the...
Microsoft Releases August 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...
OpenSSL Patches Nine Vulnerabilities
OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service DoS condition or force the client to revert to a less secure Transport Layer Security TLS 1.0 protocol. The following updates are available: OpenSSL 0.9.8 users should...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code. The following updates are available: Firefox 31 Thunderbird 31 Firefox ESR 24.7 Thunderbird 24.7 Users an...
Cisco Releases Security Advisory for Unified Communications Domain Manager
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Domain Manager, some of which may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. The following updates are available: Cisco Unified CDM...
Microsoft Releases June 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Lync, and Lync Server as part of the Microsoft Security Bulletin Summary for June 2014. Some of these vulnerabilities could allow remote code executions. US-CERT encourages users and administrators to...
Apple Releases Security Updates for Safari
Apple has released updates for Safari to address multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code or cause a denial of service. Safari 6.1.4 and Safari 7.0.4 updates are available for: OS X Lion v10.7.5 OS X Lion Server v10.7.5 OS X Mountain Lion...
Microsoft Releases May 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Server Software, Office Services, Web Apps, and Productivity Software as part of the Microsoft Security Bulletin Summary for May 2014. These vulnerabilities could allow remote code executions. US-CERT...
Microsoft Releases Security Update for Internet Explorer Use-After-Free Vulnerability
Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessa...
Easter Holiday Phishing Scams and Malware Campaigns
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include: shipping notifications that may be phishing scams or may contain malware electronic greeting cards that may contain malware requests for charitable contributions that may...
Ubuntu Releases Security Updates
Ubuntu has released security updates to address a vulnerability in the Mutt E-mail Client for Ubuntu 13.10, 12.10, 12.04 LTS, and 10.04 LTS. This vulnerability may allow an attacker to take control of a system via a crafted email. Users and administrators are encouraged to review Ubuntu Security...
Apple Releases QuickTime 7.7.5
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation. Users and administrators are encouraged to review the Google Chrome release blog entry and apply the updat...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.117 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to completely compromise a vulnerable system. Users and administrators are encouraged to review the Google Chrome Release...
Google Releases Google Chrome Updates
Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...
Apple Releases Apple Remote Desktop 3.7
Apple has released Apple Remote Desktop 3.7 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5998 and follow best practi...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability in Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is only present when Cisco ACS is configur...
Microsoft Releases August 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for August 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, ...
Google Releases Google Chrome 28.0.1500.71
Google has released Google Chrome 28.0.1500.71 for Windows, Macintosh, and Chrome Frame platforms to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended restrictions, obtain sensitive information or cause a...