4188 matches found
Cisco Releases Security Advisories for TelePresence Products
Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service condition. Users and administrato...
WordPress Releases Security Update
WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Security Release and upgrade to...
Mozilla Releases Security Update for Firefox
The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary update. This product is provided subjec...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 37 Firefox ESR 31.6...
Installer Hijacking Vulnerability in Android Devices
A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user...
Ubuntu Releases Security Update
Ubuntu has released a security update to address multiple vulnerabilities in PHP5 affecting Ubuntu 14.10, 14.04 LTS, 12.04 LTS, and 10.04 LTS. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Users and administrators are encourage...
Cisco IPv6 Denial of Service Vulnerability
Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier...
Microsoft Releases February 2015 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information. US-CERT...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-04 and apply the necessary updates. This...
Google Releases Security Updates for Chrome
Google has released Chrome 40.0.2214.111 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry a...
Apple Releases Security Updates for OS X
Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and...
FTC Releases "Package Delivery" Themed Scam Alert
The Federal Trade Commission FTC has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to reputable organizations to imply the email is legitimate...
VMware Releases Updates for vCAC
VMware has released security updates to address a critical vulnerability in vCloud Automation Center vCAC, which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the...
US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns
US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may...
IC3 Releases Scam Alert for Fraudulent Online Advertisements
The Internet Crime Complaint Center IC3 released a Scam Alert regarding fraudulent ads for normally expensive items, such as cars and boats, at discounted prices. Scam operators often use false contact information linked to reputable online marketplaces to imply that the transaction is legitimate...
Microsoft Releases Out-of-Band Security Bulletin for Windows Kerberos Vulnerability
Microsoft has released security updates to address a remote elevation of privilege vulnerability which exists in implementations of Kerberos KDC in Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users a...
Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV
Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 a...
IC3 Releases “Tech Support” Themed Scam Alert
The Internet Crime Complaint Center IC3, a partnership between the Federal Bureau of Investigation FBI and the National White Collar Crime Center NW3C to combat Internet crime, has released a Scam Alert advising the public of an ongoing telephone scam in which callers purport to be an employee of...
Mozilla Releases Security Updates for Firefox and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause an exploitable crash, conduct a...
Adobe Releases Security Updates for ColdFusion and Flash Player
Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system. Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23 and APSB 14-22 and apply the...
Microsoft Releases August 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...
OpenSSL Patches Nine Vulnerabilities
OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service DoS condition or force the client to revert to a less secure Transport Layer Security TLS 1.0 protocol. The following updates are available: OpenSSL 0.9.8 users should...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code. The following updates are available: Firefox 31 Thunderbird 31 Firefox ESR 24.7 Thunderbird 24.7 Users an...
Cisco Releases Security Advisory for Unified Communications Domain Manager
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Domain Manager, some of which may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. The following updates are available: Cisco Unified CDM...
Microsoft Releases June 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Lync, and Lync Server as part of the Microsoft Security Bulletin Summary for June 2014. Some of these vulnerabilities could allow remote code executions. US-CERT encourages users and administrators to...
Apple Releases Security Updates for Safari
Apple has released updates for Safari to address multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code or cause a denial of service. Safari 6.1.4 and Safari 7.0.4 updates are available for: OS X Lion v10.7.5 OS X Lion Server v10.7.5 OS X Mountain Lion...
Microsoft Releases May 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Server Software, Office Services, Web Apps, and Productivity Software as part of the Microsoft Security Bulletin Summary for May 2014. These vulnerabilities could allow remote code executions. US-CERT...
Microsoft Releases Security Update for Internet Explorer Use-After-Free Vulnerability
Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessa...
Easter Holiday Phishing Scams and Malware Campaigns
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include: shipping notifications that may be phishing scams or may contain malware electronic greeting cards that may contain malware requests for charitable contributions that may...
Ubuntu Releases Security Updates
Ubuntu has released security updates to address a vulnerability in the Mutt E-mail Client for Ubuntu 13.10, 12.10, 12.04 LTS, and 10.04 LTS. This vulnerability may allow an attacker to take control of a system via a crafted email. Users and administrators are encouraged to review Ubuntu Security...
Apple Releases QuickTime 7.7.5
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation. Users and administrators are encouraged to review the Google Chrome release blog entry and apply the updat...
Google Releases Google Chrome Update
Google has released Google Chrome 33.0.1750.117 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to completely compromise a vulnerable system. Users and administrators are encouraged to review the Google Chrome Release...
Google Releases Google Chrome Updates
Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...
Apple Releases Apple Remote Desktop 3.7
Apple has released Apple Remote Desktop 3.7 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5998 and follow best practi...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability in Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is only present when Cisco ACS is configur...
Microsoft Releases August 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for August 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, ...
Google Releases Google Chrome 28.0.1500.71
Google has released Google Chrome 28.0.1500.71 for Windows, Macintosh, and Chrome Frame platforms to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended restrictions, obtain sensitive information or cause a...
WordPress Releases Security Update for WordPress 3.5.2
WordPress has released WordPress 3.5.2 for all previous versions to address multiple vulnerabilities. These vulnerabilities could potentially enable a remote attacker to cause a cross-site scripting attack, elevation of privilege, or cause a denial-of-service condition. US-CERT recommends users a...
Google Releases Google Chrome 27.0.1453.116
Google has released Google Chrome 27.0.1453.116 for all Chrome OS devices to address a vulnerability. This vulnerability could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practi...
Security Updates Available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Security updates are available for the following versions of Adobe Flash Player: Adobe Flash Player...
Apple Releases Security Updates for Apple QuickTime 7.7.4
Apple has released security updates for Apple QuickTime 7.7.4 for Windows 7, Vista, and XP SP2 or later to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...
Microsoft Releases Security Advisory for Internet Explorer
Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsof...
Oracle Releases April 2013 Security Advisory
Oracle has released its Critical Patch Update for April 2013 to address 128 vulnerabilities across multiple products. This update contains the following security fixes: 4 for Oracle Database Server 29 for Oracle Fusion Middleware 6 for Oracle E-Business Suite 3 for Oracle Supply Chain Products...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to address multiple vulnerabilities. These vulnerabilities could allow an unauthorized user to bypass authentication controls. US-CERT recommends that users and administrators review...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates to address multiple vulnerabilities. These vulnerabilities could allow an attacker to initiate a cross-site scripting attack or obtain sensitive information, enable privilege escalation or execute arbitrary code, or cause a denial-of-service condition...
Google Releases Google Chrome 25.0.1364.173
Google has released Google Chrome 25.0.1364.173 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update ...
Microsoft Releases Advance Notification for February Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain eleven bulletins. These bulletins will have the severity rating of critical and important, and will be for Microsoft Windows, Internet Explorer, Server Software, and .NET Framework. The...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advanced Notification indicating that its January release will contain seven bulletins. These bulletins will have the serverity rating of critical and important and will be for Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framewor...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services IIS, which could result in a denial of service. US-CERT encourages users and administrators to review Adobe...