4188 matches found
Google Releases Google Chrome 23.0.1271.64
Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and...
Microsoft Releases August Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute...
Google Releases Google Chrome 20.0.1132.57
Google has released Google Chrome 20.0.1132.57 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Google Releases Google Chrome 20.0.1132.43
Google has released Google Chrome 20.0.1132.43 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Unauthorized Microsoft Digital Certificates
Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack. The followi...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a Security Advisory for Adobe Flash Player to address a vulnerability affecting the following software versions: Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh, and Linux operating systems Adobe Flash Player 11.1.115.7 and earlier versions for Andro...
DNSChanger Malware
US-CERT encourages users and administrators to ensure their systems are not infected with the DNSChanger malware by utilizing tools and resources available at the DNS Changer Working Group DCWG website. Computers testing positive for infection of DNSChanger malware will need to be cleaned of the...
Apple Releases Safari 5.1.4
Apple has released Safari 5.1.4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, spoof a domain name, obtain sensitive information, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review Apple...
Adobe Releases Update for Adobe Flash Player
Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.62 and earlier versions from Windows, Linux, and Solaris operating systems Adobe Flash Player 11.1.115.6 and earlier versions fo...
Google Releases Chrome 17.0.963.56
Google has released Chrome 17.0.963.56 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...
Google Releases Chrome 17.0.963.46
Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code and cause a denial-of-service condition. US-CERT encourages users and administrators to review the...
Google Releases Chrome 16.0.912.77
Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chro...
Adobe Releases Security Advisory for Adobe Flex SDK
Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attack...
Apple Releases iOS 5.0.1
Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators...
Fraudulent Digital Certificates Could Allow Spoofing
US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the pare...
Oracle Releases Critical Patch Update for October 2011
Oracle has released its Critical Patch Update and Java SE Critical Patch Update Advisory for October 2011 to address 77 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 10 for Oracle Fusion Middleware 5 for Oracle E-Business...
Cisco Releases Security Advisory for Identity Services Engine
Cisco has released a security advisory to address a vulnerability in Cisco Identity Services Engine. Exploitation of this vulnerability may allow a remote attacker to gain complete administrative control of the device. US-CERT encourages users and administrators to review Cisco Security Advisory...
Cisco Releases Security Advisory and Applied Mitigation Bulletin
Cisco has released a security advisory and an applied mitigation bulletin to address vulnerabilities in Cisco TelePresence Recording Server Software Release 1.7.2.0. Successful exploitation of these vulnerabilities may allow an attacker to bypass security restrictions or take control of the...
Apple Releases Safari 5.1 and 5.0.6
Apple has released Safari 5.1 and 5.0.6 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site scripting attack, or disclose sensitive information. US-CERT encourages users and administrators to review Apple Support Article...
Apple Releases iOS 4.3.4 and iOS 4.2.9
Apple has released iOS 4.3.4 for the iPhone GSM model, iPod touch, and iPad, and iOS 4.2.9 for the iPhone CDMA model to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and...
Microsoft Releases July Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for July 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users...
Adobe Releases Security Bulletin for Critical Vulnerabilities in Shockwave Player
Adobe has released security bulletin APSB11-17 to alert users of critical vulnerabilities in Adobe Shockwave Player 11.5.9.620 and earlier versions on the Windows and Macintosh operating systems. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...
Microsoft Releases Advance Notification for May Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its May release will contain two bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining bulletin will have the severity rating of important and will be fo...
Microsoft Releases Advance Notification for April Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its April release will contain 17 bulletins. Nine of these bulletins will have the severity rating of critical and will be for Microsoft Windows, Internet Explorer and Office. The remaining bulletins will have the severity...
Apple Releases Security Updates
Apple has released Mac OS X v10.6.7 and Security Update 2011-001 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and...
Apple Releases iTunes 10.2
Apple has released iTunes 10.2 to address multiple vulnerabilities affecting the ImageIO, libxml, and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to revie...
VMware Releases Advisory for Windows 7 Users
VMware has released an advisory to alert users of an issue affecting VMware on the Microsoft Windows 7 platform. This issue prevents VMware from connecting from the View Client on Windows 7 to the View Connection Server after installing the Microsoft patches 2482017 and 2467023 from Microsoft...
Cisco Releases Security Advisory for Tandberg E, EX, and C Series Endpoints
Cisco has released a security advisory to address a vulnerability in the Tandberg C Series Endpoints and E/EX Personal Video units running software versions prior to TC4.0.0. This vulnerability may allow an attacker to gain administrative access to the device. US-CERT encourages users and...
Apple Releases Mac OS X v10.6.6
Apple has released Mac OS X v10.6.6 to address a vulnerability affecting PackageKit. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4498 and apply any...
Microsoft WMI Administrative Tool ActiveX Control Vulnerability
US-CERT is aware of a vulnerability affecting the WBEMSingleView.ocx ActiveX control. This control is part of the Microsoft WMI Administrative Tools package. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to set the...
Microsoft Releases December Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and Exchange as part of the Microsoft Security Bulletin Summary for December 2010. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated...
Google Releases Chrome 8.0.552.224
Google has released Chrome 8.0.552.224 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any...
Apple Releases QuickTime 7.6.9
Apple has released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Apple article...
VMware Releases Security Advisory VMSA-2010-0018
VMware has released security advisory VMSA-2010-0018 to address multiple vulnerabilities affecting VMware Workstation, Player, Fusion, ESXi, and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CERT encourages users...
WordPress Releases WordPress 3.0.2
WordPress has released WordPress 3.0.2 to address a vulnerability that may allow a malicious Author-level user to gain further access to the site, to fix multiple software bugs, and to provide additional security enhancements. US-CERT encourages users and administrators to review the WordPress bl...
Potential WikiLeaks Phishing Scams
In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as the WikiLeaks website. Users' systems have been compromised by receiving and accessing phishing emails with subject lines tha...
OpenSSL Releases OpenSSL 1.0.0b
OpenSSL has released OpenSSL 1.0.0b to address a vulnerability that may allow an attacker to execute arbitrary code. US-CERT recommends that users and administrators of this product update to OpenSSL version 1.0.0b or apply the workaround provided in the OpenSSL security advisory. Because OpenSSL...
Adobe Releases Security Update for Shockwave Player
Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help...
Apple Releases Java for Mac OS X 10.5 Update 8 and Java for Mac OS X 10.6 Update 3
Apple has released Java for Mac OS X 10.5 update 8 and Java for Mac OS X 10.6 update 3 to address multiple vulnerabilities affecting the Java package. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages...
Microsoft Releases Security Bulletin MS10-070
Microsoft has released Microsoft Security Bulletin MS10-070 to address a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages users and administrators to review Microsoft Security Bulletin...
Microsoft Releases Security Advisory 2416728
Microsoft has released a security advisory to alert users of a vulnerability affecting ASP.NET. Exploitation of this vulnerability may allow an attacker to obtain sensitive information or tamper with data. US-CERT encourages administrators to review Microsoft security advisory 2416728 and apply a...
Microsoft Releases Advance Notification for September Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its September release will contain nine bulletins. Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Office. The remaining five bulletins will have the severity rating of...
VMware Releases Updates for ESX Service Console Packages
VMware has released security updates for multiple third party packages for the ESX Service Console. These updates address vulnerabilities in the perl, krb5, samba, tar, and cpio packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a...
Apple Releases Security Update 2010-005
Apple has released security update 2010-005 to address multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a...
APWG Fax Back Phishing Education Program
In an effort to respond to a growing public threat by offline phishers that conduct various scams via fax, the Anti-phishing Working Group APWG has partnered with the Internal Revenue Service IRS to create the APWG Fax Back Phishing Education Program. This program is designed to provide...
Cisco IOS Software Vulnerability
Cisco has released a security advisory to address a vulnerability affecting IOS Software Release 15.12T. This vulnerability may allow an attacker to cause a denial-of-service condition by sending a specially crafted packet through normal network traffic. US-CERT encourages users and administrator...
Google Releases Chrome 5.0.375.126
Google has released Chrome 5.0.375.126 for Linux, Mac, and Windows. Chrome 5.0.375.126 contains an updated version of the Flash plugin which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...
Cisco Releases Security Advisory for Firewall Services Module
Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Firewall Services Module. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco security advisory...
Google Releases Chrome 5.0.375.99
Google has released Chrome 5.0.375.99 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome Releases blo...
Microsoft Releases June Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SharePoint, and .NET Framework as part of the Microsoft Security Bulletin Summary for June 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevate...