IRS Releases Second Tax Security Tip

The Internal Revenue Service IRS has released the second in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. US-CERT and IRS recommend...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-28 and apply t...

IC3 Releases Alert on Microchip-Enabled Credit Cards

The Internet Crime Complaint Center IC3 has issued an alert to consumers and merchants about the security risks involved with EMV Cards. An EMV card is a credit or debit card with a microchip that helps protect cardholder data. However, EMV cards may still be vulnerable to exploitation. US-CERT...

Apple Releases Security Updates for OS X El Capitan, Safari, and iOS

Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code. Available updates include: OS X El Capitan 10.11 for Mac OS X v10.6.8 and later Safari 9 for OS ...

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update to address vulnerabilities in Shockwave Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-22 and apply the necessary...

Apple Releases Security Updates for OS X Server, iOS, Safari, and Yosemite

Apple has released security updates for OS X Server, iOS, Safari, and Yosemite to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: iOS 8.4.1 for iPhone 4s and later, iPod...

Lenovo Service Engine (LSE) BIOS Vulnerability

Certain Lenovo personal computers contain a vulnerability in LSE a Lenovo BIOS feature. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Lenovo Security Advisories for notebooks and desktops...

IC3 Issues Alert on DDoS Extortion Campaigns

The Internet Crime Complaint Center IC3 has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service DDoS attack to its website unless it pays a ransom. Businesses are warned against...

Best Practices to Protect You, Your Network, and Your Information

The National Cybersecurity and Communications Integration Center NCCIC and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration...

Google Releases Security Update for Chrome

Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and...

Google Releases Security Update for Chrome

Google has released Chrome version 43.0.2357.130 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to obtain sensitive information. Users and administrators are encouraged to review the Chrome Releases Page and appl...

Ubuntu Releases Security Update

Ubuntu has released 10 security updates to address multiple vulnerabilities affecting Ubuntu 15.04, 14.10, 14.04 LTS, and 12.04 LTS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system. US-CERT encourages users and administrators to revi...

Mozilla Releases Security Update for Firefox

The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary update. This product is provided subjec...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-05 and apply the...

Google Releases Security Update for Chrome OS

Google has released Chrome OS 40.0.2214.114 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Google Chrome blog entry and app...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-04 and apply the necessary updates. This...

IC3 Issues Alert on University Employee Payroll Scam

The Internet Crime Complaint Center IC3 has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Users are encouraged to review the IC3 Alert...

VMware Releases Updates for vCAC

VMware has released security updates to address a critical vulnerability in vCloud Automation Center vCAC, which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the...

VMware Releases Security Updates for vCenter Server, vCenter Server Appliance, and ESXi

VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks. US-CERT encourages users and...

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may...

Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV

Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 a...

Microsoft Releases November 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, Exchange, .NET Framework, SharePoint, and Internet Explorer as part of the Microsoft Security Bulletin Summary for November 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, ...

Apple Releases Security Update 2014-005

Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0. US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details. This product is provided subject to this Notification and this Privacy & Use policy. Please share your thought...

Adobe Releases Security Updates for Flash Player, Adobe Reader and Acrobat

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security...

Oracle Releases July 2014 Security Advisory

Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 29 for Oracle Fusion Middleware 7 for Oracle Hyperion 1 for Oracle Enterprise Manager Grid Control 5...

Cisco Addresses Apache Struts 2 Vulnerability

Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected by this vulnerability include: Cisc...

Cisco Releases Security Advisory for Unified Communications Domain Manager

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Domain Manager, some of which may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. The following updates are available: Cisco Unified CDM...

NCSC-NZ Releases 2013 Incident Summary

New Zealand’s National Cyber Security Centre NCSC-NZ has released its 2013 Incident Summary. The NCSC provides enhanced cybersecurity services to New Zealand Government and private sector organizations against cybersecurity threats. This product is provided subject to this Notification and this...

Microsoft Releases May 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Server Software, Office Services, Web Apps, and Productivity Software as part of the Microsoft Security Bulletin Summary for May 2014. These vulnerabilities could allow remote code executions. US-CERT...

Microsoft Releases April 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Office, Office Services, Web Apps, Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for April, 2014. These vulnerabilities could allow remote code executions. US-CERT encourages users and...

Ubuntu Releases Security Updates

Ubuntu has released security updates to address a vulnerability in the Mutt E-mail Client for Ubuntu 13.10, 12.10, 12.04 LTS, and 10.04 LTS. This vulnerability may allow an attacker to take control of a system via a crafted email. Users and administrators are encouraged to review Ubuntu Security...

Apple Releases QuickTime 7.7.5

Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary...

Cisco UCS Director Default Credentials Vulnerability

Cisco has released a security advisory to address a vulnerability in Cisco Unified Computing System UCS Director. This vulnerability could allow an unauthenticated, remote attacker to take complete control of the affected device due to a default root user account created during installation...

Internet Explorer 10 Use-After-Free Vulnerability Being Actively Exploited In The Wild

An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU732479 has been published with further details about the vulnerability. US-CERT recommends users protect themselves against this exploit by using Microsoft's EMET utility,...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 27 Firefox ESR 24.3 Thunderbird 24.3 Seamonkey 2.24 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access restrictions, cause a...

Google Releases Google Chrome Updates

Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices except Chromebook Pixel, Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to...

Oracle Releases January 2014 Security Advisory

Oracle has released its Critical Patch Update for January 2014 to address 144 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 22 for Oracle Fusion Middleware 2 for Oracle Hyperion 4 for Oracle E-Business Suite 16 for Oracle...

Network Time Protocol (NTP) Amplification Attacks

A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack DDoS via forged requests. US-CERT and the Canadian Cyber Incident Response Center CCIRC have both observed active use of this attack vector in recent DDoS attacks. US-CERT...

Adobe Releases Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe has released updates to the following products: Adobe Flas...

Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 25.0 Firefox ESR 24.1 Firefox ESR 17.0.10 Thunderbird 24.1 Thunderbird ESR 17.0.10 Seamonkey 2.22 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypa...

Google Releases Google Chrome 30

Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information. US-CERT encourages users and...

Adobe Customer Information and Source Code Compromises

US-CERT is aware of the public acknowledgement of a compromise of up to 3 million Adobe customers' information, including names and detailed account information. The source code for multiple Adobe products may also have been compromised. US-CERT advises that Adobe customers be aware of possible...

Cisco Releases Security Advisory for Cisco WebEx Players

Cisco has released a security advisory to address multiple vulnerabilities in Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users...

Cisco Releases Security Advisories

Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an unauthenticated, remote attacker the ability to modify data, execute arbitrary commands, or cause a denial of service DoS condition. US-CERT encourages users and administrators to...

Google Releases Google Chrome 28.0.1500.95

Google has released Google Chrome 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass intended restrictions or cause a denial-of-service condition. US-CERT encourages users and administrators to...

Recent Reports of DHS-Themed Ransomware (UPDATE)

US-CERT has received reports of increased activity concerning an apparently DHS-themed ransomware malware infection occurring in the wild. Users who are being targeted by the ransomware receive a message claiming that use of their computer has been suspended and that the user must pay a fine to...

Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory

Digital Alert Systems' DASDEC and Monroe Electronics' One-Net E189 Emergency Alert System EAS encoder/decoder ENDEC devices exposed a shared private root SSH key in publicly available firmware images. Additional information is also available in CERT Vulnerability Note VU662676. US-CERT recommends...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 22.0 Firefox ESR 17.0.7 Thunderbird 17.0.7 Thunderbird ESR 17.0.7 These vulnerabilities could allow a remote attacker to execute arbitrary code and potentially cause a cross-site...

WordPress Releases Security Update for WordPress 3.5.2

WordPress has released WordPress 3.5.2 for all previous versions to address multiple vulnerabilities. These vulnerabilities could potentially enable a remote attacker to cause a cross-site scripting attack, elevation of privilege, or cause a denial-of-service condition. US-CERT recommends users a...

Google Releases Google Chrome 27.0.1453.116

Google has released Google Chrome 27.0.1453.116 for all Chrome OS devices to address a vulnerability. This vulnerability could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practi...