4188 matches found
Microsoft Releases a Security Advisory for Windows Sidebar and Gadgets
Microsoft has released security advisory 2719662 to address a vulnerability in Microsoft Windows Sidebar and Gadgets. This vulnerability may allow an attacker to execute arbitrary code, take control of an affected system, or disclose sensitive information. US-CERT encourages users and...
Microsoft Releases July Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, Developer Tools, and Server Software as part of the Microsoft Security Bulletin summary for July 2012. These vulnerabilities may allow an attack to execute arbitrary code, operate with...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities affecting the following products: Cisco ASA 5500 Series Adaptive Security Appliances Cisco ASA Cisco Catalyst 6500 Series ASA Service Module Cisco ASASM Cisco AnyConnect Secure Mobility Client Cisco Application Control Engine...
Apple Releases Java Update for OS X Lion and Mac OS X
Apple has released a Java update to address multiple vulnerabilities for the following products: Mac OS X v10.6.8 Mac OS X Server v10.6.8 OS X Lion v10.7.4 OS X Lion Server v10.7.4 These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CER...
Google Releases Google Chrome 19
Google has released Google Chrome 19 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chrome...
Apple Releases iOS 5.1.1
Apple has released iOS 5.1.1 for iPhone, iPod, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, perform a cross-site-scripting attack, or spoof a website address. US-CERT encourages users and administrators to review Appl...
Microsoft Releases May Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, .NET Framework, and Silverlight as part of the Microsoft Security Bulletin Summary for May 2012. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CE...
Apple Releases Multiple Security Updates
Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities for the following products. Apple TV 2nd generation iPhone 3GS iPhone 4 and 4S iPod Touch 3rd generation and later iPad and iPad 2 iTunes for Windows 7, Vista, and XP service pack 2 or late...
Mozilla Releases Firefox 10.0.1
The Mozilla Foundation has released Firefox 10.0.1 to address a vulnerability. This vulnerability may cause a denial-of-service condition or potentially allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox...
Microsoft Releases February Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Server Software as part of the Microsoft Security Bulletin Summary for February 2012. These vulnerabilities may allow an attacker to execute arbitrary code o...
Personal Device Security During the Holiday Season
As the winter holiday travel season begins, US-CERT would like to remind users to be mindful of the security risks associated with portable devices such as smart phones, tablets, and laptops. US-CERT would like to encourage users to review the following US-CERT Cyber Security Tips. Following the...
Google Releases Chrome 15.0.874.121
Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome...
Google Releases Chrome 15.0.874.120
Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Microsoft Releases Security Advisory for Vulnerability in TrueType Font Parsing
Microsoft has released Microsoft Security Advisory 2639658 to address a vulnerability in the Win32k TrueType font parsing engine. By convincing a user to open a malicious email attachment, an attacker may be able to exploit this vulnerability and execute arbitrary code. Microsoft has indicated th...
Microsoft Releases November Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows as part of the Microsoft Security Bulletin Summary for November 2011. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges...
Adobe Releases Security Advisory for Adobe Reader and Acrobat
Adobe has released a security advisory to address multiple vulnerabilities in Adobe Reader and Acrobat. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with escalated privileges. US-CERT encourages users and administrators to review Adobe security...
Adobe Releases Security Bulletins for Multiple Products
Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected: Adobe Shockwave Player 11.6.0.626 and earlier versions on the Windows and Macintosh operating systems Adobe Flash Player 10.3.181.36 and earlie...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise...
Oracle Releases Critical Patch Update for July 2011
Oracle has released its Critical Patch Update for July 2011 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 13 for Oracle Database Server 3 for Oracle Secure Backup 7 for Oracle Fusion Middleware 18 for Oracle Enterprise Manager 1 for...
Google Releases Chrome 12.0.742.100
Google released Chrome 12.0.742.100 for Windows, Mac, Linux, and Chrome Frame to address a critical vulnerability in the Flash player plug-in. This vulnerability could allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review the Google Chrome...
WordPress Releases Version 3.1.3
WordPress has released WordPress 3.1.3 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.3 and apply any necessary updates t...
Microsoft Releases May Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for May 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the...
Osama Bin Laden's Death Email Scams, Fake Antivirus, and Phishing Attack Warning
Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding Osama Bin Laden's death. Email scams may contain links or attachments that may direct users to malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and...
Adobe Releases Security Updates for Reader and Acrobat
Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including the one described in the Flash Player security advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code...
Apple Releases iTunes 10.2.2
Apple has released iTunes 10.2.2 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4609 and apply any...
BlackBerry WebKit Browser Engine Vulnerability
Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary...
Opera 11.01 Released
Opera Software has released version 11.01 of the Opera web browser for Windows, Mac, and Unix to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, bypass security restrictions, or obtain...
Microsoft Releases Security Advisory 2501696
Microsoft has released Microsoft security advisory 2501696 indicating that it is investigating public reports of a vulnerability affecting Windows. This vulnerability is due to the way MHTML interprets MIME-formatted requests for content blocks within a document. Exploitation of this vulnerabilit...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for BlackBerry Enterprise Server. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...
RIM Releases Security Advisory for BlackBerry Enterprise Server
RIM has released a security advisory to address a vulnerability in the PDF distiller of the BlackBerry attachment service for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...
Apple Releases iOS 4.2
Apple has released iOS 4.2 for the iPhone, iPod Touch, and iPad to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, initiate a call, cause a denial-of-service condition, gain system privileges, or obtain sensitive information...
Holiday Season Phishing Scams and Malware Campaigns
As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds...
Microsoft Releases November Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Office and Forefront United Access Gateway as part of the Microsoft Security Bulletin Summary for November 2010. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. US-CER...
Cisco Releases Vulnerability Alert for Intelligent Contact Manager
Cisco has released a vulnerability alert to inform users of a vulnerability affecting the Intelligent Contact Manager Setup Manager. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the vulnerability alert and consider...
Removable Media Security Practices
US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that ha...
Adobe Releases Security Bulletin for Flash Player, Reader, and Acrobat
Adobe has released a security advisory to alert users of a vulnerability affecting the following applications: Adobe Flash Player 10.1.85.3 and earlier for Windows, Macintosh, Linux, and Solaris Adobe Flash Player 10.1.95.2 and earlier for Android Adobe Reader 9.4 and earlier 9.x versions for...
Fraud Advisory for Consumers Released: Involvement in Criminal Activity Through Work from Home Scams
As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center IC3 and the Financial Services Information Sharing and Analysis Center FS-ISAC have released Fraud Advisory for Consumers: Involvement in Criminal Activity through...
Foxit Releases Foxit Reader 4.2
Foxit has released Foxit Reader 4.2 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, compromise the digital signature of PDF signatures or cause a denial-of-service condition. US-CERT encourages users and administrators to...
Microsoft Releases Advance Notification for Out-of-Band Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that it will be releasing an out-of-band security bulletin to address a vulnerability affecting Windows. The Microsoft SharePoint Team blog indicates that this bulletin will address the recently reported vulnerability in...
Adobe Releases Security Bulletin for Shockwave Player
Adobe has released a security update to address multiple vulnerabilities affecting Shockwave Player 11.5.7.609 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-20 and...
Microsoft Releases Advance Notification for July Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification, indicating that its July release will contain four bulletins. Three bulletins will have the severity rating of critical and will be for Microsoft Windows and Office. The remaining bulletin will have the severity rating of important an...
Google Releases Chrome 5.0.375.86
Google has released Chrome 5.0.375.86 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks. US-CERT encourages users and administrators to review the Google Chrome Releases bl...
Google Releases Chrome 4.1.249.1064
Google has released Chrome 4.1.249.1064 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or bypass the same origin policy in the browser. US-CERT encourages users and administrators to review the Google Chrome Releases blog ent...
Adobe Releases Security Updates for Adobe Reader and Acrobat
Adobe has released security updates to address multiple vulnerabilities that affect the following: Adobe Reader 9.3.1 and earlier Adobe Acrobat 9.3.1 and earlier Adobe Reader 8.2.1 and earlier Adobe Acrobat 8.2.1 and earlier These vulnerabilities may allow an attacker to execute arbitrary code or...
VMware Releases Security Advisory VMSA-2010-0007
VMware has released security advisory VMSA-2010-0007 to address multiple vulnerabilities in VMware hosted products, vCENTER Server and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, obtain sensitive information, or cau...
Microsoft Re-Releases Security Bulletin MS10-015
Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to...
Google Releases Chrome 4.0.249.89
Google has released Chrome 4.0.249.89 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Microsoft Releases Security Advisory 980088
Microsoft has released Security Advisory 980088 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to harvest user credentials and other sensitive information by enticing users to visit a malicious...
Microsoft Releases Cumulative Security Update for Internet Explorer
Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-35616link is external - Fortinet FortiClient EMS Improper Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious...