Linux Kernel Vulnerability

US-CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android-based devices. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT recommends that users and administrators review the Redhat Security Blog and the Debi...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P3 BIND 9 version 9.10.3-P3 BIND 9 versio...

Oracle Releases Security Bulletin

Oracle has released its Critical Patch Update for January 2016 to address 248 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Oracle...

Apple Releases Security Updates for iOS, OS X El Capitan, and Safari

Apple has released security updates for iOS, OS X El Capitan, and Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: iOS 9.2.1 for iPhone 4s and later, iPod touch 5...

IRS Releases Ninth Security Tip

The Internal Revenue Service IRS has released the ninth in a series of tips intended to help the public protect personal and financial data online and at home. This tip describes new procedures taken by the IRS, state governments, and the tax industry to provide a safer, more secure filing...

OpenSSH Client Vulnerability

OpenSSH version 7.1p2 has been released to address vulnerabilities in versions 5.4 through 7.1p1. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the OpenSSH Release...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Wireless LAN Controller software, Identity Services Engine software, and Aironet 1800 Series Access Points. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected device. US-CERT...

ISC Releases Security Updates

Internet Systems Consortium ISC has released security updates to address a vulnerability in the ISC Dynamic Host Configuration Protocol DHCP software. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: DHCP version...

Microsoft Releases January 2016 Security Bulletin

Microsoft has released nine updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS16-001...

Adobe Releases Security Updates for Acrobat and Reader

Adobe has released security updates to address multiple vulnerabilities in Acrobat and Reader. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB16-02 and...

IRS Releases Eighth Security Tip

The Internal Revenue Service IRS has released the eighth in a series of tips intended to help the public protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. This tip describes methods users should follow t...

Apple Releases Security Update for QuickTime

Apple has released a security update to address multiple vulnerabilities in QuickTime for Windows 7 and Windows Vista. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in VMware ESXi, Fusion, Player, and Workstation. Exploitation of this vulnerability may allow escalation of privileges. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2016-0001 and apply the...

Mozilla Releases Security Updates

Mozilla has released security updates to address a vulnerability in Firefox. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. Available updates include: Firefox 43.0.2 Firefox ESR 38.5.2 US-CERT encourages users and...

WordPress Releases Security Update

WordPress 4.4 and prior versions contain a cross-site scripting vulnerability. Exploitation of this vulnerability could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to...

IRS Releases Seventh Security Tip

The Internal Revenue Service IRS has released the seventh in a series of tips intended to help the public protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. This tip describes methods users can follow to...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB16-01 and apply t...

IRS Releases Sixth Tax Security Tip

The Internal Revenue Service IRS has released the sixth in a series of tips intended to help the public protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. This tip describes the types of fraud alerts...

Joomla Releases Security Update for CMS

Joomla has released version 3.4.7 of its content management system CMS software to address two vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the Joomla Release New...

IRS Releases Fifth Tax Security Tip

The Internal Revenue Service IRS has released the fifth in a series of tips intended to help the public protect personal and financial data online and at home. This tip focuses on guarding personal information for family members who are susceptible to cyber threats. Recommendations include keepin...

Personal Device Security During the Holiday Season

As the winter holiday travel season begins, US-CERT and Stop.Think.Connect remind users to be mindful of the security risks associated with portable devices such as smart phones, tablets, and laptops. These devices offer a range of conveniences such as allowing us to order gifts on-the-go,...

IRS Releases Fourth Tax Security Tip

The Internal Revenue Service IRS has released the fourth in a series of tips intended to help the public protect personal and financial data online and at home. This tip focuses on protecting your passwords. Recommendations include creating longer and more complex passwords, not using the same...

Juniper Releases Out-of-band Security Advisory for ScreenOS

Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections. US-CERT recommends that users and administrators review Juniper Security Bulletin 2015-12 and update all affected ScreenOS versions. This product...

Internet Systems Consortium (ISC) Releases Security Updates for BIND

ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P2 BIND 9 version 9.10.3-P2 BIND 9 version 9.9.8-S3 Users and...

Symantec Releases Security Update

Symantec has released Symantec Endpoint Encryption 11.1.0 to address a vulnerability that may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from Symantec and apply the necessary update. This product is provided...

Joomla Releases Security Update for CMS

Joomla has released version 3.4.6 of its content management system CMS software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. US-CERT encourages users and administrators to review the Joomla...

Securing Home and Small Business Routers

Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user's gateway to the Internet. Router misconfigurations e.g., default credentials, interfaces open to the Internet or the lack of security precautions e.g., absence of updates may make users...

Google Releases Security Update for Chrome

Google has released Chrome version 47.0.2526.106 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases...

Mozilla Releases Security Updates for Firefox and Firefox ESR

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 43 Firefox ESR 38.5 US-CERT encourages...

Apple Releases Security Update for iTunes

Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review information on iTunes 12.3.2 and apply the...

Google Releases Security Update for Chrome

Google has released Chrome version 47.0.2526.80 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases pa...

Apple Releases Multiple Security Updates

Apple has released security updates for iOS, tvOS, OS X, watchOS, Safari, and Xcode to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: iOS 9.2 for iPhone 4s and later, iPod touch 5th generation and late...

Microsoft Releases December 2015 Security Bulletin

Microsoft has released 12 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-124 throug...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-32 and apply t...

Seven Steps for Making Identity Protection Part of Your Routine

The Internal Revenue Service IRS has released the third in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be released each Monday through the start of the tax season in January. US-CERT and IRS recommend...

IRS Releases Second Tax Security Tip

The Internal Revenue Service IRS has released the second in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. US-CERT and IRS recommend...

OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released updates patching four vulnerabilities. Exploitation of one of these vulnerabilities could allow an attacker to cause a denial-of-service condition. Updates available include: OpenSSL 1.0.2e for 1.0.2 users OpenSSL 1.0.1q for 1.0.1 users OpenSSL 1.0.0t for 1.0.0 users OpenSSL...

Google Releases Security Update for Chrome

Google has released Chrome version 47.0.2526.73 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases...

IRS Releases First in a Series of Tax Security Tips

The Internal Revenue Service IRS has released the first in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January. The first tip focuses on seve...

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. Ecards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed email messages and fraudulent posts on social networking...

Dell Computers Contain CA Root Certificate Vulnerability

Dell personal computers using the preinstalled certificate authority CA root certificate eDellRoot contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic HTTPS, impersonate spoof any website, or perform other attacks...

VMware Releases Security Updates

VMware has released security updates to address a vulnerability in vCenter, vCloud Director, and Horizon View. Exploitation of this vulnerability may allow an attacker to obtain sensitive information. Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0008 and...

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. In addition to doxing the act of gathering and publishing individuals' personal information without permission, threat actors have...

Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip

Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to revi...

Apache Commons Collections Java Library Vulnerability

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review...

Google Releases Security Updates for Chrome and Chrome OS

Google has released security updates to address vulnerabilities in Chrome and Chrome OS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates available include: Chrome 46.0.2490.86 for Windows, Mac and Linux Chrome 46.0.2490.82 fo...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-28 and apply t...

Microsoft Releases November 2015 Security Bulletin

Microsoft has released 12 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-112 through...

Symantec Releases Security Update

Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from...

Cisco Releases Security Updates for Web Security Appliances

Cisco has released security updates to address multiple vulnerabilities in Web Security Appliances. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of the affected network device. Users and administrators are encouraged to review the Cisco Security...