4188 matches found
Mozilla Releases Security Updates for Firefox and Firefox ESR
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 42 Firefox ESR 38.4 US-CERT encourages...
ACSC Releases 2015 Threat Report
The Australian Cyber Security Centre ACSC has released its 2015 Threat Report. This report provides threat information that Australian organizations are facing, such as cyber espionage, cyber attacks, and cyber crime. Mitigation and remediation steps are also included to assist organizations with...
Adobe Releases Security Update for Shockwave Player
Adobe has released a security update for Adobe Shockwave Player. Exploitation of this vulnerability could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-26 and apply the necessary updates. This...
Joomla! Releases Security Update for CMS
Joomla! has released version 3.4.5 of its Content Management System CMS software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. US-CERT encourages users and administrators to review the Joomla!...
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)
The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial-of-service DoS condition. Users and administrators are encouraged to review the NTP Security Notice...
Cisco Releases Security Updates
Cisco has released updates to address multiple vulnerabilities in its Adaptive Security Appliance ASA software. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review the Cisco security...
Apple Releases Multiple Security Updates
Apple has released several security updates to address critical vulnerabilities in multiple Apple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OS X Server 5.0.15 for OS X Yosemite v10.10.5 and...
Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for October 2015 to address 154 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Oracle...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-27 and apply t...
Mozilla Releases Security Update for Firefox
Mozilla has released Firefox 41.0.2 to address a security vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. US-CERT encourages users and administrators to review Mozilla Security Advisory 2015-115 and apply the...
Apple Releases Security Updates for Keynote, Pages, and Numbers
Apple has released security updates for Keynote, Pages, and Numbers for OS and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Keynote 6.6, Pages 5.6, and Numbers 3...
Microsoft Releases October 2015 Security Bulletin
Microsoft has released six updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-106 through...
Adobe Releases Security Updates for Reader, Acrobat, and Flash Player
Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, and Flash Player. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins...
Google Releases Security Update for Chrome
Google has released Chrome version 46.0.2490.71 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases...
IC3 Releases Alert on Microchip-Enabled Credit Cards
The Internet Crime Complaint Center IC3 has issued an alert to consumers and merchants about the security risks involved with EMV Cards. An EMV card is a credit or debit card with a microchip that helps protect cardholder data. However, EMV cards may still be vulnerable to exploitation. US-CERT...
VMware Releases Security Advisory
VMware has released security updates to address security vulnerabilities in vCenter and ESXi. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0007 a...
Apple Releases Security Updates for OS X El Capitan, Safari, and iOS
Apple has released security updates for OS X El Capitan, Safari, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow an attacker to run arbitrary code. Available updates include: OS X El Capitan 10.11 for Mac OS X v10.6.8 and later Safari 9 for OS ...
Google Releases Security Update for Chrome
Google has released Chrome version 45.0.2454.101 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the...
Cisco Semiannual Security Advisory Bundle
Cisco has released its semiannual IOS and IOS XE Software Security Advisory bundle to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to bypass user authentication or cause a denial-of-service condition. US-CERT encourages users and...
Mozilla Releases Security Updates for Firefox
The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 41 Firefox ESR 38.3 US-CERT...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, ChromeOS, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review...
Cisco Releases Security Updates
Cisco has released updates to address vulnerabilities in Prime Collaboration Assurance, Prime Collaboration Provisioning, and TelePresence Server software. Exploitation of these vulnerabilities could allow a remote attacker to escalate privileges, obtain sensitive information, or cause a...
VMware Releases Security Update
VMware has released a security update to address a Lightweight Directory Access Protocol LDAP certificate validation vulnerability in vCenter Server. Exploitation of this vulnerability may allow an attacker to obtain sensitive information. Available updates include: VMware vCenter Server version...
Apple Releases Security Updates for OS X Server, iTunes, Xcode, and iOS
Apple has released security updates for OS X Server, iTunes, Xcode, and iOS to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: OS X Server v5.0.3 for OS X Yosemite v10.10....
Internet Systems Consortium (ISC) Releases Security Updates for BIND
ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8 BIND 9 version 9.10.3 BIND 9 version 9.9.8-S1 Users and administrators ar...
WordPress Releases Security Update
WordPress 4.3 and prior versions contain two cross-site scripting vulnerabilities and a potential privilege escalation. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress...
IC3 Issues Alert on IoT Devices
The Internet Crime Complaint Center IC3 has issued an alert to individuals and businesses about the security risks involved with the Internet of Things IoT. IoT refers to the emerging network of devices e.g., smart TVs, home automation systems that connect to one another via the Internet, often...
Adobe Releases Security Update for Shockwave Player
Adobe has released a security update to address vulnerabilities in Shockwave Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-22 and apply the necessary...
Microsoft Releases September 2015 Security Bulletin
Microsoft has released 12 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-094 through...
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in its Integrated Management Controller IMC Supervisor and the UCS Director formally known as Cloupia Unified Infrastructure Controller. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access or...
Internet Systems Consortium (ISC) Releases Security Updates for BIND
ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.7-P3 BIND 9 version 9.10.2-P4 Users and administrators are encouraged to...
Google Releases Security Update for Chrome
Google has released Chrome version 45.0.2454.85 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Chrome Releases page...
Adobe Releases Security Update for ColdFusion
Adobe has released a security update for ColdFusion to address a vulnerability. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. Users and administrators are encouraged to review the Adobe Security Bulletin APSB15-21 and apply...
Mozilla Releases Security Updates for Firefox
The Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Available updates include: Firefox 40.0.3 Firefox ESR 38.2.1 US-CERT encourage...
Apple Releases Security Update for QuickTime
Apple has released a security update to address multiple vulnerabilities in QuickTime for Windows 7 and Windows Vista. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Apple security...
Microsoft Releases Critical Security Update for Internet Explorer
Microsoft has released a critical security update to address a vulnerability in Internet Explorer. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage. Users and administrators are encouraged to revie...
Drupal Releases Security Updates
Drupal has released updates to address multiple vulnerabilities, one of which could allow an attacker with elevated permissions to inject malicious code. Available updates include: Drupal core 6.37 for 6.x users Drupal core 7.39 for 7.x users US-CERT encourages users and administrators to review...
Adobe Releases Security Update for LiveCycle Data Services
Adobe has released a security update to address a vulnerability in LiveCycle Data Services versions 4.7, 4.6.2, 4.5, and 3.0.x. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. US-CERT recommends that users and administrators...
Apple Releases Security Updates for OS X Server, iOS, Safari, and Yosemite
Apple has released security updates for OS X Server, iOS, Safari, and Yosemite to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: iOS 8.4.1 for iPhone 4s and later, iPod...
Lenovo Service Engine (LSE) BIOS Vulnerability
Certain Lenovo personal computers contain a vulnerability in LSE a Lenovo BIOS feature. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Lenovo Security Advisories for notebooks and desktops...
Evolution in Attacks Against Cisco IOS Software Platforms
Cisco has observed increasingly complex attacks that could allow an attacker to gain administrative access to a Cisco IOS device by installing a malicious ROMMON image. Successful exploitation using this image could allow an attacker to manipulate device behavior after the device is rebooted...
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Firefox OS
The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox, Firefox ESR, and Firefox OS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 40 Firefox ESR 38.2...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe...
Microsoft Releases August 2015 Security Bulletin
Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges and information disclosure. US-CERT encourages users and administrators to review Microsoft Security...
Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025
US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025. Systems may still be vulnerable to exploitation if administrators have not cleared all previously stored passwords from...
Mozilla Releases Security Updates for Firefox
The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. Exploitation of the vulnerability may allow an attacker to steal files from an affected computer. Available updates include: Firefox 39.0.3 Firefox ESR...
WordPress Releases Security Update
WordPress 4.2.3 and prior versions contain critical cross-site scripting and potential SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Securit...
IC3 Issues Alert on DDoS Extortion Campaigns
The Internet Crime Complaint Center IC3 has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service DDoS attack to its website unless it pays a ransom. Businesses are warned against...
Best Practices to Protect You, Your Network, and Your Information
The National Cybersecurity and Communications Integration Center NCCIC and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration...
Cisco Releases Security Updates
Cisco has released software updates to address a vulnerability in Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review...