Internet Systems Consortium (ISC) Releases Security Updates for BIND

ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updates available include: BIND 9-version 9.9.7-P2 BIND 9-version 9.10.2-P3 Users and administrators are encouraged to revie...

‘Stagefright’ Android Vulnerability

Android devices running Android versions 2.2 through 5.1.1r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device. Users and administrators are...

Fiat Chrysler Automobiles (FCA) Uconnect Vulnerability

A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's cellular network, which connects FCA vehicles to the Internet...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in its Application Policy Infrastructure Controller, IOS software, and the Unified MeetingPlace Conferencing products. Exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access, cause a...

WordPress Releases Security Update

WordPress 4.2.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Security and Maintenance Release an...

Google Releases Security Update for Chrome

Google has released Chrome version 44.0.2403.89 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Users and administrators are encouraged to review the Chrome Releases page and...

Microsoft Releases Security Update

Microsoft has released a security update to address a critical vulnerability in Windows. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS15-078 and apply the...

Oracle Releases July 2015 Security Advisory

Oracle has released security fixes to address 193 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle July 2015...

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update to address critical vulnerabilities in Shockwave Player for Windows and Macintosh. Exploitation of these vulnerabilities could allow an attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin...

Microsoft Releases July 2015 Security Bulletin

Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-058 and MS15-065...

Updates Available for Flash AS3 opaqueBackground and BitmapData Use-After-Free Vulnerabilities

Adobe has released security updates to address critical vulnerabilities within the ActionScript 3 opaqueBackground and BitmapData classes of Flash Player. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected includ...

VMware Releases Security Advisory

VMware has released security updates to address a host privilege escalation vulnerability in VMware Workstation, Player and Horizon View Client for Windows. Exploitation of this vulnerability may allow an attacker to escalate privileges on an affected VMware system. Updates available include:...

OpenSSL Releases Security Advisory

OpenSSL has released updates to address a vulnerability that could impact proper certificate verification. A remote attacker could ‘issue’ invalid certificates that pass validation by affected versions. Updates available include: OpenSSL 1.0.2d for 1.0.2b/1.02c users OpenSSL 1.0.1p for...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9-version 9.9.7-P1 BIND 9-version 9.10.2-P2 Users and...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. These include a critical vulnerability CVE-2015-5119 in Adobe Flash Player 18.0.0.194 and earlier versions. Adobe is aware of a report that an exploit targeting CVE-2015-5119...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Mozilla has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow an attacker to take control of an affected system. Available updates include: Firefox 39 Firefox ESR 38.1 Thunderbird 38.1 US-CERT...

Adobe Flash ActionScript 3 ByteArray Use-After-Free Vulnerability

Adobe Flash Player contains a vulnerability within the ActionScript 3 ByteArray class, which can allow a remote attacker to execute arbitrary code on a vulnerable system. Versions affected include Adobe Flash Player 9.0 through 18.0.0.194. Users and administrators are encouraged to review...

Security Updates for Node.js and io.js

Networking applications using Node.js or io.js contain a vulnerability in the V8 JavaScript engine. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: node.js-v0.12.6 io.js-v2.2.3 io.js-v1.8.3 Users and administrators...

Cisco Releases Security Update

Cisco has released a security update to address a vulnerability in versions of the Unified Communications Domain Manager Platform Software prior to 10.x. Exploitation of this vulnerability may allow a remote attacker to take control of the affected system. US-CERT recommends that users review the...

OPM Identity-Protection Phishing Campaigns

US-CERT is aware of suspicious domain names that may be used in phishing campaigns masquerading as official communication from the Office of Personnel Management OPM or the identity protection firm CSID. Https://opm.csid.com is the legitimate domain used by CSID, which is responsible for identity...

Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOS

Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface EFI, OS X Yosemite, and iOS. Exploitation of some of these vulnerabilities may allow an attacker to obtain elevated privileges or crash applications. Available updates include: QuickTime 7.7.7 for Windows...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Content Security Management Virtual Appliance SMAv software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control o...

Fraud Alert Issued on Business Email Compromise Scam

The Financial Services Information Sharing and Analysis Center FS-ISAC and federal law enforcement agencies have released a joint alert warning companies of a sophisticated wire payment scam referred to as business email compromise BEC. Scammers use fraudulent information to trick companies into...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address a critical vulnerability in Flash Player for Windows, Macintosh, and Linux. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulleti...

IC3 Issues Alert on CryptoWall Ransomware

The Internet Crime Complaint Center IC3 has issued an alert warning that U.S. individuals and businesses are still at risk of CryptoWall ransomware fraud. Scam operators use ransomware—a type of malicious software—to infect a device and restrict access until a ransom fee is paid­­. Individuals an...

Google Releases Security Update for Chrome

Google has released Chrome version 43.0.2357.130 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to obtain sensitive information. Users and administrators are encouraged to review the Chrome Releases Page and appl...

Drupal Releases Security Updates

Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator's. Available updates include: • Drupal core 6.36 for 6.x users • Drupal core 7.38 for 7.x user...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates for Adobe Photoshop Creative Cloud CC and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe...

OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam CVE-2015-4000. Exploitation of some of these vulnerabilities could allow the attacker to...

IC3 Issues Alert on Gift Card Scams

The Internet Crime Complaint Center IC3 has released an alert warning consumers of fraud around the resale of gift cards. The secondary gift card market has grown in recent years, and criminal activity has been identified on sites facilitating such exchanges. When purchasing gift cards, look for...

Cisco IOS XR Denial-of-Service Vulnerability

Cisco has identified a vulnerability that could allow an unauthenticated remote attacker to cause a denial-of-service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. A Cisco Carrier Routing System 3 CRS-3 running a version of Cisco...

Ubuntu Releases Security Update

Ubuntu has released 10 security updates to address multiple vulnerabilities affecting Ubuntu 15.04, 14.10, 14.04 LTS, and 12.04 LTS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system. US-CERT encourages users and administrators to revi...

VMWare Releases Security Updates for Multiple Products

VMWare has released four updates to address vulnerabilities in VMWare Workstation, Player, Fusion, and Horizon Client. Exploitation of some of these vulnerabilities could allow denial-of-service condition or remote code execution on the Windows OS running these programs. Users and administrators...

Microsoft Releases June 2015 Security Bulletin

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-056 through...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe...

IC3 Issues Internet Crime Report for 2014

The Internet Crime Complaint Center IC3 has released its Internet Crime Report for 2014, indicating that scams relating to social media—including doxing, click-jacking, and pharming—have increased substantially over the past five years. US-CERT encourages users to review the IC3 Alert for details...

Google Releases Security Update for Chrome

Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrom...

Cisco Releases Security Advisories for TelePresence Products

Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service condition. Users and administrato...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive information. Available updates include:...

Adobe Releases Security Updates for Flash Player, Reader, and Acrobat

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Reader, and Acrobat. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletins...

Microsoft Releases May 2015 Security Bulletin

Microsoft has released 13 updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass. US-CERT encourages users and administrators to review...

Cisco UCS Central Software Vulnerability

Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to revie...

WordPress Security and Maintenance Release

WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Security and Maintenance Release and...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: Safari 8.0.6 for OS X Yosemite v10.10.3 Safari 7.1.6 for OS X Mavericks...

Nepal Earthquake Disaster Email Scams

US-CERT warns users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear...

Google Releases Security Update for Chrome

Google has released Chrome version 42.0.2311.135 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome...

WordPress Releases Security Update

WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress Security Release and upgrade to...

WordPress Releases Security Update

WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability. US-CERT recommends users and administrators review the WordPress Security Release and appl...

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

The Internet Crime Complaint Center IC3 has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking...

Mozilla Releases Security Update for Firefox

The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary update. This product is provided subjec...