Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex

Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack. Users and...

Oracle Releases April 2015 Security Advisory

Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle April 2015...

Google Releases Security Update for Chrome

Google has released Chrome 42.0.2311.90 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog ent...

Microsoft Releases April 2015 Security Bulletin

Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass. US-CERT encourages users and administrators to...

WP Super Cache Cross-Site Scripting (XSS) Vulnerability

WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system. Users and administrators are encouraged to review the WP Super Cache Changelog for more...

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition. Users and administrators are encouraged to review...

Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV

Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: OS X Yosemite v10.10.3 and Security Update...

IC3 Releases Alert on Web Site Defacements

The Internet Crime Complaint Center IC3 has issued an alert addressing recently perpetrated Web site defacements. The defacements advertise themselves as associated with the Islamic State in the Levant ISIL a.k.a. Islamic State of Iraq and al-Shams ISIS. However, FBI assesses that the perpetrator...

IC3 Issues Alert for Fake Government Websites

The Internet Crime Complaint Center IC3 has released an alert that warns consumers of fraudulent government-services websites that mimic legitimate ones. Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information PII and collect fees for...

Mozilla Releases Security Update for Firefox

The Mozilla Foundation has released Firefox 37.0.1 to address two vulnerabilities, one of which may allow a remote attacker to conduct man-in-the-middle attacks. Users and administrators are encouraged to review the security advisories for Firefox and apply the necessary updates. This product is...

Google Releases Security Update for Chrome

Google has released Chrome 41.0.2272.118 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 37 Firefox ESR 31.6...

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...

Installer Hijacking Vulnerability in Android Devices

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user...

Apple Releases Security Update for OS X Yosemite

Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Apple Security Update...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 36.0.4 Firefox ESR 31.5.3 SeaMonkey...

Drupal Releases Security Updates

Drupal has released updates to address multiple vulnerabilities, one of which could allow a remote attacker to gain access to a system account. Available updates include: Drupal core 6.35 for 6.x users Drupal core 7.35 for 7.x users US-CERT encourages users and administrators to review Drupal's...

Ubuntu Releases Security Update

Ubuntu has released a security update to address multiple vulnerabilities in PHP5 affecting Ubuntu 14.10, 14.04 LTS, 12.04 LTS, and 10.04 LTS. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Users and administrators are encourage...

OpenSSL Patches Multiple Vulnerabilities

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server. Updates available include: OpenSSL 1.0.2a for 1.0.2 users OpenSSL...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system. Updates include: Safari 8.0.4 for OS X Yosemite...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-05 and apply the...

Microsoft Releases March 2015 Security Bulletin and Patches FREAK

Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. Exploitation of one of these vulnerabilities FREAK could allow a remote attacker to decrypt secure communications between vulnerable clients and servers. US-CERT...

Apple Addresses FREAK and Releases Security Updates for OS X, iOS, and Apple TV

Apple has released security updates for OS X, iOS, and Apple TV to address multiple vulnerabilities, one of which may allow an attacker to decrypt secure communications between vulnerable clients and servers FREAK. Updates available include: Xcode 6.2 for OS X Mavericks v10.9.4 or later Security...

FREAK

FREAK Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to...

Guidance for Defending Against Destructive Malware

The Information Assurance Directorate of the National Security Agency NSA has released a report on Defensive Best Practices for Destructive Malware. This report details several steps network defenders can take to detect, contain, and minimize destructive malware infections. US-CERT encourages use...

FTC Details the Top 10 Imposter Scams of 2014

The Federal Trade Commission FTC has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions. Users are encouraged to review the FT...

Cisco IPv6 Denial of Service Vulnerability

Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence System 6000 NCS 6000 and Cisco Carrier...

Samba Remote Code Execution Vulnerability

Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon smbd. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information or execute arbitrary code on an affected system. Updates available...

Lenovo Computers Vulnerable to HTTPS Spoofing

Lenovo consumer personal computers employing the pre-installed Superfish VisualDiscovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic HTTPS,...

IRS Issues Warning for a Scam Targeting Tax Preparers

The Internal Revenue Service IRS has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials. US-CERT encourages users and administrators to...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9.9.6-P2 BIND 9.10.1-P2 Users and administrators are...

Microsoft Releases Critical Security Update for Internet Explorer

Microsoft has released a critical security update to address multiple vulnerabilities in Internet Explorer. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system if the user views a specially crafted webpage. Users and administrators are...

Google Releases Security Update for Chrome OS

Google has released Chrome OS 40.0.2214.114 for Chrome devices to address multiple vulnerabilities. Exploitation of one these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Google Chrome blog entry and app...

Microsoft Releases February 2015 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or disclosure of information. US-CERT...

Microsoft Releases Critical Security Bulletin

Microsoft has released Security Bulletin MS15-011 to address a critical vulnerability in Windows. Exploitation of this vulnerability could allow a remote attacker to take complete control of an affected system. This security update contains a new policy feature UNC Hardened Access which is not...

Google Releases Security Updates for Chrome

Google has released Chrome 40.0.2214.111 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Google Chrome blog entry a...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-04 and apply the necessary updates. This...

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV

Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X...

Linux "Ghost" Remote Code Execution Vulnerability

The Linux GNU C Library glibc versions 2.2 and other 2.x versions before 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users a...

Security Advisory for Adobe Flash Player

Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability CVE-2015-0311 in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system. Users and administrators are encouraged to...

IC3 Releases Alert for a Scam Targeting Businesses

The Internet Crime Complaint Center IC3 has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control. Users are encouraged...

Google Releases Security Updates for Chrome

Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information. US-CERT encourages users and administrators to review t...

FBI Releases "Ransomware on the Rise"

The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock i...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address a vulnerability in Flash Player, which could potentially allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-02 and apply the necessary updates. This product ...

Oracle Releases January 2015 Security Advisory

Oracle has released its Critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products. This update contains the following security fixes: 8 for Oracle Database Server 36 for Oracle Fusion Middleware 10 for Oracle Enterprise Manager Grid Control 10 for Oracle...

Ubuntu Releases Security Updates

Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code. Users and administrators are encouraged to revi...

Affordable Care Act Phishing Campaign

US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private...

IC3 Issues Alert on University Employee Payroll Scam

The Internet Crime Complaint Center IC3 has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Users are encouraged to review the IC3 Alert...

Mozilla Releases Security Updates for Firefox, Firefox ESR, SeaMonkey, and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, SeaMonkey, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates available include: Firefox 35 Firefox ESR...