4188 matches found
Microsoft Releases January 2015 Security Bulletin
Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, or security feature bypass. US-CERT encourages users and administrators to review Microsoft Security...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates. Th...
OpenSSL Patches Eight Vulnerabilities
OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition. The following updates are available: OpenSSL 1.0.1k for 1.0.1 users OpenSSL 1.0.0p for 1.0.0 users OpenSSL 0.9.8zd for 0.9.8 users Users and administrators are...
Apple Releases Security Updates for OS X
Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and...
oCERT Releases Advisory for Unpatched UnZip Vulnerability
The Open Source Computer Security Incident Response Team oCERT has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file. US-CER...
"Misfortune Cookie" Broadband Router Vulnerability
Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device. Users and administrators are encouraged to review...
Vulnerabilities Identified in Network Time Protocol Daemon
NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review Vulnerability Note VU852879 and update to NTP...
FTC Releases "Package Delivery" Themed Scam Alert
The Federal Trade Commission FTC has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to reputable organizations to imply the email is legitimate...
Docker Releases Security Updates
Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system. Users and administrators are encouraged to review the Docker Security Advisory and apply the necessary updates. This...
VMware Releases Updates for vCAC
VMware has released security updates to address a critical vulnerability in vCloud Automation Center vCAC, which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the...
Certain TLS Implementations Vulnerable to POODLE Attacks
A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and administrators to review TA14-290A for...
Adobe Releases Security Updates for Flash, Reader, Acrobat, and ColdFusion
Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion. Exploitation of these vulnerabilities may allow a remote attacker to take over an affected system. US-CERT recommends users and administrators review Adobe Security Bulletins...
Microsoft Releases December 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information...
ISC Releases Security Updates for BIND
The Internet Systems Consortium ISC has released security updates to address multiple vulnerabilities in BIND, one of which may allow a remote attacker to cause a denial of service. Updates available include: BIND 9 version 9.9.6-P1 BIND 9 version 9.10.1-P1 Users and administrators are encouraged...
VMware Releases Security Updates for vCenter Server, vCenter Server Appliance, and ESXi
VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks. US-CERT encourages users and...
Apple Releases Security Updates for Safari
Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service or execute arbitrary code on an affected system. Updates include: Safari 8.0.1 for OS X Yosemite v10.10.1 Safari 7.1.1...
IBM Releases Security Update for MDM
IBM has released Tivoli Endpoint Manager Mobile Device Management MDM version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system. Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates...
Mozilla Releases Security Updates for Firefox and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial of service, or exploit a buffer overflow on an affected browser. Updates...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address a vulnerability in Flash Player which could potentially allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB14-26 and apply the necessary updates. This product i...
Docker Releases Security Advisory
Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system. US-CERT encourages users and administrators to review Docker's Security...
US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns
US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may...
WordPress Releases Security Update
WordPress 4.0.1 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 3.9.2 and earlier are affected by this vulnerability. US-CERT recommends users and administrators review the WordPress Maintenance and Security...
Drupal Releases Security Advisory
Drupal has released an advisory to address multiple vulnerabilities in Drupal core 6.x versions prior to 6.34 and Drupal core 7.x versions prior to 7.34, one of which could allow a remote attacker to cause a denial of service. US-CERT encourages users and administrators to review Drupal's Securit...
Google Releases Security Update for Chrome
Google has released Chrome 39.0.2171.65 for Windows, Mac and Linux. This update addresses multiple vulnerabilities, one of which could cause a denial of service condition. Users and administrators are encouraged to review the Google Chrome blog and apply the necessary updates. This product is...
IC3 Releases Scam Alert for Fraudulent Online Advertisements
The Internet Crime Complaint Center IC3 released a Scam Alert regarding fraudulent ads for normally expensive items, such as cars and boats, at discounted prices. Scam operators often use false contact information linked to reputable online marketplaces to imply that the transaction is legitimate...
Microsoft Releases Out-of-Band Security Bulletin for Windows Kerberos Vulnerability
Microsoft has released security updates to address a remote elevation of privilege vulnerability which exists in implementations of Kerberos KDC in Microsoft Windows. Exploitation of this vulnerability could allow a remote attacker to take control of an affected system. US-CERT encourages users a...
Apple Releases Security Updates for iOS, OS X Yosemite, and Apple TV
Apple released security updates for iOS devices, OS X Yosemite and Apple TV to address multiple vulnerabilities, one of which could allow remote attackers to execute arbitrary commands. Updates available include: iOS 8.1.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 a...
IC3 Releases “Tech Support” Themed Scam Alert
The Internet Crime Complaint Center IC3, a partnership between the Federal Bureau of Investigation FBI and the National White Collar Crime Center NW3C to combat Internet crime, has released a Scam Alert advising the public of an ongoing telephone scam in which callers purport to be an employee of...
Google Releases Security Update for Chrome
Google has released Chrome 38.0.2125.122 for Windows, Mac and Linux. This update addresses a vulnerability which could potentially allow an attacker to take over an affected system. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the necessary update...
Microsoft Releases November 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Exchange, .NET Framework, SharePoint, and Internet Explorer as part of the Microsoft Security Bulletin Summary for November 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, ...
Adobe Releases Security Updates for Flash Player
Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB 14-24 and apply the necessary updates...
Drupal Releases Public Service Announcement
Drupal released a public service announcement to address active exploitations of a previously patched vulnerability found in Drupal core 7.x versions prior to 7.32. US-CERT advises users and administrators to review Drupal's Public Service announcement and apply the necessary updates or...
Apple Releases Security Updates for QuickTime
Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service. Users and administrators are encouraged to review Apple Support Article HT6493 and apply a...
Microsoft Releases Advisory for Unpatched Windows Vulnerability
Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, CVE-2014-6352 which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a...
Apple Releases Security Updates for iOS and Apple TV
Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL. Updates available include: iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later Apple ...
Apple Releases Security Update 2014-005
Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0. US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details. This product is provided subject to this Notification and this Privacy & Use policy. Please share your thought...
OpenSSL 3.0 Protocol Vulnerability
US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction. US-CERT recommends users and administrators review TA14-29...
Drupal Releases Security Advisory
Drupal has released a security advisory to address an application program interface API vulnerability CVE-2014-3704 that could allow an attacker to execute arbitrary SQL commands on an affected system. This vulnerability affects all Drupal core 7.x versions prior to 7.32. US-CERT advises users an...
Ebola Phishing Scams and Malware Campaigns
US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease EVD as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a...
OpenSSL Patches Four Vulnerabilities
OpenSSL has released updates patching four vulnerabilities, some of which may allow an attacker to cause a Denial of Service DoS condition or execute man-in-the-middle attacks. The following updates are available: OpenSSL 1.0.1 users should upgrade to 1.0.1j OpenSSL 1.0.0 users should upgrade to...
Google Releases Security Updates for Chrome and Chrome OS
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system. Updates available include: Chrome 38.0.2125.104 for Windows, Mac and Linux Chrome OS 38.0.2125.108 for all...
Mozilla Releases Security Updates for Firefox and Thunderbird
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause an exploitable crash, conduct a...
Adobe Releases Security Updates for ColdFusion and Flash Player
Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system. Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23 and APSB 14-22 and apply the...
Oracle Releases October 2014 Security Advisory
Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products. US-CERT encourages users and administrators to review the Oracle October 2014 Critical Patch Update and apply the necessary updates. This product is provided subject to this...
Microsoft Releases October 2014 Security Bulletin
Microsoft has released updates to address vulnerabilities in Windows, Office, Office Services and Web Apps, Developer Tools, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2014. These vulnerabilities could allow remote code execution, elevatio...
Cisco Releases Security Advisory for ASA Software
Cisco has released an advisory to address multiple vulnerabilities in the Cisco Adaptive Security Appliance ASA Software that could result in a denial of service condition. Cisco has released free software updates that address these vulnerabilities. Users and administrators are encouraged to revi...
Oracle Patches Bash Vulnerabilities
Oracle has released security updates to address bash vulnerabilities found across multiple products. US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary. This product is provided subject to this Notification and thi...
Google Releases Security Updates for Chrome and Chrome OS
Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition. Updates available include: Chrome 38.0.2125.101 for Windows, Mac and...
Apple Releases OS X bash Update 1.0
Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell bash which could allow a remote attacker to execute arbitrary shell commands. US-CERT recommends users and administrators review Apple Security Update HT6495, TA14-268A, Vulnerability Note VU252743...
Mozilla Network Security Services (NSS) Library Vulnerability
A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similar...