Bourne-Again Shell (Bash) Remote Code Execution Vulnerability

US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. US-CERT recommends users and administrators review TA14-268A, Vulnerability...

Apple Releases Security Updates for iOS, Apple TV, and Xcode

Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination. Updates available include: iOS 8 for iPhone 4s and later, iPod touch...

Adobe Releases Security Updates for Adobe Reader and Acrobat

Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB14-20 and...

Cisco Integrated Management Controller Vulnerability

Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller Cisco IMC SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial of service condition. Migration to relea...

Google Releases Security Update for Chrome

Google has released Chrome 37.0.2062.120 for Windows, Mac and Linux. This update addresses multiple vulnerabilities one of which could potentially allow an attacker to cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome release blog and apply the...

Adobe Releases Security Updates for Flash Player and Air

Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to revi...

Microsoft Releases September 2014 Security Bulletin

Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service...

WordPress Releases Security Update

WordPress 3.9.2 has been released to address multiple vulnerabilities, one of which could allow a possible denial of service issue in PHP’s XML processing. WordPress 3.7.3 or 3.8.3 users will be updated to 3.7.4 or 3.8.4. Users operating older, unsupported versions of WordPress are encouraged to...

Mozilla Releases Security Updates for Firefox and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to cause an exploitable crash or execute arbitrary code. The following updates are available: Firefox 32 Firefox ESR 24....

Google Releases Security Updates for Chrome

Google has released Chrome 37.0.2062.94 for Windows, Mac and Linux. This update includes 50 security fixes some of which could allow a remote attacker to obtain unauthorized access or cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome release blog a...

Backoff Point-of-Sale Malware Campaign

US-CERT is aware of Backoff malware compromising a significant number of major enterprise networks as well as small and medium businesses. US-CERT encourages administrators and operators of Point-of-Sale systems to review the Backoff malware alert to help determine if your network may be affected...

Breach of Patient Identification Information

US-CERT is aware of a breach of sensitive patient identification information affecting approximately 4.5 million patients and customers of Community Health Systems, Inc. As part of DHS, US-CERT is working together with the FBI and the Department of Health and Human Services to assist in sharing...

NCSC Spearphishing Security Advisory

New Zealand’s National Cyber Security Centre NCSC has released Security Advisory NCSC-C-2014-17 which highlights a spearphishing campaign targeting government employees. The NCSC provides enhanced cybersecurity services to the New Zealand Government and private sector organizations against...

Apple Releases Security Update for Safari

Apple has released security updates for Safari to address vulnerabilities which could allow an attacker to execute arbitrary code or cause an unexpected application termination. Updates include Safari 6.1.6 and Safari 7.0.6 for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8...

Google Releases Security Updates for Chrome

Google has released security updates to address multiple vulnerabilities in Chrome, Chrome OS and Chrome for Android. Some of these vulnerabilities could potentially allow an attacker to obtain sensitive information or cause a denial of service. Updates available include: Chrome 36.0.1985.143 for...

Adobe Releases Security Updates for Flash Player, Adobe Reader and Acrobat

Adobe has released security updates to address multiple vulnerabilities in Flash Player, Adobe Reader and Acrobat. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security...

Microsoft Releases August 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, SQL Server, Server Software, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for August 2014. Some of these vulnerabilities could allow remote code execution, elevation of...

OpenSSL Patches Nine Vulnerabilities

OpenSSL has released updates patching nine vulnerabilities, some of which may allow an attacker to cause a Denial of Service DoS condition or force the client to revert to a less secure Transport Layer Security TLS 1.0 protocol. The following updates are available: OpenSSL 0.9.8 users should...

Cisco EnergyWise Module Vulnerability

Cisco has released an advisory to address a vulnerability in the EnergyWise module of Cisco IOS and Cisco IOS XE Software. Exploitation of the vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service condition on the affected system. Users and administrators are...

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain ful...

CPNI Releases Paper on Improving Defenses Against Targeted Attack

The United Kingdom's Centre for the Protection of National Infrastructure CPNI has released a report on its “Improving Defenses Against Targeted Attack" iDATA cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by natio...

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code. The following updates are available: Firefox 31 Thunderbird 31 Firefox ESR 24.7 Thunderbird 24.7 Users an...

Vulnerabilities in LZO and LZ4 compression libraries

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation. US-CERT recommends that al...

Cisco Addresses Wireless Residential Gateway Vulnerability

Cisco has released an advisory to address a vulnerability in the web server used in multiple Wireless Residential Gateway products that could allow an unauthenticated, remote attacker to crash the web server and execute arbitrary code with elevated privileges. Cisco products affected by this...

Oracle Releases July 2014 Security Advisory

Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 29 for Oracle Fusion Middleware 7 for Oracle Hyperion 1 for Oracle Enterprise Manager Grid Control 5...

Microsoft Releases Security Advisory for Improperly Issued Digital Certificates

Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Users and administrators are...

Cisco Addresses Apache Struts 2 Vulnerability

Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected by this vulnerability include: Cisc...

Microsoft Releases July 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, and Microsoft Service Bus for Windows Server as part of the Microsoft Security Bulletin Summary for July 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denia...

Adobe Releases Security Updates for Flash Player and Air

Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash Player 14.0.0.145 for Windows,...

WordPress Releases Security Update

WordPress 3.8.2 has been released to address multiple vulnerabilities, one of which could allow an attacker to gain unauthorized access using forged authentication cookies. WordPress 3.7.1 users will be updated to 3.7.2, which contains the same security fixes as 3.8.2. Users operating older,...

Cisco Releases Security Advisory for Unified Communications Domain Manager

Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Domain Manager, some of which may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. The following updates are available: Cisco Unified CDM...

Apple Releases Security Updates for OS X, Safari, iOS devices, and Apple TV

Apple has released security updates for Mac OS X, Safari, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination. Updates available include: Security Update...

Risks of Exposing the Intelligent Platform Management Interface (IPMI)

Multiple weaknesses exist in several server platforms employing IPMI. Exploitation of these vulnerabilities could allow an attacker to take control of the affected system or expose sensitive server information. Server administrators are encouraged to review US-CERT Alert TA13-207A and restrict IP...

Microsoft Releases Security Advisory for Microsoft Malware Protection Engine

Microsoft has released a security advisory to address a vulnerability to the Microsoft Malware Protection Engine. Successful exploitation of the vulnerability could allow an attacker to cause a denial of service. An update is available for the following affected software: Microsoft Forefront Clie...

Mozilla Releases Security Updates for Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code, cause a denial of service, or conduct clickjacking...

Google Releases Security Updates for Chrome and Chrome OS

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system or cause a denial of service. Updates available include: Chrome 35.0.1916.153 for Windows, Mac...

Adobe Releases Security Updates for Flash Player and Air

Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash Player 14.0.0.125 for Windows,...

Microsoft Releases June 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Lync, and Lync Server as part of the Microsoft Security Bulletin Summary for June 2014. Some of these vulnerabilities could allow remote code executions. US-CERT encourages users and administrators to...

OpenSSL Releases Security Advisory

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code. The following updates are available: OpenSSL 0.9.8 SSL/TLS users shoul...

NCSC-NZ Releases 2013 Incident Summary

New Zealand’s National Cyber Security Centre NCSC-NZ has released its 2013 Incident Summary. The NCSC provides enhanced cybersecurity services to New Zealand Government and private sector organizations against cybersecurity threats. This product is provided subject to this Notification and this...

Apple Releases Security Updates for Safari

Apple has released updates for Safari to address multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code or cause a denial of service. Safari 6.1.4 and Safari 7.0.4 updates are available for: OS X Lion v10.7.5 OS X Lion Server v10.7.5 OS X Mountain Lion...

Cisco Releases Security Advisories

Cisco has released two security advisories to address multiple product vulnerabilities, one of which may allow a remote attacker to execute arbitrary code with elevated privileges. The advisories are listed below: Cisco Wide Area Application Services Remote Code Execution Vulnerability Multiple...

Apple Releases Security Updates for OS X and iTunes

Apple has released updates to OS X and iTunes to address multiple vulnerabilities, some of which could allow an attacker to execute arbitrary code, obtain website credentials, or take control of the affected system. Updates are available: OS X Mavericks 10.9.3 for OS X Mavericks 10.9 to 10.9.2...

Google Releases Security Update for Chrome

Google has released Chrome 34.0.1847.137 for Windows, Mac, and Linux to address multiple vulnerabilities. Some of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to review the Google Chrome Blog post and...

Microsoft Releases May 2014 Security Bulletin

Microsoft has released updates to address vulnerabilities in Windows, Office, Internet Explorer, Server Software, Office Services, Web Apps, and Productivity Software as part of the Microsoft Security Bulletin Summary for May 2014. These vulnerabilities could allow remote code executions. US-CERT...

Adobe Releases Security Updates for Reader, Acrobat, Flash Player, and Illustrator

Adobe has released security updates to address multiple vulnerabilities in Reader, Acrobat, Flash Player, and Illustrator. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Reader XI 11.0.07...

Cisco Releases Security Advisory for WebEx Players

Cisco has released a security advisory to address multiple buffer overflow vulnerabilities in Cisco WebEx Recording Format and Advanced Recording Format Players. Successful exploitation of the vulnerabilities could cause an affected player to crash or allow a remote attacker to execute arbitrary...

Microsoft Releases Security Update for Internet Explorer Use-After-Free Vulnerability

Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP. US-CERT recommends that users and administrators review Microsoft Security Bulletin MS14-021 and apply the necessa...

Mozilla Releases Security Updates for Firefox, Thunderbird, and Seamonkey

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Thunderbird, and Seamonkey. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a denial-of-service condition, execute arbitrary code, conduct phishi...

Adobe Releases Security Updates for Flash Player

US-CERT is aware of active exploitation of a vulnerability in versions of Flash Player which could potentially allow an attacker to take control of an affected system. Adobe has released security updates to address these vulnerabilities. The following updates are available: Flash Player 13.0.0.20...