4188 matches found
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating its January release will contain four bulletins. These bulletins will have the severity rating of important and will be for Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, a multi-language,...
Network Time Protocol (NTP) Amplification Attacks
A vulnerability in the "monlist" feature of ntpd can allow remote attackers to cause distributed denial of service attack DDoS via forged requests. US-CERT and the Canadian Cyber Incident Response Center CCIRC have both observed active use of this attack vector in recent DDoS attacks. US-CERT...
UK CPNI Releases Spear Phishing Paper
The United Kingdom's Centre for the Protection of National Infrastructure CPNI has recently released a paper titled "Spear Phishing - Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations c...
Apple Releases Security Updates for Safari
Apple has released security updates for Safari 6.1.1 and Safari 7.0.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to obtain sensitive information, execute arbitrary code or cause a denial-of-service condition. Safari 6.1.1 and Safari 7.0.1 updates are...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 26 Firefox ESR 24.2 Thunderbird 24.2 SeaMonkey 2.23 These vulnerabilities could allow a remote attacker to bypass intended security restrictions, conduct a spoofing attack, execute...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe is aware of reports that an exploit designed to trick a user into opening a Microsoft Word document with malicious Flash .swf content exists. These vulnerabilities could cause a crash and...
Adobe Releases Security Update for Adobe Shockwave Player
Adobe has released a security update for Adobe Shockwave Player 12.0.6.147 and earlier versions on the Windows and Macintosh operating systems to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system. US-CERT recommends...
Microsoft Releases December 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft Exchange, Microsoft SharePoint, and Microsoft Developer Tools as part of the Microsoft Security Bulletin Summary for December 2013. These vulnerabilities...
Google Releases Google Chrome 31.0.1650.63
Google has released Google Chrome 31.0.1650.63 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to hijack a web session, spoof the address bar or cause a denial of service condition. US-CERT encourages users and...
Microsoft Releases Advance Notification for December Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its December 2013 release will contain 11 bulletins. These bulletins will have severity ratings of critical and important and will be for Microsoft Windows, Microsoft Office, Microsoft Lync, Internet Explorer, Microsoft...
Microsoft Releases Security Advisory for Microsoft Windows Kernel
Microsoft has released Security Advisory 2914486 to address a vulnerability in a kernel component of Windows XP and Windows Server 2003. This vulnerability could allow an attacker to obtain elevation of privilege and then execute arbitrary code. Microsoft is aware of limited, targeted attacks tha...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 25.0.1 Firefox ESR 24.1.1 Firefox ESR 17.0.11 Seamonkey 2.22.1 These vulnerabilities could allow a remote attacker to bypass intended security restrictions or cause a...
Holiday Season Phishing Scams and Malware Campaigns
As the winter holidays approach, US-CERT reminds users to stay aware of seasonal scams and cyber campaigns, which may include: electronic greeting cards that may contain malware requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming t...
Google Releases Google Chrome 31.0.1650.57
Google has released Google Chrome 31.0.1650.57 for Windows, Mac, Linux and Chrome Frame to address a vulnerability. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google...
BlackBerry Releases Security Advisory
BlackBerry has released a security advisory to address potential vulnerabilities that affect a remote file access feature within BlackBerry Link for Blackberry 10 Operating Systems. These vulnerabilities could allow an attacker to obtain elevation of privilege or execute arbitrary code remotely...
Google Releases Google Chrome 31.0.1650.48
Google has released Google Chrome 31.0.1650.48 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition or bypass intended security restrictions. US-CERT encourages users and...
Adobe Releases Security Update for Adobe ColdFusion
Adobe has released a security hotfix for ColdFusion versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh and Linux to address multiple vulnerabilities. This hotfix addresses a reflected cross site scripting vulnerability CVE-2013-5326 that could be exploited by a remote, authenticated user a...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe has released updates to the following products: Adobe Flas...
Philippines Typhoon Disaster Email Scams and Phishing Attack Warning
After a natural disaster phishing emails and websites requesting donations for bogus charitable organizations begin to appear. Users should be aware of potential email scams and phishing attacks regarding the recent Philippines Typhoon disaster. Email scams may contain links or attachments which...
Microsoft Addresses New Watering Hole Attack in the November, 2013 Security Bulletin Release
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer and Office as part of the Microsoft Security Bulletin Summary for November, 2013. These vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of...
Microsoft Releases Advance Notification for November Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its November 2013 release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, and Microsoft Office. These bulletins...
Cisco Releases Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities in several separate products. These vulnerabilities may allow a remote attacker to execute arbitrary code, operate with elevated privilege, or cause a denial-of-service condition. US-CERT encourages users and...
Security Advisory for Microsoft Graphics Component
Microsoft has released a Security Advisory regarding a vulnerability in the Microsoft Graphics component that affects Microsoft Windows, Microsoft Office, and Microsoft Lync. An attacker could exploit this vulnerability by convincing a user to preview or open a specially crafted email message, op...
Cisco Releases Security Advisory
Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers ASR. These vulnerabilities, which are independent of each other, could allow an unauthenticated remote attacker to cause a denial-of-service condition...
Mozilla Releases Updates for Firefox, Thunderbird, and Seamonkey
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 25.0 Firefox ESR 24.1 Firefox ESR 17.0.10 Thunderbird 24.1 Thunderbird ESR 17.0.10 Seamonkey 2.22 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypa...
WordPress Releases Update for WordPress 3.7
WordPress has released WordPress 3.7 “Basie” for all previous versions. This version has been devised to automatically update with the latest maintenance and security releases, making the process more reliable and secure, with dozens of new checks and safeguards. WordPress 3.7 also updates the...
Apple Releases Apple Remote Desktop 3.7
Apple has released Apple Remote Desktop 3.7 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review Apple Support Article HT5998 and follow best practi...
Apple Releases OS X Mavericks v10.9
Apple has released OS X Mavericks v10.9 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass security restrictions, cause a denial-of-service condition, or execute arbitrary code. US-CERT encourages users and administrators to review Apple Support...
Cisco Releases Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to successfully execute arbitrary code, authentication bypass or cause a denial-of-service DoS condition. US-CERT encourages users and administrators to review the followi...
Apple Releases Security Update for Safari on OS X
Apple has released security updates for Safari 6.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, information disclosure, or a cross-site scripting condition. Safari 6.1 Webkit updates are available for the following versions: O...
Reports of D-Link Router Backdoor
US-CERT is aware of reports that the firmware for various D-Link routers contains a backdoor that allows unauthenticated remote users to bypass the routers' password authentication mechanism. An unauthenticated remote attacker can take any action as an administrator using the remote management we...
Google Releases Google Chrome 30.0.1599.101
Google has released Google Chrome 30.0.1599.101 for Windows, Mac, Linux and Chrome Frame operating systems to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition or trigger multiple conflicting uses of the same object. US-CE...
Apple Releases Security Update for Java on OS X
Apple has released a security update for Java on Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, and OS X Mountain Lion 10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code wi...
Oracle Releases October 2013 Security Advisory
Oracle has released its Critical Patch Update for October 2013 to address 127 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 17 for Oracle Fusion Middleware 4 for Oracle Enterprise Manager Grid Control 1 for Oracle...
Cisco Releases Security Advisories
Cisco has released two security advisories to address multiple vulnerabilities. These vulnerabilities could allow an attacker to obtain elevation of privilege, bypass security controls, or cause a denial of service condition. US-CERT encourages users and administrators to review the following Cis...
BlackBerry Releases Security Advisory
BlackBerry has released a security advisory to address a vulnerability that affects the BlackBerry Universal Device Service installed by default with BlackBerry® Enterprise Service BES versions 10.0 to 10.1.2. This vulnerability could potentially allow an attacker to obtain escalation of privileg...
Security Updates Available for Adobe Reader and Acrobat
Adobe has released security updates for Adobe Reader and Acrobat XI 11.0.04 for Windows. These updates address a regression that occurred in version 11.0.04 affecting Javascript security controls. US-CERT recommends that users and administrators review Adobe Security Bulletin APSB13-25 and follow...
Microsoft Releases October 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, and Silverlight as part of the Microsoft Security Bulletin Summary for October 2013. These vulnerabilities could allow remote code execution or information...
Apple Releases OS X Mountain Lion v10.8.5 Supplemental Update
Apple has released an OS X Mountain Lion v10.8.5 Supplemental Update to address a vulnerability. This vulnerability could potentially allow a local attacker to bypass authentication controls. US-CERT encourages users and administrator to review Apple Security Article HT5964 and apply any necessar...
Google Releases Google Chrome 30
Google has released Chrome 30 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, spoof the address bar, or obtain sensitive information. US-CERT encourages users and...
Microsoft Releases Advance Notification for October Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its October release will contain eight bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows, Internet Explorer, .NET Framework, Office, Server Software, an...
Adobe Customer Information and Source Code Compromises
US-CERT is aware of the public acknowledgement of a compromise of up to 3 million Adobe customers' information, including names and detailed account information. The source code for multiple Adobe products may also have been compromised. US-CERT advises that Adobe customers be aware of possible...
Cisco Releases Security Advisory for Cisco IOS XR
Cisco has released a security advisory to address a vulnerability in Cisco IOS XR Software version 4.3.1. If successful, this exploitation could result in complete packet memory exhaustion, rendering critical services on the affected device unable to allocate packets, resulting in a denial of...
Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication
Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes eight Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service DoS condition, interface queue...
Cisco Releases Security Advisory
Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Prime Central for Hosted Collaboration Solution HCS Assurance. This vulnerability could allow an unauthenticated, remote attacker to access sensitive information on the system, including user...
Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager (DCNM)
Cisco has released three security advisories to address multiple vulnerabilities affecting various components of Cisco Prime Data Center Network Manager DCNM. These vulnerabilities may allow an unauthenticated, remote attacker to disclose file components and access text files on an affected devic...
Apple Releases Security Update for OS X Server
Apple has released a security update for OS X Server v2.2.2 for OS X Mountain Lion v10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial of service, execute arbitrary code or cause a cross-site scripting attack. US-CERT encourages...
Apple Releases iOS 7
Apple has released iOS 7 for the iPhone 4 and later, iPod touch 5th generation and later, and iPad 2 and later to address multiple vulnerabilities. These vulnerabilities could allow remote attackers to execute arbitrary code, cause a cross-site scripting attack, bypass security restrictions, or...
Microsoft Releases Security Advisory for Internet Explorer
Microsoft has released Security Advisory 2887505 regarding a remote code execution vulnerability CVE-2013-3893 impacting Internet Explorer versions 6 through 11. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability in Internet Explorer 8 and Internet Explorer 9. The...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 24.0 Firefox ESR 17.0.9 Thunderbird 24.0 Thunderbird ESR 17.0.9 Seamonkey 2.21 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access...