Apple Releases OS X Mountain Lion v10.8.5 and Security Update 2013-004

Apple has released OS X v10.8.5 and Security Update 2013-004 to address multiple vulnerabilities. These vulnerabilities could lead to a denial of service, cross-site scripting, elevation of privilege, or the execution of arbitrary code. US-CERT encourages users and administrators to review Apple...

Security Updates Available for Adobe Flash Player, Adobe Reader, and Acrobat

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. Adobe has also released security updates for Adobe Reader and Acrobat XI 11.0.03 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities could cause a...

Microsoft Releases September 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for September 2013. These vulnerabilities could allow remote code execution, elevation of privilege...

Security Update Available for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.3.133 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities, if exploited, could allow an attacker to run malicious code on an affected system. US-CERT recommends that users an...

Cisco Releases Security Advisory for Cisco WebEx Players

Cisco has released a security advisory to address multiple vulnerabilities in Cisco WebEx Recording Format WRF and Advanced Recording Format ARF Players. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial of service condition. US-CERT encourages users...

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in Cisco Secure Access Control Server ACS versions 4.0 through 4.2.1.15. This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary commands. The vulnerability is only present when Cisco ACS is configur...

Cisco Releases Security Advisories

Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an unauthenticated, remote attacker the ability to modify data, execute arbitrary commands, or cause a denial of service DoS condition. US-CERT encourages users and administrators to...

Spear-Phishing E-mail with Missing Children Theme

The FBI is aware of a spear-phishing e-mail appearing as if it were sent from the National Center for Missing and Exploited Children. The subject of the e-mail is "Search for Missing Children," and a zip file containing three malicious files is attached. E-mail recipients should always treat link...

Google Releases Google Chrome 29.0.1547.57

Google has released Google Chrome 29.0.1547.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct a directory traversal attack, or obtain sensitive information. US-CERT...

Microsoft Releases Security Advisory

Microsoft has released Security Advisory 2862973 impacting applications and services using certificates with the MD5 hashing algorithm. Usage of the MD5 hash algorithm in certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. US-CERT...

Microsoft Releases August 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Server Software as part of the Microsoft Security Bulletin Summary for August 2013. These vulnerabilities could allow remote code execution, elevation of privilege, denial of service, ...

OpenX Releases Security Update

OpenX has released an important security update for OpenX Source, the open source ad serving product. The downloadable ZIP archive of OpenX Source 2.8.10 was compromised to include a backdoor that would allow an attacker to upload and execute arbitrary PHP code. Compromised OpenX Source ad server...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 23.0 Firefox ESR 17.0.8 Thunderbird 17.0.8 Thunderbird ESR 17.0.8 Seamonkey 2.20 These vulnerabilities could allow a remote attacker to cause a denial of service condition, conduct ...

Cisco Releases Security Advisory

Cisco has released a security advisory to address a vulnerability in the Cisco TelePresence System. This vulnerability may allow a remote attacker to access the web server via a user account created with default credentials, which gives the attacker full administrative rights to the system. US-CE...

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an attacker to take control of the affected system or allow an authenticated but unprivileged, remote attacker to execute arbitrary code on a vulnerable system and on devices managed ...

Google Releases Google Chrome 28.0.1500.95

Google has released Google Chrome 28.0.1500.95 for Chrome Frame, Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to bypass intended restrictions or cause a denial-of-service condition. US-CERT encourages users and administrators to...

Recent Reports of DHS-Themed Ransomware (UPDATE)

US-CERT has received reports of increased activity concerning an apparently DHS-themed ransomware malware infection occurring in the wild. Users who are being targeted by the ransomware receive a message claiming that use of their computer has been suspended and that the user must pay a fine to...

Cisco Security Advisory Available

Cisco has released a security advisory to address multiple vulnerabilities in the Cisco Video Surveillance Manager. These vulnerabilities could potentially allow a remote, unauthenticated attacker to obtain sensitive information. US-CERT encourages users and administrators to review the following...

Cisco Releases Multiple Security Advisories

Cisco has released two security advisories to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system or cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco...

Oracle Releases July 2013 Security Advisory

Oracle has released its Critical Patch Update for July 2013 to address 89 vulnerabilities across multiple products. This update contains the following security fixes: 6 for Oracle Database Server 21 for Oracle Fusion Middleware 1 for Oracle Hyperion 2 for Oracle Enterprise Manager Grid Control 7...

Adobe Releases Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition. Security updates are available for the following versions: Adobe Flash Player 11.7.700.22...

Google Releases Google Chrome 28.0.1500.71

Google has released Google Chrome 28.0.1500.71 for Windows, Macintosh, and Chrome Frame platforms to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended restrictions, obtain sensitive information or cause a...

Security Hotfixes Available for Adobe ColdFusion

Adobe has released a security hotfix for ColdFusion 10 for Windows, Macintosh and Linux to address a vulnerability that could allow an attacker to cause an elevation of privilege condition. A security hotfix for Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 on JRun is available to address a vulnerabilit...

Security Update Available for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player 12.0.2.122 and earlier versions on the Windows and Macintosh operating systems to address a vulnerability. This vulnerability could potentially allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CE...

Microsoft Releases July 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, .NET Framework, Silverlight, Office, Visual Studio, Lync, Internet Explorer, and Windows Defender as part of the Microsoft Security Bulletin Summary for July 2013. These vulnerabilities could allow remote code executi...

Cisco Releases Security Advisories

Cisco has released four security advisories to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system or cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco...

Digital Alert Systems and Monroe Electronics EAS Firmware Security Advisory

Digital Alert Systems' DASDEC and Monroe Electronics' One-Net E189 Emergency Alert System EAS encoder/decoder ENDEC devices exposed a shared private root SSH key in publicly available firmware images. Additional information is also available in CERT Vulnerability Note VU662676. US-CERT recommends...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 22.0 Firefox ESR 17.0.7 Thunderbird 17.0.7 Thunderbird ESR 17.0.7 These vulnerabilities could allow a remote attacker to execute arbitrary code and potentially cause a cross-site...

WordPress Releases Security Update for WordPress 3.5.2

WordPress has released WordPress 3.5.2 for all previous versions to address multiple vulnerabilities. These vulnerabilities could potentially enable a remote attacker to cause a cross-site scripting attack, elevation of privilege, or cause a denial-of-service condition. US-CERT recommends users a...

Google Releases Google Chrome 27.0.1453.116

Google has released Google Chrome 27.0.1453.116 for all Chrome OS devices to address a vulnerability. This vulnerability could allow a remote attacker to obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome release blog entry and follow best practi...

Oracle Java SE Critical Patch Update Announcement - June 2013

Oracle has released a June 2013 Critical Patch Update for Oracle Java SE. This Critical Patch Update is a collection of patches for multiple security vulnerabilities in Oracle Java SE. The update contains 40 new security vulnerability fixes, including a patch for Oracle JavaDoc frame injection...

Security Updates Available for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Security updates are available for the following versions of Adobe Flash Player: Adobe Flash Player...

Microsoft Releases June 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for June 2013. These vulnerabilities could allow remote code execution, information disclosure, denial of service, or elevatio...

Apple Releases Security Update for Safari on OS X

Apple has released security updates for Safari 6.0.5 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Safari 6.0.5 WebKit updates are available for the following versions: OS X Lion v10.7.5 O...

Google Releases Google Chrome 27.0.1453.110

Google has released Google Chrome 27.0.1453.110 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to cause a denial-of-service condition, bypass security controls or execute arbitrary code. US-CERT encourages user...

Apple Releases OS X 10.8.4 and Security Update 2013-002

Apple has released OS X 10.8.4 and Security Update 2013-002 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security controls, or cause denial-of-service conditions. US-CERT encourages users and...

Apple Releases Security Updates for Apple QuickTime 7.7.4

Apple has released security updates for Apple QuickTime 7.7.4 for Windows 7, Vista, and XP SP2 or later to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and...

Google Releases Google Chrome 27.0.1453.93

Google has released Google Chrome 27.0.1453.93 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial-of-service condition, obtain sensitive information, or execute arbitrary code. US-CERT encourages use...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 21.0 Firefox ESR 17.0.6 Thunderbird 17.0.6 Thunderbird ESR 17.0.6 These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtai...

Adobe Releases Security Updates for Adobe Flash Player

Adobe has released security updates for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities could cause a denial-of-service condition and potentially allow an attacker to execute arbitrary code and take control of an affected system. The following versions of Adobe Flash...

Security Updates Available for Adobe Reader and Acrobat

Adobe has released security updates for Adobe Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities could cause a crash and potentially allow an attacker to take control of an affected system. The following versions of Adobe Reader and Acrobat are affected: Adobe Reader XI...

Adobe Releases Security Update for ColdFusion

Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX. This hotfix addresses a vulnerability CVE-2013-1389 that could allow a remote attacker to execute arbitrary code and a vulnerability CVE-2013-3336 that could permit an unauthorized user...

Microsoft Releases May 2013 Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Lync, Office, and Windows Essentials as part of the Microsoft Security Bulletin Summary for May 2013. These vulnerabilities could allow remote code execution, denial of service,...

Microsoft Releases Security Advisory for Internet Explorer

Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsof...

Cisco Releases Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari 6.0.4 WebKit to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Safari 6.0.4 WebKit updates are available for the following versions: OS X Lion...

Scams Exploiting Boston Marathon Explosion

Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the...

Oracle Releases April 2013 Security Advisory

Oracle has released its Critical Patch Update for April 2013 to address 128 vulnerabilities across multiple products. This update contains the following security fixes: 4 for Oracle Database Server 29 for Oracle Fusion Middleware 6 for Oracle E-Business Suite 3 for Oracle Supply Chain Products...

WordPress Sites Targeted by Mass Brute-force Botnet Attack

US-CERT is aware of an ongoing campaign targeting the content management software WordPress, a free and open source blogging tool and web publishing platform based on PHP and MySQL. All hosting providers offering WordPress for web content management are potentially targets. Hackers reportedly are...

Google Releases Google Chrome 26.0.1410.57

Google has released Google Chrome 26.0.1410.57 for all Chrome OS devices to address a vulnerability. This vulnerability could allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best-practice security...