Cisco Releases Multiple Security Advisories

Cisco has released nine security advisories to address multiple vulnerabilities affecting Cisco IOS software. These vulnerabilities may allow an attacker to execute arbitrary code, operate at elevated privileges, or cause a denial-of-service condition. US-CERT encourages users and administrators ...

Google Releases Google Chrome 17.0.963.83

Google has released Chrome 17.0.963.83 for Linux, Macintosh, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Googl...

Mozilla Releases Multiple Updates

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 11 Firefox 3.6.28 Firefox ESR 10.0.3 Thunderbird 11 Thunderbird 3.1.20 Thunderbird ESR 10.0.3 SeaMonkey 2.8 These vulnerabilities may allow an attacker to execute arbitrary code,...

Cisco Releases Multiple Security Advisories

Cisco has released three security advisories to address vulnerabilities affecting the following products: Cisco ASA 5500 Series Adaptive Security Appliances ASA Cisco Catalyst 6500 Series ASA Service Module ASASM Cisco Catalyst 6500 Series Firewall Service Module FWSM Cisco Adaptive Security...

Apple Releases Safari 5.1.4

Apple has released Safari 5.1.4 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, spoof a domain name, obtain sensitive information, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review Apple...

Google Releases Chrome 17.0.963.79

Google has released Chrome 17.0.963.79 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

Apple Releases Multiple Security Updates

Apple has released security updates for Apple iOS, Apple TV, and iTunes to address multiple vulnerabilities for the following products. Apple TV 2nd generation iPhone 3GS iPhone 4 and 4S iPod Touch 3rd generation and later iPad and iPad 2 iTunes for Windows 7, Vista, and XP service pack 2 or late...

Microsoft Releases March Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Visual Studio, and Express Design as part of the Microsoft Security Bulletin Summary for March 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or opera...

Google Releases Chrome 17.0.963.65

Google has released Chrome 17.0.963.65 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

Adobe Releases Update for Adobe Flash Player

Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities affecting the following software versions: Adobe Flash Player 11.1.102.62 and earlier versions from Windows, Linux, and Solaris operating systems Adobe Flash Player 11.1.115.6 and earlier versions fo...

Cisco Releases Multiple Security Advisories

Cisco has released six security advisories to address vulnerabilities affecting the following products: Cius Wifi devices running Cius Software Version 9.21 SR1 and prior Cisco Unified Communications Manager Software versions 6.x, 7.x, and 8.x Cisco Business Edition 3000, 5000, and 6000 Cisco Uni...

DNSChanger Malware

UPDATE: On March 5, 2012, a federal judge agreed to allow more time for organizations and individuals to clean systems of the DNSChanger malware and extended the deadline for shutting off servers that had been keeping infected computers connected to the internet. Although the new deadline is July...

Adobe Releases Security Advisory for Adobe Flash Player

Adobe has released a security advisory to alert users of vulnerabilities affecting the following software: Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x Adobe Fla...

Google Releases Chrome 17.0.963.56

Google has released Chrome 17.0.963.56 for Linux, Macintosh, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review th...

Cisco Releases Security Advisory for Cisco NX-OS

Cisco has released a security advisory to address a vulnerability in the following Cisco NX-OS Software Series: Cisco Nexus 1000v Series Switches Cisco Nexus 5000 Series Switches Cisco Nexus 7000 Series Switches Exploitation of this vulnerability may allow an attacker to cause a denial-of-service...

Oracle Releases Critical Patch Update for February 2012

Oracle released its February Critical Patch Update CPU containing 14 security fixes for the following products: JDK and JRE 7 Update 2 and earlier JDK and JRE 5 Update 30 and earlier JDK and JRE 5.0 Update 33 and earlier SDK and JRE 1.4.235 and earlier JavaFX 2.0.2 and earlier US-CERT encourages...

Adobe Releases Security Bulletins for Adobe Shockwave Player and RoboHelp

Adobe has released a security bulletins for Adobe Shockwave Player and RoboHelp to address multiple vulnerabilities affecting the following software versions: Adobe Shockwave Player 11.6.3.633 and earlier versions for Windows and Macintosh Adobe RoboHelp 9 or 8 for Word on Windows Exploitation of...

Mozilla Releases Firefox 10.0.1

The Mozilla Foundation has released Firefox 10.0.1 to address a vulnerability. This vulnerability may cause a denial-of-service condition or potentially allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox...

Microsoft Releases February Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .Net Framework, Silverlight, Office, and Server Software as part of the Microsoft Security Bulletin Summary for February 2012. These vulnerabilities may allow an attacker to execute arbitrary code o...

Google Releases Chrome 17.0.963.46

Google has released Chrome 17.0.963.46 for Linux, Mac, Windows, and Google Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code and cause a denial-of-service condition. US-CERT encourages users and administrators to review the...

U.S. Tax Season Phishing Scams and Malware Campaigns

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potenti...

Apple Releases Multiple Security Updates

Apple has released security updates for Apple OS X Lion 10.7 to 10.7.2, OS X Lion Server 10.7 to 10.7.2, Mac OS 10.6.8, and Mac OS X Server v 10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition,...

Mozilla Releases Firefox 10 and 3.6.26

The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or perform a cross-site scripting attack. US-CERT...

Google Releases Chrome 16.0.912.77

Google has released Chrome 16.0.912.77 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Google Chro...

Symantec pcAnywhere Hotfix

Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows: pcAnywhere 12.5 SP3 pcAnywhere Solutions 7.1 GA, SP 1, and SP 2 US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and appl...

Denial-of-Service Malware Campaign

US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous. US-CERT encourages users and administrators to do the following to...

Best Practices for Recovery from the Malicious Erasure of Files

There are many ways in which cyber criminals can damage computer systems and data, including changing or deleting files, wiping hard drives, and erasing backups to hide their malicious activity. Hard drives are wiped, or "zeroed out," when the original data is overwritten with zeros or different...

Oracle Releases Critical Patch Update for January 2012

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes: 2 for Oracle Database Server 1 for Oracle Fusion Middleware 3 for Oracle E-Business Suite 1 for Oracle Supply Chain Products...

Adobe Releases Security Advisory for Adobe Reader and Acrobat

Adobe has released a Security Advisory for Adobe Reader and Acrobat to address multiple vulnerabilities affecting the following software versions: Adobe Reader X 10.1.1 and earlier 10.x versions for Windows and Macintosh Adobe Reader 9.4.7 and earlier 9.x versions for Windows Adobe Reader 9.4.6 a...

Phishing Campaign Using Spoofed US-CERT Email Addresses

On January 10, 2012, US-CERT received reports of a phishing campaign that is spoofing US-CERT email to deliver a variant of the Zeus/Zbot Trojan known as Ice-IX. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...

Microsoft Releases January Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software as part of the Microsoft Security Bulletin Summary for January 2012. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges,...

Google Releases Chrome 16.0.912.75

Google has released Chrome 16.0.912.75 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby...

Mozilla Releases Firefox 9 and 3.6.25

The Mozilla Foundation has released Firefox 9 and Firefox 3.6.25 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages users and administrators t...

USAA Phishing Scam and Malware Campaign

US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association USAA members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone...

Personal Device Security During the Holiday Season

As the winter holiday travel season begins, US-CERT would like to remind users to be mindful of the security risks associated with portable devices such as smart phones, tablets, and laptops. US-CERT would like to encourage users to review the following US-CERT Cyber Security Tips. Following the...

Google Releases Chrome 16.0.912.63

Google has released Chrome 16.0.912.63 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Adobe Releases Security Advisory for Adobe Reader and Acrobat

Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions: Adobe Reader X 10.1.1 and earlier versions for Windows and Macintosh Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and Unix Adobe Acrobat...

Microsoft Releases December Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for December 2011. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges...

Holiday Season Phishing Scams and Malware Campaigns

As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holidays and holiday shopping season. US-CERT remind...

Adobe Releases Security Advisory for Adobe Flex SDK

Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attack...

Internet Systems Consortium Releases BIND-P1 Patches

The Internet Systems Consortium has released updates for BIND to address a vulnerability. This vulnerability may allow an attacker to cause a denial-of-service condition. Please refer to the Internet Systems Consortium advisory for additional information. US-CERT recommends that administrators of...

Google Releases Chrome 15.0.874.121

Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome...

Apple Releases iTunes 10.5.1

Apple has released iTunes 10.5.1 to address a vulnerability. This vulnerability may allow an attacker to conduct a man-in-the-middle attack that could lead a user to click on a forged link believed to have originated from Apple. US-CERT encourages users and administrators to review Apple article...

Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR

Adobe has released a security advisory to alert users of vulnerabilities affecting Adobe Flash Player and Adobe AIR. These vulnerabilities affect Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux, Solaris, Adobe Flash Player 11.0.1.153 for Android, and Adobe AIR 3.0...

Apple Releases iOS 5.0.1

Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators...

Fraudulent Digital Certificates Could Allow Spoofing

US-CERT is aware of public reports that DigiCert Sdn. Bhd has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the pare...

Google Releases Chrome 15.0.874.120

Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Mozilla Releases Firefox 8 and 3.6.24

The Mozilla Foundation has released Firefox 8 and Firefox 3.6.24 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, cause a denial-of-services condition, obtain sensitive information, or perform a cross-si...

Adobe Releases Security Bulletin for Adobe Shockwave Player

Adobe has released a security update for Adobe Shockwave Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. These vulnerabilities affect Shockwave Player 11.6.1.629 and earlier versions for the Windows and Macintosh...