4188 matches found
Cisco Releases Security Advisories for IOS Software
Cisco has released a bundled publication, which contains seven security advisories, to address multiple vulnerabilities in Cisco IOS Software. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators ...
Mozilla Releases Firefox 3.6.2
The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code. US-CERT encourages users and administrators to do the following to help mitigate the risks: Review the Firefox 3.6....
CA Releases Updates for ARCserve Backup
CA has released updates to address vulnerabilities in the version of Java JRE bundled with ARCserve Backup. These vulnerabilities in Java JRE may allow an attacker to execute arbitrary code, bypass security restrictions, cause a denial-of-service condition, or obtain sensitive information. US-CER...
Zeus Trojan Campaign Warning
US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security DHS. The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain ...
Apple Releases Safari 4.0.5
Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions...
Microsoft Releases March Security Bulletin
Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2010. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletins...
Energizer DUO USB Battery Charger Software Allows Remote System Access
US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows an...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities. Security advisory cisco-sa-20100303-cucm, addresses multiple vulnerabilities in the Cisco Unified Communications Manager which affect the Session Initiation Protocol SIP, Skinny Client Control Protocol SCCP, and the Computer...
Microsoft Releases Advance Notification for March Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification, indicating that its March release cycle will contain two bulletins. These bulletins will have a severity rating of Important and will be for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday,...
Microsoft Re-Releases Security Bulletin MS10-015
Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to...
U.S. Census Bureau 2010 Census Campaign Warning
US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010 Census campaign and to watch for potential census scams. According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to...
Microsoft Releases Security Advisory to Address VBScript Vulnerability
Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document web page...
Adobe Releases a Security Update for Download Manager
Adobe has released a security bulletin to address a vulnerability in the Adobe Download Manager. This vulnerability could allow an attacker to download and install unauthorized software. US-CERT encourages users and administrators to review security bulletin APSB10-08 and review the steps to...
Mozilla Releases Security Advisories
The Mozilla Foundation has released multiple security advisories to address vulnerabilities in Mozilla Firefox, Thunderbird, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions. US-CERT...
Cisco Releases Multiple Security Advisories
Cisco has released three security advisories to address vulnerabilities. Security advisory, cisco-sa-20100217-fwsm, addresses a vulnerability in the Cisco Firewall Services Module FWSM for the Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers. Successful and repeated exploitation ...
Adobe Releases Security Bulletins for Acrobat, Reader, and Flash Player
Adobe has released two security bulletins to address vulnerabilities in Adobe Acrobat, Reader, and Flash Player. The first bulletin, APSB10-06, is a security update for Adobe Flash Player and Adobe AIR that addresses a critical vulnerability. Exploitation of these vulnerabilities may allow an...
Google Releases Chrome 4.0.249.89
Google has released Chrome 4.0.249.89 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...
Cisco Releases Advisory for IronPort Encryption Appliance
Cisco has released an advisory to address multiple vulnerabilities in IronPort Encryption Appliance. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users and administrators to review...
Microsoft Releases February Security Bulletin
Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for February 2010. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated...
Oracle Releases Security Alert for WebLogic Server Vulnerability
Oracle has released a security alert to address a vulnerability in Oracle WebLogic Server. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands on an affected system. US-CERT encourages users and administrators to review the Oracle security...
Apple Releases iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch
Apple has released iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod touch to address vulnerabilities in the CoreAudio, ImageIO, Recovery Mode and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain...
Microsoft Releases Advance Notification for February Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification, indicating that its February release cycle will contain 13 bulletins. Five of them will have a severity rating of Critical and will be for Microsoft Windows. The remaining eight bulletins have an Important rating and are for Microsoft...
Microsoft Releases Security Advisory 980088
Microsoft has released Security Advisory 980088 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to harvest user credentials and other sensitive information by enticing users to visit a malicious...
Cisco Releases Security Advisory for Unified MeetingPlace
Cisco has released a security advisory to address multiple vulnerabilities in Unified MeetingPlace. These vulnerabilities may allow a remote, unauthenticated attacker to obtain sensitive information, manipulate configuration data, create unauthorized accounts, operate with elevated privileges or...
Google Releases Chrome 4.0.249.78
Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition. US-CERT encourages users and...
RealNetworks, Inc. Releases Updates to Address Vulnerabilities
RealNetworks, Inc. has released updates to address multiple vulnerabilities in several versions of RealPlayer for Windows, Mac, and Linux and several versions of the Helix Player for Linux. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and...
Microsoft Releases Cumulative Security Update for Internet Explorer
Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security...
Apple Releases Security Update 2010-001
Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4004 and...
Adobe Releases Shockwave Player Update
Adobe has released an update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...
Microsoft Releases Security Advisory 979352
Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitatio...
IRS Warns of Online Scams
US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to...
Haitian Earthquake Disaster Email Scams and Search Engine Poisoning Campaigns
US-CERT would like to warn users of potential email scams and search engine poisoning campaigns that may circulate regarding the Haitian Earthquake disaster. The scam emails may contain links or attachments which may direct users to phishing or malware-laden websites. Fraudulent search engine...
Adobe Releases Update for Adobe Reader and Acrobat
Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities...
Microsoft Releases January Security Bulletin
Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010. This vulnerability may allow an attacker to execute arbitrary code. An attacker may be able to exploit this vulnerability by convincing a user to view...
Oracle Releases Critical Patch Update for January 2010
Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products. This update contains the following security fixes: 10 for Oracle Database 3 for Oracle Application Server 3 for the Oracle Applications Suite 1 for PeopleSoft and JD Edwards Suite...
VMware Releases Multiple Updates for ESX
VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services NSS and NetScape Portable Runtime NSPR. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a...
PowerDNS Recursor Update Addresses Multiple Vulnerabilities
PowerDNS has released PowerDNS Recursor 3.1.7.2 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or spoof DNS information. US-CERT encourages users and administrators to review PowerDNS...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday,...