| Jun 06, 2011 |
Oracle Issues Pre-Release Announcement for June 2011 Oracle has issued a Pre-Release Announcement indicating that its June Critical Patch Update (CPU) will contain 17 new security fixes for the following products:
US-CERT will provide additional information as it becomes available. |
| Jun 02, 2011 |
Cisco Releases Security Advisories for Multiple Products Cisco has released security advisories for four products to address multiple vulnerabilities. These products include Cisco Unified IP phones, Cisco Network Registrar, Cisco AnyConnect Secure Mobility Client, and Cisco Media Experience. Exploitation of the vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or gain administrative access. US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.
|
| Jun 02, 2011 |
Gmail Phishing Attack US-CERT is aware of public reports of a phishing attack that specifically targets US government and military officials' Gmail accounts. The attack arrives via an email sent from a spoofed address of an individual or agency known to the targeted user. The email contains a "view download" link that leads to a fake Gmail login page. The login information is then sent to an attacker. Google has indicated that this phishing campaign has been disrupted and that affected parties have been notified. US-CERT encourages users and administrators to do the following to help mitigate the risks:
|
| Jun 01, 2011 |
Apple Releases Malware Detection Tool Apple has released Security Update 2011-003 for Mac OS X in response to the recent Mac fake anti-virus software. This update:
US-CERT encourages users and administrators to review Apple article HT4657 and apply Security Update 2011-003 to mitigate the risks. |
| May 27, 2011 |
Internet System Consortium releases BIND patches The Internet System Consortium has released updates for BIND to address a vulnerability in BIND versions 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, and 9.8.0 and later. Exploitation of this vulnerability may allow an attacker to cause a denial-of-service condition. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#795694. US-CERT encourages users and administrators to review CVE-2011-1910 and apply the respective patches to help mitigate the risks. Since BIND is often packaged in larger third-party applications or operating system distributions, users and administrators should check with their software vendors for updated versions. |
| May 26, 2011 |
Cisco Releases Security Advisory for Cisco Internet Streamer Cisco has released a security advisory to address a vulnerability in the web server component of the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110525-spcdn and apply any necessary updates or workarounds to help mitigate the risks. |
| May 26, 2011 |
WordPress Releases Version 3.1.3 WordPress has released WordPress 3.1.3 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.3 and apply any necessary updates to help mitigate the risks. |
| May 25, 2011 |
Google Chrome Releases 11.0.696.71 Google has released Chrome 11.0.696.71 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 11.0.696.71 to help mitigate the security risks. |
| May 25, 2011 |
Apple Mac Defender, MacProtector, and MacSecurity Fake Anti-Virus Software Apple has released a security advisory related to the recent Mac fake anti-virus software. The most common names for this fake anti-virus software are MacDefender, MacProtector, and MacSecurity. This fake anti-virus software is the result of a phishing scam targeting Mac users that redirects them from legitimate websites to fake websites. These fake websites notify the user that their computer is infected with a virus, and the user is tricked into installing the fake anti-virus software to solve the issue. The ultimate goal of the fake anti-virus software is to steal the user's credit card information. US-CERT encourages users to perform the following preventative measures to help mitigate the risks:
Apple plans to deliver a security update to address the issue. US-CERT will provide additional details as they become available. |
| May 19, 2011 |
Microsoft Releases New Version of EMET Microsoft has released a new, fully supported version of the Enhanced Mitigation Experience Toolkit (EMET) designed to mitigate exploitation attempts. EMET allows users to manage security mitigation technologies to make it more difficult for an attacker to exploit software vulnerabilities. US-CERT encourages users and administrators to review the Microsoft Security Research and Defense blog entry for further information about this new version of EMET. |