| May 16, 2011 |
Mississippi Flooding Disaster Email Scams, Fake Antivirus, and Phishing Attack Warning Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus charitable organizations commonly appear after these types of natural disasters.
US-CERT will provide additional information as it becomes available. |
| May 13, 2011 |
Adobe Releases Flash Player and Flash Media Server Updates Adobe has released updates for Flash Player and Flash Media Server to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 10.2.159.1 and earlier versions for Windows, Macintosh, Linux, and Solaris; Adobe Flash Player 10.2.157.51 and earlier versions for Android; Adobe Flash Media Server 4.0.1 and earlier versions; and Adobe Flash Media Server 3.5.5 and earlier versions for Windows and Linux. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code. US-CERT encourages users and administrators to review Adobe Security Advisory APSB11-12 and Adobe Security Advisory APSB11-11 and apply any necessary updates to help mitigate the risks. |
| May 12, 2011 |
Google Releases Chrome 11.0.696.68 Google released Chrome 11.0.696.68 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 11.0.696.68 to help mitigate the security risks. |
| May 10, 2011 |
Microsoft Releases May Security Bulletin Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office as part of the Microsoft Security Bulletin Summary for May 2011. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. |
| May 10, 2011 |
WebGL Security Risks US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari. US-CERT encourages users and administrators to review the Context report and disable WebGL to help mitigate the risks. |
| May 09, 2011 |
Apple Releases iOS 4.3.3 Apple released iOS 4.3.3 for the iPhone, iPod Touch, and iPad to address location tracking history capabilities. This update specifically addresses two bugs in iOS that resulted in the devices storing historical location data for too long. US-CERT encourages users and administrators to review Apple article DL1358 and update to iOS 4.3.3. |
| May 05, 2011 |
Microsoft Releases Advance Notification for May Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating its May release will contain two bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining bulletin will have the severity rating of important and will be for Microsoft Office. Release of these bulletins is scheduled for Tuesday, May 10, 2011. US-CERT will provide additional information as it becomes available. |
| May 02, 2011 |
Osama Bin Laden's Death Email Scams, Fake Antivirus, and Phishing Attack Warning Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding Osama Bin Laden's death. Email scams may contain links or attachments that may direct users to malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting personal information commonly appear after this type of news. US-CERT encourages users to take the following measures to protect themselves:
|
| Apr 29, 2011 |
Video Game Phishing US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that are playable on Xbox LIVE and other gaming systems. Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue. US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks:
|
| Apr 29, 2011 |
Mozilla Releases Firefox updates Mozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for April 28, 2011 and apply any necessary updates to mitigate the risks. |