| Dec 11, 2009 |
HP Releases Update to Address OpenView Network Node Manager Vulnerabilities HP has released a security bulletin to address multiple vulnerabilities in OpenView Network Node Manager. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review HP security bulletin c01950877 and apply any necessary updates to help mitigate the risks. |
| Dec 09, 2009 |
Adobe Releases Security Updates for Flash Player and AIR Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Flash Player 10.0.32.18 and earlier and Adobe AIR1.5.2 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information. US-CERT encourages users and administrators to review Adobe security bulletin APSB09-19 and update to Adobe Flash Player 10.0.42.34 and Adobe AIR 1.5.3. |
| Dec 08, 2009 |
Microsoft Releases December Security Bulletin Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for December 2009. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. |
| Dec 03, 2009 |
Microsoft Releases Advance Notification for December Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its December release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Microsoft Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, December 8. US-CERT will provide additional information as it becomes available. |
| Dec 02, 2009 |
H1N1 Malware Campaign Circulating US-CERT is aware of public reports of a malware campaign circulating. This campaign is circulating via email messages offering information regarding the H1N1 vaccination. This email messages contain a link to a bogus Centers for Disease Control and Prevention website. Users who click on this link may become infected with malware. Public reports indicate that these email messages are noted as having subject lines such as: "Governmental registration program on the H1N1 vaccination" and "Your personal vaccination profile." Please note that subject lines may change at any time. US-CERT encourages users to take the following precautions to help mitigate the risks:
|
| Dec 01, 2009 |
Research In Motion Releases Advisory for BlackBerry PDF Distiller Vulnerabilities Research In Motion has released a security advisory to address multiple vulnerabilities in the PDF distiller of some released versions of the BlackBerry Attachment Service. The advisory lists the affected versions as BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows version 2003 or 2008, BlackBerry Enterprise Server 5.0.0 running on Microsoft Windows 2000, BlackBerry Enterprise Server software versions 4.1.3 through 4.1.7, and BlackBerry Professional Software 4.1.4. By convincing a user to view a specially crafted PDF file, an attacker may be able to execute arbitrary code or cause a denial-of-service condition on the system that hosts the BlackBerry Attachment Service. US-CERT encourages users and administrators to review BlackBerry security advisory KB19860 and apply any necessary updates. |
| Nov 24, 2009 |
Malicious Code Circulating via Social Security Administration Phishing Messages US-CERT is aware of public reports of malicious code circulating via phishing email messages that appear to come from the Social Security Administration. The messages indicate that the users' annual Social Security statements may contain errors and instruct users to follow a link to review their Social Security statement. If users click this link, they will be redirected to a seemingly legitimate website that prompts them for their Social Security number. If users enter their Social Security number and continue to the next page, they will be given an option to generate a statement. If users attempt to generate a statement, malicious code may be installed on their systems. This malicious code attempts to collect online banking traffic to gain access to the users' bank accounts. US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:
|
| Nov 23, 2009 |
Microsoft Releases Security Advisory 977981 Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security Advisory 977981 and implement the suggested workarounds listed in the advisory to help mitigate the risks. |
| Nov 16, 2009 |
Microsoft Releases Security Advisory 977544 Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software. US-CERT encourages users and administrators to review Microsoft security advisory 977544 and apply the workarounds. |
| Nov 12, 2009 |
Apple Releases Safari 4.0.4 Apple has released Safari 4.0.4 to address multiple vulnerabilities in a number of components. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site request forgery, or obtain sensitive information. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms. US-CERT encourages users and administrators to review Apple article HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks. |