| Jan 05, 2012 |
Microsoft Releases Advance Notification for January Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its January release will contain seven bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows and Microsoft Developer Tools and Software. Release of these bulletins is scheduled for Tuesday, January 10, 2012. US-CERT will provide additional information as it becomes available. |
| Dec 28, 2011 |
Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products. The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is not affected by this attack. Additional information can be found in the ruby 1.8.7 patchlevel 357 release notes. Microsoft has released a security advisory for ASP.NET containing a workaround. Additional information can be found in Microsoft Security Advisory 2659883. More information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#903934 and n.runs Security Advisory n.runs-SA-2011.004. US-CERT will provide additional information as it becomes available. |
| Dec 21, 2011 |
Mozilla Releases Firefox 9 and 3.6.25 The Mozilla Foundation has released Firefox 9 and Firefox 3.6.25 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 9 and Firefox 3.6.25 and apply any necessary updates to help mitigate the risk. |
| Dec 20, 2011 |
USAA Phishing Scam and Malware Campaign US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association (USAA) members. These messages contain the subject line "Direct Posted" and contain a randomly generated four-digit number placed in the USAA security zone section. The messages ask users to open an attached file containing malicious software that if activated could provide access to a user's personal information. US-CERT encourages users to do the following to help mitigate the risk:
|
| Dec 19, 2011 |
Personal Device Security During the Holiday Season As the winter holiday travel season begins, US-CERT would like to remind users to be mindful of the security risks associated with portable devices such as smart phones, tablets, and laptops. US-CERT would like to encourage users to review the following US-CERT Cyber Security Tips. Following the security practices suggested in each tip will help to keep your portable devices secure during the holiday season and throughout the year. |
| Dec 13, 2011 |
Google Releases Chrome 16.0.912.63 Google has released Chrome 16.0.912.63 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 16.0.212.63. |
| Dec 08, 2011 |
Microsoft Releases Advance Notification for December Security Bulletin Microsoft has issued a Security Bulletin Advanced Notification indicating that its December release will contain 14 bulletins. These bulletins will have the severity rating of critical to important and will be for Microsoft Windows, Microsoft Office, and Internet Explorer. Release of these bulletin is scheduled for Tuesday, December 13, 2011. US-CERT will provide additional information as it become available. |
| Dec 06, 2011 |
Adobe Releases Updates for Adobe Reader and Acrobat Adobe has released a Security Advisory for Adobe Reader and Acrobat to address a vulnerability affecting the following software versions:
Exploitation of this vulnerability may allow an attacker cause a denial-of-service condition or take control of the affected system. Adobe also states that using Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit for this vulnerability. US-CERT encourages users and administrators to review Adobe Security Bulletin ASPA11-04 for additional information. US-CERT will provide additional information as it becomes available. |
| Dec 02, 2011 |
Holiday Season Phishing Scams and Malware Campaigns As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holidays and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign. These phishing scams and malware campaigns may include but are not limited to the following:
|
| Dec 01, 2011 |
Adobe Releases Security Advisory for Adobe Flex SDK Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attacker to perform a cross-site scripting attack within the Adobe Flex SDK application. US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to mitigate the risk. |