| Dec 03, 2010 |
Google Releases Chrome 8.0.552.215 Google has released Chrome 8.0.552.215 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks. |
| Dec 02, 2010 |
WordPress Releases WordPress 3.0.2 WordPress has released WordPress 3.0.2 to address a vulnerability that may allow a malicious Author-level user to gain further access to the site, to fix multiple software bugs, and to provide additional security enhancements. US-CERT encourages users and administrators to review the WordPress blog entry regarding the release of WordPress 3.0.2 and apply any necessary updates to help mitigate the risks. |
| Dec 02, 2010 |
Internet Systems Consortium BIND Vulnerabilities The Internet Systems Consortium (ISC) has released three advisories to address multiple vulnerabilities affecting BIND. The first advisory, CVE-2010-3613, addresses a vulnerability in BIND versions 9.6.2 to 9.6.2-P2, 9.6-ESV to 9.6-ESV-R2, and 9.70 to 9.7.2-P2. This vulnerability exists when cache incorrectly allows an ncache entry and a rrsig for the same type. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#706148. The second advisory, CVE-2010-3614, addresses a vulnerability in BIND versions 9.0.x to 9.7.2-P2, 9.4-ESV to 9.4-ESV-R3, and 9.6-ESV to 9.6-ESV-R2. This vulnerability exists when "named" incorrectly marks zone data as insecure when the zone being queried is undergoing a key algorithm rollover. Exploitation of this vulnerability may allow answers to be incorrectly marked as insecure. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#837744. The third advisory, CVE-2010-3615, addresses a vulnerability in BIND version 9.7.2-P2. This vulnerability is due to the incorrect processing of "allow-query". Exploitation of this vulnerability may allow a remote attacker to bypass access restrictions. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#510208. US-CERT encourages users and administrators to review the advisories listed above and apply any necessary updates to help mitigate the risks. Because OpenSSL is often packaged in larger third-party applications or operating system distributions, users and administrators should check with their software vendors for updated versions. |
| Dec 01, 2010 |
Potential WikiLeaks Phishing Scams In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as the WikiLeaks website. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem relevant to a high-interest subject and appear to originate from a valid sender. US-CERT reminds users to remain vigilant for potential malicious cyber activity seeking to capitalize on interest in WikiLeaks. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to WikiLeaks, even if it appears to originate from a trusted source. US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
|
| Dec 01, 2010 |
VMware Releases Security Patch for ESX VMware has released a security patch for ESX to address a vulnerability. Exploitation of this vulnerability may allow a local user to gain additional privileges on the affected system. US-CERT encourages users and administrators to review VMware knowledgebase article 1029397 and apply any necessary updates to help mitigate the risks. |
| Nov 23, 2010 |
Apple Releases iOS 4.2 Apple has released iOS 4.2 for the iPhone, iPod Touch, and iPad to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, initiate a call, cause a denial-of-service condition, gain system privileges, or obtain sensitive information. US-CERT encourages users and administrators to review Apple article HT4456 and update to iOS 4.2 to mitigate the risks. |
| Nov 19, 2010 |
Apple Releases Safari 5.0.3 and 4.1.3 Apple has released Safari 5.0.3 and 4.1.3 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Apple article HT4455 and apply any necessary updates to help mitigate the risks. |
| Nov 18, 2010 |
Holiday Season Phishing Scams and Malware Campaigns In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign. These phishing scams and malware campaigns may include but are not limited to the following:
|
| Nov 17, 2010 |
OpenSSL Releases OpenSSL 1.0.0b OpenSSL has released OpenSSL 1.0.0b to address a vulnerability that may allow an attacker to execute arbitrary code. US-CERT recommends that users and administrators of this product update to OpenSSL version 1.0.0b or apply the workaround provided in the OpenSSL security advisory. Because OpenSSL is often packaged in larger applications or operating system distributions, users and administrators should check with their software vendors for updated versions. |
| Nov 16, 2010 |
Adobe Releases Security Updates for Reader and Acrobat Adobe has released security updates for Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including those described in security advisory APSA10-05, a recent Adobe PSIRT blog entry, and security bulletin APSB10-26. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that these updates for UNIX will be available on November 30, 2010. US-CERT encourages users and administrators to review Adobe security bulletin APSB10-28 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in US-CERT Vulnerability Note VU#298081. |