| Apr 04, 2008 |
CA BrightStor ARCserve Backup Vulnerabilities CA has released updates to address multiple vulnerabilities in BrightStor ARCserve Backup and other CA products. These vulnerabilities are due to boundary errors within the CA Alert Notification Server service. These vulnerabilities may allow a local attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users to review the CA Security Notice for Alert Notification Server for a complete list of affected products and apply any necessary updates. |
| Apr 04, 2008 |
Cisco Unified Communication Disaster Recovery Framework Vulnerability Cisco has released a patch to address a vulnerability in the Unified Communication Disaster Recovery Framework. This vulnerability is due to improper authentication of requests received over the network. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code, gain control of the affected system, obtain and modify system configuration parameters, or cause a denial-of-service condition. US-CERT encourages users and administrators to review Cisco advisory cisco-sa-20080403-drf and apply the patch or use the workarounds. |
| Apr 03, 2008 |
Microsoft Releases Advance Notification for April Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its April release cycle will contain eight bulletins, five of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be three important bulletins for Microsoft Windows and Office. The release is scheduled for Tuesday, April 8. US-CERT will provide additional information as it becomes available. |
| Apr 03, 2008 |
Opera 9.27 Released Opera Software has released Opera 9.27 to address multiple vulnerabilities. These vulnerabilities are cause by errors that occur when the user is prompted to add newsfeeds and by issues in the processing of HTML CANVAS elements. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users to review Opera knowledgebase advisories 881 and 882 and upgrade to Opera 9.27 to help mitigate the risks. |
| Apr 03, 2008 |
Apple Releases QuickTime 7.4.5 Apple has released QuickTime 7.4.5 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or obtain sensitive information. US-CERT encourages users to review Apple knowledgebase article HT1241 and upgrade to Quicktime 7.4.5 to help mitigate the risks. |
| Apr 01, 2008 |
Macrovision InstallShield ActiveX Vulnerability US-CERT has seen reports of a vulnerability in Macrovision InstallShield. This vulnerability is due to an error in the One-Click Install ActiveX control for InstallScript projects. This ActiveX control is used for loading DLL files. If a user visits a specially crafted website, a maliciously crafted DLL file may be loaded onto the user's system, allowing an attacker to execute arbitrary code. US-CERT encourages users to do the following to help mitigate the risks:
|
| Apr 01, 2008 |
PayPal Phishing Attack US-CERT has seen reports of a phishing attack that targets PayPal users. The attack arrives via an unsolicited email message containing an HTML attachment. The message indicates that the attachment is a verification form intended to offer the user protection from fraudulent activity. Users who open the attachment are instructed to enter their email address and PayPal password. This information is then sent to an attacker. US-CERT encourages users to do the following to help mitigate the risks:
|
| Apr 01, 2008 |
Storm Worm Activity Related to April Fools Day US-CERT is aware of a recent increase in Storm Worm activity. The latest activity is related to April Fools Day (April 1). This Trojan is spread via unsolicited email messages that attempt to convince users to follow a link to a malicious website. If a user follows this link, the Trojan may attempt to download and install itself on the user's system. Currently, this variant of the Storm Worm Trojan is being observed as having the following file names:
|
| Mar 31, 2008 |
Internal Revenue Service Scams US-CERT is aware of a series of scams circulating that are related to the United States Internal Revenue Service. The first of these attacks, attempts to convince users to open bogus tax documents that may contain malicious code. Additional attacks attempt to convince users to follow a link in an email message to an unofficial tax website that may contain malicious code or request personal information as part of a phishing scam. US-CERT encourages users to do the following to help mitigate the risks:
|
| Mar 26, 2008 |
Cisco Releases Security Advisories Cisco has released five security advisories to address multiple vulnerabilities in Cisco IOS. These vulnerabilities may allow a remote, unauthenticated attacker to cause a denial-of-service condition on the affected device. US-CERT encourages users to review the Cisco Security Advisories and apply the appropriate updates or workarounds. |