| Sep 14, 2011 |
Cisco Releases Multiple Security Advisories Cisco has released two security advisories to address vulnerabilities affecting the CiscoWorks LAN Management Solution, the Cisco Unified Service Monitor, and the Cisco Unified Operations Manager. These vulnerabilities may allow an unauthenticated attacker to execute arbitrary code. US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20110914-lms and cisco-sa-20110914-cusm and apply any necessary updates to help mitigate the risks.
|
| Sep 09, 2011 |
Adobe Prenotification Security Advisory for Adobe Reader and Acrobat Adobe has issued a prenotification advisory indicating that it plans to release updates for Adobe Reader and Acrobat to address multiple vulnerabilities. The advisory indicates that updates for Windows and Macintosh will be available on September 13, 2011. US-CERT encourages users and administrators to review the Adobe Advisory. US-CERT will provide additional information as it becomes available. |
| Sep 08, 2011 |
Microsoft Releases Advance Notification for September Security Bulletin Microsoft has issued a Security Bulletin Advance Notification indicating that its September release will contain five bulletins. These bulletins will have the severity rating of important and will be for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, September 13, 2011. US-CERT will provide additional information as it becomes available. |
| Aug 30, 2011 |
Fraudulent DigiNotar SSL Certificate US-CERT is aware of public reports of the existence of at least one fraudulent SSL certificate issued by DigiNotar. This fraudulent SSL certificate could be used by an attacker to masquerade as any subdomain of google.com. Mozilla will be releasing new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and mobile (6.0.1, 7, 8, and 9). Additional information can be found in the Mozilla Security Blog. Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. This change affects all versions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. Microsoft will be releasing a future update for Windows XP and Windows Server 2003 to address this issue. Additional information can be found in Microsoft Security Advisory 2607712. US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available. |
| Aug 29, 2011 |
Potential Hurricane Irene Phishing Scams In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as Hurricane Irene. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem relevant to a high-interest subject and appear to originate from a valid sender. US-CERT reminds users to remain vigilant for potential malicious cyber activity seeking to capitalize on interest in Hurricane Irene. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Irene, even if it appears to originate from a trusted source. US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
|
| Aug 25, 2011 |
Cisco Releases Security Advisories Cisco has released three security advisories to address vulnerabilities affecting the Cisco Unified Communications Manager, the Cisco Unified Presence Server, and the Cisco Intercompany Media Engine. These vulnerabilities may allow an attacker to disclose sensitive information or cause a denial-of-service condition. US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks. |
| Aug 23, 2011 |
Google Releases Chrome 13.0.782.215 Google has released Chrome 13.0.782.215 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 13.0.782.215 to help mitigate the risks. |
| Aug 17, 2011 |
Mozilla Releases Firefox 6 and 3.6.20 The Mozilla Foundation has released Firefox 6 and Firefox 3.6.20 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, operate with escalated privileges, or obtain sensitive information. US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 6 and Firefox 3.6.20 and apply any necessary updates to help mitigate the risks. |
| Aug 10, 2011 |
RIM Releases Security Advisory for BlackBerry Enterprise Server RIM has released a security advisory to address a vulnerability in the BlackBerry MDS Connection Service and BlackBerry Messaging Agent for the BlackBerry Enterprise Server. The vulnerability may allow an attacker to execute arbitrary code or gain unauthorized access to the BlackBerry Enterprise Server. US-CERT encourages users and administrators to review the BlackBerry security advisory KB27244 and apply any necessary updates to help mitigate the risks. |
| Aug 10, 2011 |
Adobe Releases Security Bulletins for Multiple Products Adobe has released security bulletins to alert users of critical and important vulnerabilities in multiple products. The following products are affected:
Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, take control of an affected system, or perform a cross-site scripting attack. US-CERT encourages users and administrators to review the Adobe security bulletins and apply any necessary updates to help mitigate the risks. |