Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
June 2007
 Right Arrow
Su M Tu W Th F Sa
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    June 27, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    June 27Justice Department Warns Public of Fraudulent Spam Email
    June 27Multiple Vulnerabilities in Kerberos Administration Daemon
    June 25Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities
    June 22CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database
    June 21Cerulean Studios Trillian Instant Messenger Vulnerability
    June 14FBI Charges "Bot-Herders"
    June 13Microsoft Releases June Security Bulletins


    Justice Department Warns Public of Fraudulent Spam Email

    added June 27, 2007 at 06:41 pm

    The United States Department of Justice has released information warning the public of a recent surge in fraudulent spam e-mail messages claiming to be from the DOJ.  The messages contain a malicious attachment that supposedly contains information regarding complaints filed against them with the DOJ and IRS, but instead launches malware on the user's system when opened.

    More information regarding these messages can be found in the DOJ  Justice Department Alerts Public about Fraudulent Spam Email Press Release.

    To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT Using Caution with Email Attachments Cyber Security Tip.


    Multiple Vulnerabilities in Kerberos Administration Daemon

    added June 26, 2007 at 02:31 pm | updated June 27, 2007 at 07:43 am

    US-CERT is aware of multiple vulnerabilities in the Kerberos administration daemon that may allow a remote user to execute arbitrary code or cause a denial-of-service condition on an affected system.

    More information regarding these vulnerabilities may be found in the following:

    US-CERT strongly encourages users and administrators to review the documents above and apply the patches as described in MIT krb5 Security Advisories 2007-004 and 2007-005 to address these vulnerabilities.


    Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities

    added June 25, 2007 at 10:39 am

    Apple has released Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to address multiple vulnerabilities in WebCore, WebKit, and Safari 3 Beta. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or alter the contents of the address bar in the Safari web browser.

    More information regarding the vulnerabilities and remediation information can be found in the following:

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.


    CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database

    added June 22, 2007 at 03:26 pm

    Computer Associates has released updates to address several vulnerabilities in products that use the Ingres database. These vulnerabilities may allow an attacker to execute arbitrary code on an affected system.

    More information regarding these vulnerabilities and which applications are affected can be found in the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document.

    US-CERT strongly encourages users to review the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document and follow best-practice security policies to determine what updates should be applied.


    Cerulean Studios Trillian Instant Messenger Vulnerability

    added June 20, 2007 at 02:43 pm | updated June 21, 2007 at 04:47 pm

    US-CERT is aware of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger. The vulnerability may be exploited by viewing a malicious message containing a specially crafted UTF-8 string. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code with the credentials of the currently logged on user.

    More information about this vulnerability can be found in Vulnerability Note VU#187033.

    US-CERT encourages users to upgrade to Trillian 3.1.6.0 which has been released to address this vulnerability.


    FBI Charges "Bot-Herders"

    added June 14, 2007 at 02:54 pm

    The FBI's "Operation Bot Roast" has identified over 1 million computers across the country that have been compromised by botnets. For more information on how to identify, report, and prevent attacks, see US-CERT's Cyber Security Tip "Understanding Hidden Threats: Rootkits and Botnets".


    Microsoft Releases June Security Bulletins

    added June 12, 2007 at 01:18 pm | updated June 13, 2007 at 08:36 am

    Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, Outlook Express, Windows Mail, Visio, and the Windows Schannel Security Package as part of the Microsoft Security Bulletin Summary for June 2007.

    More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-163A.

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.