Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
November 2009
 Right Arrow
Su M Tu W Th F Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    November 25, 2009 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    November 24Malicious Code Circulating via Social Security Administration Phishing Messages
    November 23Microsoft Releases Security Advisory 977981
    November 16Microsoft Releases Security Advisory 977544
    November 16SSL and TLS Vulnerable to Man-in-the-middle Attacks
    November 12Apple Releases Safari 4.0.4
    November 10Microsoft Releases November Security Bulletin
    November 10Apple Releases Mac OS X v10.6.2 and Security Update 2009-006
    November 5Microsoft Releases Advance Notification for November Security Bulletin
    November 5BlackBerry Desktop Manager Vulnerability
    November 4Sun Releases Update 17 for Java SE 6


    Malicious Code Circulating via Social Security Administration Phishing Messages

    added November 24, 2009 at 03:22 pm

    US-CERT is aware of public reports of malicious code circulating via phishing email messages that appear to come from the Social Security Administration. The messages indicate that the users' annual Social Security statements may contain errors and instruct users to follow a link to review their Social Security statement. If users click this link, they will be redirected to a seemingly legitimate website that prompts them for their Social Security number. If users enter their Social Security number and continue to the next page, they will be given an option to generate a statement. If users attempt to generate a statement, malicious code may be installed on their systems. This malicious code attempts to collect online banking traffic to gain access to the users' bank accounts.

    US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

    • Install antivirus software, and keep the virus signatures up to date.
    • Do not follow unsolicited links and do not open unsolicited email messages.
    • Use caution when visiting untrusted websites.
    • Use caution when entering personal information online.
    • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
    • Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
    US-CERT will provide additional information as it becomes available.


    Microsoft Releases Security Advisory 977981

    added November 23, 2009 at 08:51 pm

    Microsoft has released security advisory 977981 to address a vulnerability in Microsoft Internet Explorer. This vulnerability may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review Microsoft Security Advisory 977981  and implement the suggested workarounds listed in the advisory to help mitigate the risks.


    Microsoft Releases Security Advisory 977544

    added November 16, 2009 at 09:21 am

    Microsoft has released security advisory 977544 to address a vulnerability in the Server Message Block (SMB) protocol. This vulnerability may allow an attacker to cause a denial-of-service condition. This vulnerability only affects Windows 7 and Server 2008 software.

    US-CERT encourages users and administrators to review Microsoft security advisory 977544 and apply the workarounds.


    SSL and TLS Vulnerable to Man-in-the-middle Attacks

    added November 6, 2009 at 07:01 pm | updated November 16, 2009 at 08:57 am

    US-CERT is aware of reports of publicly available exploit code for a vulnerability within the SSL and TLS protocols. Reports indicate that exploitation of this vulnerability may allow an attacker to conduct a man-in-the-middle attack, allowing an attacker to inject plaintext into the beginning of the application protocol stream.

    US-CERT encourages OpenSSL users and administrators to review the OpenSSL 0.9.8l release and apply any updates.

    US-CERT has not received any reports of active exploitation and will continue to provide additional information as it becomes available.


    Apple Releases Safari 4.0.4

    added November 12, 2009 at 08:08 am

    Apple has released Safari 4.0.4 to address multiple vulnerabilities in a number of components. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site request forgery, or obtain sensitive information. These vulnerabilities affect Safari running on both the Mac OS X and Windows platforms.

    US-CERT encourages users and administrators to review Apple article HT3949 and upgrade to Safari 4.0.4 to help mitigate the risks.


    Microsoft Releases November Security Bulletin

    added November 10, 2009 at 01:50 pm

    Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for November 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied. 


    Apple Releases Mac OS X v10.6.2 and Security Update 2009-006

    added November 10, 2009 at 08:02 am

    Apple has released Mac OS X v10.6.2 and Security Update 2009-006 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct a man-in-the-middle attack, operate with escalated privileges, or obtain sensitive information.

    US-CERT encourages users and administrators to review Apple article HT3937 and apply any necessary updates to help mitigate the risks.


    Microsoft Releases Advance Notification for November Security Bulletin

    added November 5, 2009 at 04:17 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that its November release cycle will contain six bulletins, three of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows. There will also be three important bulletins for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, November 10.

    US-CERT will provide additional information as it becomes available.


    BlackBerry Desktop Manager Vulnerability

    added November 5, 2009 at 08:45 am

    Research in Motion has released Security Advisory KB19701 to address a vulnerability in BlackBerry Desktop Manager. This vulnerability may allow an attacker to execute arbitrary code.

    US-CERT encourages users to review BlackBerry Security Advisory KB19701 and apply any necessary updates.


    Sun Releases Update 17 for Java SE 6

    added November 4, 2009 at 09:04 am

    Sun has released update 17 for Java SE JDK 6 and Java SE JRE 6 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, denial of service, and information disclosure.

    US-CERT encourages users and administrators to review the Java the Java SE 6 Update 17 release notes and apply any necessary updates to help mitigate the risks.