Current Activity Calendar

	February 2010
Su	M	Tu	W	Th	F	Sa
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28

Please click on a date above to see current activity for that day.

February 02, 2010 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*January 28*	Cisco Releases Security Advisory for Unified MeetingPlace
*January 26*	Google Releases Chrome 4.0.249.78
*January 22*	RealNetworks, Inc. Releases Updates to Address Vulnerabilities
*January 21*	Microsoft Releases Cumulative Security Update for Internet Explorer
*January 20*	Apple Releases Security Update 2010-001
*January 20*	Adobe Releases Shockwave Player Update
*January 14*	Microsoft Releases Security Advisory 979352
*January 14*	Haitian Earthquake Disaster Email Scams and Search Engine Poisoning Campaigns
*January 13*	IRS Warns of Online Scams
*January 12*	Adobe Releases Update for Adobe Reader and Acrobat

Cisco Releases Security Advisory for Unified MeetingPlace

added January 28, 2010 at 08:08 am

Cisco has released a security advisory to address multiple vulnerabilities in Unified MeetingPlace. These vulnerabilities may allow a remote, unauthenticated attacker to obtain sensitive information, manipulate configuration data, create unauthorized accounts, operate with elevated privileges or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100127-mp and apply any necessary updates to help mitigate the risks.

Google Releases Chrome 4.0.249.78

added January 26, 2010 at 08:26 am

Google has released Chrome 4.0.249.78 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, bypass security restrictions, or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 4.0.249.78 for Windows to help mitigate the risks.

RealNetworks, Inc. Releases Updates to Address Vulnerabilities

added January 22, 2010 at 08:36 am

RealNetworks, Inc. has released updates to address multiple vulnerabilities in several versions of RealPlayer for Windows, Mac, and Linux and several versions of the Helix Player for Linux. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the RealNetworks, Inc. advisory and apply any necessary updates to help mitigate the risks.

Microsoft Releases Cumulative Security Update for Internet Explorer

added January 21, 2010 at 01:57 pm

Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Microsoft Security Bulletin MS10-002 and apply any necessary updates to help mitigate the risks.

Apple Releases Security Update 2010-001

added January 20, 2010 at 08:52 am

Apple has released Security Update 2010-001 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4004 and apply any necessary updates to help mitigate the risks.

Adobe Releases Shockwave Player Update

added January 20, 2010 at 08:52 am

Adobe has released an update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe Security Bulletin APSB10-03 and apply any necessary updates to help mitigate the risks.

Microsoft Releases Security Advisory 979352

added January 14, 2010 at 06:49 pm

Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.

US-CERT encourages users and administrators to review Microsoft Security Advisory 979352 and apply the suggested workaround of setting the Internet zone security setting to High to help mitigate the risks.

Additional information about this vulnerability can be found in Vulnerability Note VU#492515.

Haitian Earthquake Disaster Email Scams and Search Engine Poisoning Campaigns

added January 13, 2010 at 07:33 pm | updated January 14, 2010 at 12:28 pm

US-CERT would like to warn users of potential email scams and search engine poisoning campaigns that may circulate regarding the Haitian Earthquake disaster. The scam emails may contain links or attachments which may direct users to phishing or malware-laden websites. Fraudulent search engine results may return similar malicious web links to phishing and malware websites.

US-CERT encourages users to take the following measures to protect themselves:

Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Review the Federal Trade Commission's Charity Checklist.
Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

IRS Warns of Online Scams

added January 13, 2010 at 03:39 pm

US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to convince consumers to reveal personal and financial information that can be used to gain access to bank accounts, credit cards, and other financial institutions.

US-CERT encourages users to do the following to mitigate the risks:

Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on social engineering attacks.
Refer to the Avoiding Social Engineering and Phishing Attacks (pdf) document for more information on social engineering attacks.

Adobe Releases Update for Adobe Reader and Acrobat

added January 12, 2010 at 07:01 pm

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe Security Bulletin APBS10-02 and apply any necessary updates to help mitigate the risks.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory