Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
March 2010
 Right Arrow
Su M Tu W Th F Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    March 23, 2010 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    March 23Mozilla Releases Firefox 3.6.2
    March 19CA Releases Updates for ARCserve Backup
    March 17Zeus Trojan Campaign Warning
    March 12Apple Releases Safari 4.0.5
    March 9Microsoft Releases March Security Bulletin
    March 8Energizer DUO USB Battery Charger Software Allows Remote System Access
    March 4Cisco Releases Multiple Security Advisories
    March 4Microsoft Releases Advance Notification for March Security Bulletin
    March 3U.S. Census Bureau 2010 Census Campaign Warning
    March 3Microsoft Re-Releases Security Bulletin MS10-015


    Mozilla Releases Firefox 3.6.2

    added March 23, 2010 at 08:36 am

    The Mozilla Foundation has released Firefox 3.6.2 to address multiple security issues, including a critical vulnerability that may allow a remote attacker to execute arbitrary code.

    US-CERT encourages users and administrators to do the following to help mitigate the risks:

    Additional information regarding this vulnerability, including a workaround for users who cannot upgrade, can be found in the Vulnerability Notes Database.


    CA Releases Updates for ARCserve Backup

    added March 19, 2010 at 08:33 am

    CA has released updates to address vulnerabilities in the version of Java JRE bundled with ARCserve Backup. These vulnerabilities in Java JRE may allow an attacker to execute arbitrary code, bypass security restrictions, cause a denial-of-service condition, or obtain sensitive information.

    US-CERT encourages users and administrators to review the CA security notice CA20100318-01 and apply any necessary updates to help mitigate the risks.


    Zeus Trojan Campaign Warning

    added March 17, 2010 at 01:52 pm

    US-CERT is aware of public reports of malicious code circulating via spam email messages impersonating the Department of Homeland Security (DHS). The attacks arrive via unsolicited email messages that may contain subject lines related to DHS or other government activity. These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.

    US-CERT encourages users and administrators to take the following measures to protect themselves:

    • Do not follow unsolicited web links or attachments in email messages.
    • Maintain up-to-date antivirus software.
    • Refer to Cyber Security Tip ST04-014 - Avoiding Social Engineering and Phishing Attacks
    • Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.


    Apple Releases Safari 4.0.5

    added March 12, 2010 at 08:32 am

    Apple has released Safari 4.0.5 to address multiple vulnerabilities in ColorSync, ImageIO, PubSub, Safari, and WebKit. These vulnerabilities may allow a remote attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or bypass security restrictions.

    US-CERT encourages users and administrators to review Apple article HT4070 and upgrade to Safari 4.0.5 to help mitigate the risks.


    Microsoft Releases March Security Bulletin

    added March 9, 2010 at 01:44 pm

    Microsoft has released an update to address vulnerabilities in Microsoft Windows and Office as part of the Microsoft Security Bulletin Summary for March 2010. These vulnerabilities may allow an attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Energizer DUO USB Battery Charger Software Allows Remote System Access

    added March 8, 2010 at 10:26 am

    US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows and Apple Mac OS X versions. Only the Windows version is affected by this vulnerability.

    US-CERT encourages users and administrators to review Vulnerability Note VU#154421 and apply the recommended solutions.


    Cisco Releases Multiple Security Advisories

    added March 4, 2010 at 06:00 pm

    Cisco has released three security advisories to address vulnerabilities.

    Security advisory cisco-sa-20100303-cucm, addresses multiple vulnerabilities in the Cisco Unified Communications Manager which affect the Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP), and the Computer Telephony Integration (CTI) Manager services. Successful exploitation of these vulnerabilities could result in a denial-of-service condition and an interruption of voice services.

    Security advisory cisco-sa-20100303-dmm, addresses multiple vulnerabilities in the Cicso Digital Media Manager (DMM).  Successful exploitation of these vulnerabilities could allow for information disclosure, unauthorized settings or system configuration changes, and disclosure of default credentials.  There are no workarounds for mitigation, and US-CERT will alert users and administrators as updates are made available.

    Security advisory cisco-sa-20100303-dmp, addresses a vulnerability that exists in the Cisco Digital Media Player. Successful exploitation of this vulnerability may allow and attacker to inject video or data content into a remote display.

    US-CERT encourages users and administrators to review security advisory cisco-sa-20100303-cucm and cisco-sa-20100303-dmp and apply any necessary updates or workarounds to mitigate the risks.


    Microsoft Releases Advance Notification for March Security Bulletin

    added March 4, 2010 at 01:57 pm

    Microsoft has issued a Security Bulletin Advance Notification, indicating that its March release cycle will contain two bulletins. These bulletins will have a severity rating of Important and will be for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, March 9, 2010.

    US-CERT will provide additional information as it becomes available.


    U.S. Census Bureau 2010 Census Campaign Warning

    added March 3, 2010 at 11:21 am

    US-CERT asks users to be vigilant during the U.S. Census Bureau's 2010 Census campaign and to watch for potential census scams.

    According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to complete the census is by filling in the form using pen and ink; in some instances, census takers will be visiting households to complete the form face-to-face. It is important to understand that the U.S. Census Bureau will not, under any circumstances, be providing an online option to complete the 2010 census form.

    US-CERT encourages all residents in the United States to take the following measures to protect themselves:


    Microsoft Re-Releases Security Bulletin MS10-015

    added March 3, 2010 at 10:02 am

    Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015.  This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to determine if systems are compatible with the update.

    US-CERT encourages users and administrators to review Microsoft Knowledge Base Article 977165, Microsoft Knowledge Base Article 980966, and the MSRC Blog Post. Users who have already successfully installed the update for MS10-015 do not need to take any action.