May 05, 2011 - Current Activity
This is an archived copy of current activity, if you would like to see the most recent version, please click here.
Microsoft Releases Advance Notification for May Security Bulletin
added May 5, 2011 at 01:14 pm
Microsoft has issued a Security Bulletin Advance Notification indicating its May release will contain two bulletins. One of these bulletins will have the severity rating of critical and will be for Microsoft Windows. The remaining bulletin will have the severity rating of important and will be for Microsoft Office. Release of these bulletins is scheduled for Tuesday, May 10, 2011.
US-CERT will provide additional information as it becomes available.
Osama Bin Laden's Death Email Scams, Fake Antivirus, and Phishing Attack Warning
added May 2, 2011 at 02:17 pmUS-CERT encourages users to take the following measures to protect themselves:
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Review the Recognizing Fake Antivirus document for additional information regarding fake antivirus.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for additional information on social engineering attacks.
- Review the related NCCIC Advisory (pdf) on Osama Bin Laden-Themed Phishing Attempts.
Video Game Phishing
added April 29, 2011 at 10:15 amUS-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that are playable on Xbox LIVE and other gaming systems.
Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue.
US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks:
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Mozilla Releases Firefox updates
added April 29, 2011 at 08:55 amMozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure.
US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for April 28, 2011 and apply any necessary updates to mitigate the risks.
Cisco Releases Security Advisory for Cisco Unified Communications Manager
added April 28, 2011 at 01:15 pmCisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Manager. These vulnerabilities may allow an attacker to perform SQL injection attacks, conduct directory traversal attacks, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110427-cucm and apply any necessary updates or workarounds to help mitigate the risks.
Google Releases Chrome 11.0.696.57
added April 28, 2011 at 08:11 amGoogle has released Chrome 11.0.696.57 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or conduct cross-site scripting attacks.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 11.0.696.57 to help mitigate the security risks.
WordPress Releases Version 3.1.2
added April 27, 2011 at 07:55 amWordPress has released WordPress 3.1.2 to address a vulnerability. Execution of this vulnerability may allow an attacker to operate with elevated privileges.
US-CERT encourages users and administrators to review the WordPress Codex document for version 3.1.2 and apply any necessary updates to help mitigate the risks.
Adobe Releases Security Updates for Reader and Acrobat
added April 22, 2011 at 08:33 amAdobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including the one described in the Flash Player security advisory APSA11-02. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Adobe security bulletin APSB11-08 and apply any necessary updates to help mitigate the risks. Additional information regarding these vulnerabilities can be found in the US-CERT Vulnerability Note VU#230057.
Oracle Releases Critical Patch Update for April 2011
added April 15, 2011 at 11:33 am | updated April 19, 2011 at 04:51 pm
Oracle has released their Critical Patch Update for April 2011 to address 73 vulnerabilities across multiple products. This update contains the following security fixes:
- 6 updates for the Oracle Database Server
- 9 updates for Oracle Fusion Middleware
- 1 update for Oracle Enterprise Manager Grid Control
- 4 updates for Oracle E-Business Suite
- 1 update for Oracle Supply Chain Products Suite
- 14 updates for Oracle PeopleSoft Products
- 8 updates for Oracle JD Edwards Products
- 3 updates for Oracle Siebel CRM
- 1 update for Oracle Industry Applications
- 18 updates for Oracle Sun Products Suite
- 8 updates for Oracle Open Office Suite
US-CERT encourages users and administrators to review the April
Critical Patch Update and apply any necessary updates to mitigate the risks. Additional information regarding CVE-2011-0794 and CVE-2011-0808 can be found in US-CERT Vulnerability Note VU#520721.
Apple Releases iTunes 10.2.2
added April 19, 2011 at 07:49 am
Apple has released iTunes 10.2.2 to address multiple vulnerabilities affecting the WebKit package. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4609 and apply any necessary updates to mitigate the risks.