The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
As the winter holidays approach, US-CERT reminds users to stay aware of seasonal scams and cyber campaigns, which may include:
- electronic greeting cards that may contain malware
- requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
- screensavers or other forms of media that may contain malware
- credit card applications that may be phishing scams or identity theft attempts
- online shopping advertisements that may be phishing scams or identity theft attempts from bogus retailers
- shipping notifications that may be phishing scams or may contain malware
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities.
- Firefox 25.0.1
- Firefox ESR 24.1.1
- Firefox ESR 17.0.11
- Seamonkey 2.22.1
These vulnerabilities could allow a remote attacker to bypass intended security restrictions or cause a denial-of-service condition. US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 25.0.1, Firefox ESR 24.1.1., Firefox ESR 17.0.11, and Seamonkey 2.22.1, and apply any necessary updates to help mitigate the risk.
Google has released Google Chrome 31.0.1650.57 for Windows, Mac, Linux and Chrome Frame to address a vulnerability. This vulnerability could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and follow best-practice security policies to determine which updates should be applied.