The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has issued a Security Bulletin Advance Notification indicating its January release will contain four bulletins. These bulletins will have the severity rating of important and will be for Microsoft Office, Server Software, Windows, and Microsoft Dynamics AX, a multi-language, multi-currency enterprise resource planning (ERP) solution.
US-CERT will provide additional information as it becomes available.
The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has recently released a paper titled "Spear Phishing - Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations can take to manage the risks. CPNI is the UK's government authority for providing physical, personnel and information security advice to critical national infrastructure.
Apple has released security updates for Safari 6.1.1 and Safari 7.0.1 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to obtain sensitive information, execute arbitrary code or cause a denial-of-service condition.
Safari 6.1.1 and Safari 7.0.1 updates are available for the following versions:
- OS X Lion v10.7.5
- OS X Lion Server v10.7.5
- OS X Mountain Lion v10.8.5
- OS X Mavericks v10.9
US-CERT encourages users and administrators to review Apple Support Article HT6082 and follow best practice security policies to determine if their organization is affected and the appropriate response.