The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows and Apple Mac OS X versions. Only the Windows version is affected by this vulnerability.
US-CERT encourages users and administrators to review Vulnerability Note VU#154421 and apply the recommended solutions.
Cisco has released three security advisories to address vulnerabilities.
Security advisory cisco-sa-20100303-cucm, addresses multiple vulnerabilities in the Cisco Unified Communications Manager which affect the Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP), and the Computer Telephony Integration (CTI) Manager services. Successful exploitation of these vulnerabilities could result in a denial-of-service condition and an interruption of voice services.
Security advisory cisco-sa-20100303-dmm, addresses multiple vulnerabilities in the Cicso Digital Media Manager (DMM). Successful exploitation of these vulnerabilities could allow for information disclosure, unauthorized settings or system configuration changes, and disclosure of default credentials. There are no workarounds for mitigation, and US-CERT will alert users and administrators as updates are made available.
Microsoft has issued a Security Bulletin Advance Notification, indicating that its March release cycle will contain two bulletins. These bulletins will have a severity rating of Important and will be for Microsoft Windows and Microsoft Office. Release of these bulletins is scheduled for Tuesday, March 9, 2010.
US-CERT will provide additional information as it becomes available.