The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released a security advisory to address a vulnerability affecting CiscoWorks Common Services for Oracle Solaris and Microsoft Windows. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code with administrative privileges or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20101027-cs and apply any necessary updates or workarounds to help mitigate the risks.
Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected.
Update: The Mozilla Foundation has released Firefox 3.6.12 and 3.5.15 to address this vulnerability. Additionally, this vulnerability has been addressed in Thunderbird 3.1.6 and 3.0.10.
Fraud Advisory for Consumers Released: Involvement in Criminal Activity Through Work from Home Scams
As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams (PDF). The document explains that criminal syndicates are using newspaper ads, online employment services, and unsolicited emails to recruit consumers to launder stolen money. Individuals who are knowing or unknowing participants in this type of scheme could be prosecuted and may have their own identities or bank accounts stolen.
This advisory provides information that consumers can use to help understand and protect themselves against work from home scams. US-CERT encourages users and administrators to review this document to help protect themselves against work from home scams.