U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Firefox 3.5 and 3.6 Vulnerability

Mozilla has released a blog entry indicating that it is aware of a critical vulnerability affecting Firefox 3.5 and Firefox 3.6. This vulnerability may allow an attacker to execute arbitrary code. The blog entry indicates that active exploitation of this vulnerability has been detected.

Update: The Mozilla Foundation has released Firefox 3.6.12 and 3.5.15 to address this vulnerability. Additionally, this vulnerability has been addressed in Thunderbird 3.1.6 and 3.0.10.

Fraud Advisory for Consumers Released: Involvement in Criminal Activity Through Work from Home Scams

As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released Fraud Advisory for Consumers: Involvement in Criminal Activity through Work from Home Scams (PDF). The document explains that criminal syndicates are using newspaper ads, online employment services, and unsolicited emails to recruit consumers to launder stolen money. Individuals who are knowing or unknowing participants in this type of scheme could be prosecuted and may have their own identities or bank accounts stolen.

This advisory provides information that consumers can use to help understand and protect themselves against work from home scams. US-CERT encourages users and administrators to review this document to help protect themselves against work from home scams.

Fraud Advisory for Businesses Released: Corporate Account Take Over

As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released Fraud Advisory for Businesses: Corporate Account Take Over (PDF). The document explains that cyber criminals are targeting small- and medium- sized businesses and using methods such as malicious code, phishing, and social engineering attacks to compromise business banking accounts. Once these accounts have been compromised, cyber criminals can fraudulently transfer funds out of them and can cause significant business disruption and substantial monetary loss.

This advisory provides information that businesses can use to help understand, prevent, detect, and respond to the threats of corporate account take over. US-CERT encourages users and administrators to review this document and to remain vigilant in combating the threats of corporate account takeover.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top