The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Flash Player. This vulnerability affects Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Update: Adobe has released a security update to address this vulnerability. Users and administrators are encouraged to review Adobe security bulletin APSB10-22 and apply any necessary updates to help mitigate the risks.
Additional information regarding this vulnerability can be found in the following:
Adobe has released a security advisory to address a vulnerability in Adobe Reader and Acrobat. Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The advisory indicates that this vulnerability is being actively exploited.
US-CERT encourages users and administrators to review Adobe security advisory APSA10-02 and consider implementing the suggested workaround of utilizing Microsoft's Enhanced Mitigation Toolkit (EMET) to help prevent this vulnerability from being exploited. Additional information on EMET can be found on the Microsoft Security Research and Defense blog.
US-CERT will provide additional information as it becomes available.
US-CERT is aware of public reports of malware spreading via email. These reports indicate that the malicious email messages contain the subject line "Here you have" or "Just For You" and contain a link to a seemingly legitimate PDF file. If users click on this link, they will be redirected to a malicious website that will prompt them to download and install a screensaver (.scr) file. If they agree to install this file, they will become infected with an email worm that will continue to propagate through their email contacts.
US-CERT encourages users and administrators to take the following preventive measures to help mitigate the security risks: