The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of public reports of malware spreading via email. These reports indicate that the malicious email messages contain the subject line "Here you have" or "Just For You" and contain a link to a seemingly legitimate PDF file. If users click on this link, they will be redirected to a malicious website that will prompt them to download and install a screensaver (.scr) file. If they agree to install this file, they will become infected with an email worm that will continue to propagate through their email contacts.
US-CERT encourages users and administrators to take the following preventive measures to help mitigate the security risks:
Microsoft has issued a Security Bulletin Advance Notification indicating that its September release will contain nine bulletins. Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Office. The remaining five bulletins will have the severity rating of important and will be for Microsoft Windows. Release of these bulletins is scheduled for Tuesday, September 14, 2010.
US-CERT will provide additional information as it becomes available.
Cisco has released updates to address multiple vulnerabilities in the Cisco Wireless LAN Controller (WLC). Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition, modify the device configuration, or bypass access control lists.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100908-wlc and apply any necessary updates to help mitigate the risks.