The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of recent reports indicating that some newly purchased removable media devices are infected with malicious code. This malicious code is a worm that attempts to propagate itself via multiple methods. If a Windows user connects an affected removable media device to a system that has autorun enabled, the system may become infected with this malware with no additional interaction from the user. Autorun is enabled by default.
US-CERT encourages users and administrators to consider implementing the following best security practices to help mitigate the risks associated with this type of issue:
- Disable autorun in Windows.
- Maintain up-to-date antivirus software.
- Maintain up-to-date hardware, operating systems, and software by applying security patches, fixes, and updates.
- Perform virus scanning of the removable media devices prior to each use.
Adobe has released a security update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review Adobe security bulletin APSB10-25 and apply any necessary updates to help mitigate the risks. Additional information regarding the 'rcsL' chunk parsing vulnerability can be found in US-CERT vulnerability note VU#402231.
Adobe has released a security advisory to alert users of a vulnerability affecting the following applications: