The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.
Apple has released security updates for Safari 6.0.4 WebKit to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Safari 6.0.4 WebKit updates are available for the following versions:
- OS X Lion v10.7.5
- OS X Lion Server v10.7.5
- OS X Mountain Lion v10.8.3
US-CERT encourages users and administrators to review Apple Support Article HT5701 and follow best-practice security policies to determine if their organization is affected and the appropriate response.
Malicious actors are exploiting the April 15 explosions at the Boston Marathon in attempts to collect money intended for charities and to spread malicious code. Fake websites and social networking accounts have been set up to take advantage of those interested in learning more details about the explosions or looking to contribute to fundraising efforts.
For example, the Twitter account @_BostonMarathon was created shortly after the explosions took place. The account stated it would donate $1 for each retweet and was crafted to closely resemble the legitimate Boston Marathon Twitter account (@BostonMarathon). This account has since been suspended by Twitter; however, the likelihood that similar social media accounts will surface remains high.
Phishing email campaigns are also circulating using subject lines related to the Boston Marathon explosions. Do not open unexpected attachments or click on links in suspicious emails, even if the email appears to be from someone you know.