Official website of the Department of Homeland Security
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe Releases Security Update for ColdFusion
Published Thursday, May 9, 2013
Adobe has released a security hotfix for ColdFusion 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and UNIX. This hotfix addresses a vulnerability (CVE-2013-1389) that could allow a remote attacker to execute arbitrary code and a vulnerability (CVE-2013-3336) that could permit an unauthorized user to remotely retrieve files stored on the server. There are reports that this vulnerability is being exploited in the wild.
US-CERT recommends that users and administrators review Adobe Security Advisory APSA13-03 and Adobe Security Bulletin APSB13-13 and follow best-practice security policies to determine if their organization is affected and the appropriate response.
Microsoft Releases Security Advisory for Internet Explorer
Published Tuesday, May 7, 2013
Microsoft is investigating public reports of a remote code execution vulnerability in Internet Explorer 8 and is aware of attacks that attempt to exploit this vulnerability. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is actively working with partners to monitor the threat landscape and take action against these malicious sites that attempt to exploit this vulnerability.
US-CERT encourages users and administrators to review Microsoft Security Advisory 2847140. Please note that the advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate risk against known attack vectors.
US-CERT will provide additional information as it becomes available.
Cisco Releases Security Advisories
Published Thursday, April 25, 2013
Cisco has released three security advisories to address vulnerabilities affecting Cisco NX-OS-based products, Cisco Device Manager, and Cisco Unified Computing System. These vulnerabilities may allow an attacker to bypass authentication controls, execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.
Pages
This product is provided subject to this Notification and this Privacy & Use policy.