The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code.
The following updates are available:
- OpenSSL 0.9.8 SSL/TLS users should upgrade to 0.9.8za
- OpenSSL 1.0.0 SSL/TLS users should upgrade to 1.0.0m
- OpenSSL 1.0.1 SSL/TLS users should upgrade to 1.0.1h
New Zealand’s National Cyber Security Centre (NCSC-NZ) has released its 2013 Incident Summary. The NCSC provides enhanced cybersecurity services to New Zealand Government and private sector organizations against cybersecurity threats.
Apple has released updates for Safari to address multiple vulnerabilities, some of which could allow a remote attacker to execute arbitrary code or cause a denial of service.
Safari 6.1.4 and Safari 7.0.4 updates are available for:
- OS X Lion v10.7.5
- OS X Lion Server v10.7.5
- OS X Mountain Lion v10.8.5
- OS X Mavericks v10.9.3
Users and administrators are encouraged to review Apple Security Update HT6254 and apply the necessary updates.