The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR). These vulnerabilities, which are independent of each other, could allow an unauthenticated remote attacker to cause a denial-of-service condition.
Cisco has released software updates that address these vulnerabilities.
US-CERT encourages administrators of this software to review Cisco Security Advisory 20131030-ASR1000 and follow best practice security policies to determine if their organization is affected and the appropriate response.
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities:
- Firefox 25.0
- Firefox ESR 24.1
- Firefox ESR 17.0.10
- Thunderbird 24.1
- Thunderbird ESR 17.0.10
- Seamonkey 2.22
These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass intended access restrictions, cause a denial-of-service condition, or obtain sensitive information.
WordPress has released WordPress 3.7 “Basie” for all previous versions. This version has been devised to automatically update with the latest maintenance and security releases, making the process more reliable and secure, with dozens of new checks and safeguards. WordPress 3.7 also updates the password meter to recognize common mistakes that can weaken your password.
US-CERT recommends users and administrators review the WordPress Maintenance and Security Release blog and follow best practice security policies to determine which updates should be applied.