The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Cisco has released a security advisory to address a vulnerability in Cisco Unified Computing System (UCS) Director. This vulnerability could allow an unauthenticated, remote attacker to take complete control of the affected device due to a default root user account created during installation. Successful exploitation of this vulnerability would provide the attacker with full administrative rights to the system.
US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the update provided to address this vulnerability.
Microsoft has released Security Advisory 2934088 to address a use-after-free vulnerability in Internet Explorer 9 and 10, which can be used by a remote attacker to take control of a vulnerable system. US-CERT and Microsoft are aware of targeted attacks currently exploiting this vulnerability.
Adobe has released security updates to address a vulnerability in Adobe Flash Player 184.108.40.206 or earlier versions for Windows and Macintosh and Adobe Flash Player 220.127.116.116 or earlier versions for Linux. Exploitation of this vulnerability could allow an attacker to take control of an affected system.
US-CERT recommends that users and administrators review Adobe Security Bulletin APSB14-07 to determine which updates should be applied.