The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Dell consumer personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability. This preinstalled root certificate resides on newer Dell laptops and desktops. Exploitation of the vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system.
VMware has released security updates to address a vulnerability in vCenter, vCloud Director, and Horizon View. Exploitation of this vulnerability may allow an attacker to obtain sensitive information.
Users and administrators are encouraged to review VMware Security Advisory VMSA-2015-0008 and apply the necessary updates.
The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. In addition to doxing (the act of gathering and publishing individuals' personal information without permission), threat actors have been observed compromising the email accounts of officers and officials. These target groups should protect their online presence and exposure.
Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution.
US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and apply the necessary mitigations.
Google has released security updates to address vulnerabilities in Chrome and Chrome OS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
Updates available include:
- Chrome 46.0.2490.86 for Windows, Mac and Linux
- Chrome 46.0.2490.82 for all OS devices