The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Some Comodo Chromodo browser versions (220.127.116.112, 18.104.22.1681, and possibly earlier) are vulnerable to cross-domain attacks. When a user of a vulnerable Chromodo browser visits a specially crafted web page, an attacker may obtain access to web content from another domain.
US-CERT recommends users and administrators review Vulnerability Note VU#305096 for additional information and mitigation details.
WordPress 4.4.1 and prior versions contain two security vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to obtain sensitive information.
Users and administrators are encouraged to review the WordPress Security and Maintenance Release and upgrade to WordPress 4.4.2.
The Federal Trade Commission (FTC) has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the FTC's consumer complaint system. Resources are also available for those who want to avoid becoming victims of identity theft.
OpenSSL versions 1.0.2f and 1.0.1r have been released to address vulnerabilities in prior versions. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information.
Cisco has released a security update to address a vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security Firewall devices. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.
Mozilla has released security updates to address multiple vulnerabilities in Firefox. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
- Firefox 44
- Firefox ESR 38.6