The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Oracle has released its Critical Patch Update for April 2014 to address 104 vulnerabilities across multiple products. This update contains the following security fixes:
- 2 for Oracle Database Server
- 20 for Oracle Fusion Middleware
- 3 for Oracle Hyperion
- 10 for Oracle Supply Chain Products Suite
- 8 for Oracle PeopleSoft Products
- 1 for Oracle Siebel CRM
- 1 for Oracle iLearning
- 37 for Oracle Java SE
- 3 for Oracle and Sun Systems Products Suite
- 5 for Oracle Virtualization
- 14 for Oracle MySQL
US-CERT encourages users and administrators to review the April 2014 Critical Patch Update and follow best practice security policies to determine which updates should be applied.
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:
- shipping notifications that may be phishing scams or may contain malware
- electronic greeting cards that may contain malware
- requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and AIR. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
The following updates are available:
- Flash Player 18.104.22.168 for Windows and Macintosh
- Flash Player 11.7.700.275 for Windows and Macintosh
- Flash Player 22.214.171.1240 for Linux
- AIR, AIR SDK, or AIR SDK and Compiler 126.96.36.199 for Android, Windows, and Macintosh
Users and administrators are encouraged to review Adobe Security Bulletin APSB14-09 to determine which updates should be applied.