The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:
- shipping notifications that may be phishing scams or may contain malware
- electronic greeting cards that may contain malware
- requests for charitable contributions that may be phishing scams and may originate from illegitimate sources claiming to be charities
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and AIR. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
The following updates are available:
- Flash Player 188.8.131.52 for Windows and Macintosh
- Flash Player 11.7.700.275 for Windows and Macintosh
- Flash Player 184.108.40.2060 for Linux
- AIR, AIR SDK, or AIR SDK and Compiler 220.127.116.11 for Android, Windows, and Macintosh
Users and administrators are encouraged to review Adobe Security Bulletin APSB14-09 to determine which updates should be applied.
Microsoft has released updates to address vulnerabilities in Microsoft Office, Office Services, Web Apps, Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for April, 2014. These vulnerabilities could allow remote code executions.
US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.