U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Mozilla Releases Security Updates for Firefox and Firefox ESR

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 42
  • Firefox ESR 38.4

US-CERT encourages users and administrators to review the Security Advisories for Firefox and Firefox ESR and apply the necessary updates.

ACSC Releases 2015 Threat Report

The Australian Cyber Security Centre (ACSC) has released its 2015 Threat Report. This report provides threat information that Australian organizations are facing, such as cyber espionage, cyber attacks, and cyber crime. Mitigation and remediation steps are also included to assist organizations with preventing and responding to such threats.

ACSC is the government authority for providing protective security advice to the private sector and state and territory governments across the Australia’s national infrastructure.

Adobe Releases Security Update for Shockwave Player

Adobe has released a security update for Adobe Shockwave Player. Exploitation of this vulnerability could potentially allow an attacker to take control of the affected system. 

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-26 and apply the necessary updates.

Joomla! Releases Security Update for CMS

Joomla! has released version 3.4.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.

US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial-of-service (DoS) condition.

Users and administrators are encouraged to review the NTP Security Notice Page for more details and US-CERT Security Tip ST04-015 for information on DoS attacks.

Apple Releases Multiple Security Updates

Apple has released several security updates to address critical vulnerabilities in multiple Apple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • OS X Server 5.0.15 for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.1 or later
  • Xcode 7.1 for OS X Yosemite v10.10.5 or later
  • Mac EFI Security Update 2015-002 for OS X Mavericks v10.9.5
  • iTunes 12.3.1 for Windows 7 and later
  • OS X El Capitan 10.11.1 and Security Update 2015-007 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
  • Safari 9.0.1 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
  • watchOS 2.0.1 for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
  • iOS 9.1 for iPhones 4s and later, iPod Touch 5th generation and later, and iPad 2 and later

Users and administrators are encouraged to review Apple security updates and apply the necessary updates.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top