U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Holiday Season Phishing Scams and Malware Campaigns

As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness.

In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include but are not limited to the following:

OpenSSL Releases OpenSSL 1.0.0b

OpenSSL has released OpenSSL 1.0.0b to address a vulnerability that may allow an attacker to execute arbitrary code.

US-CERT recommends that users and administrators of this product update to OpenSSL version 1.0.0b or apply the workaround provided in the OpenSSL security advisory. Because OpenSSL is often packaged in larger applications or operating system distributions, users and administrators should check with their software vendors for updated versions.

Adobe Releases Security Updates for Reader and Acrobat

Adobe has released security updates for Reader and Acrobat for Windows and Macintosh. These updates address multiple vulnerabilities including those described in security advisory APSA10-05, a recent Adobe PSIRT blog entry, and security bulletin APSB10-26. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that these updates for UNIX will be available on November 30, 2010.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top