U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products.

The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is not affected by this attack. Additional information can be found in the ruby 1.8.7 patchlevel 357 release notes.

Microsoft has released an update for the .NET Framework to address this vulnerability and three others. Additional information can be found in Microsoft Security Bulletin MS11-100 and Microsoft Security Advisory 2659883.

More information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#903934 and n.runs Security Advisory n.runs-SA-2011.004.

Mozilla Releases Firefox 9 and 3.6.25

The Mozilla Foundation has released Firefox 9 and Firefox 3.6.25 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 9 and Firefox 3.6.25 and apply any necessary updates to help mitigate the risk.

USAA Phishing Scam and Malware Campaign

US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association (USAA) members. These messages contain the subject line "Deposit Posted" and contain a randomly generated four-digit number placed in the USAA security zone section. The messages ask users to open an attached file containing malicious software that if activated could provide access to a user's personal information.

US-CERT encourages users to do the following to help mitigate the risk:

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top