The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of reports that some users on the Xbox 360 video game system are receiving potential phishing attempts through an in-game messaging service. In-game message phishing is not a Microsoft issue and has nothing to do with Xbox LIVE. Games are products of third party developers that are playable on Xbox LIVE and other gaming systems.
Microsoft has posted a service alert on the Xbox LIVE status page regarding this issue.
US-CERT encourages users to take the following measures to protect themselves from these types of phishing attacks:
Mozilla has released Firefox 4.0.1, 3.6.17, and 3.5.19 to address multiple vulnerabilities. The impact of these vulnerabilities includes arbitrary code execution, privilege escalation, directory traversal, and information disclosure.
US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for April 28, 2011 and apply any necessary updates to mitigate the risks.
Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Manager. These vulnerabilities may allow an attacker to perform SQL injection attacks, conduct directory traversal attacks, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20110427-cucm and apply any necessary updates or workarounds to help mitigate the risks.