The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.
This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks; this method of attack is able to bypass this security mechanism.
US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:
Google has released Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame. This release contains an updated version of the Adobe Flash player that addresses a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.
US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the risks: