The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
WordPress has released WordPress 3.1.1 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to conduct cross-site request forgery attacks, conduct cross-site scripting attacks, or cause a denial-of-service condition.
US-CERT encourages users and administrators to review the WordPress article for the release of WordPress 3.1.1 and apply any necessary updates to help mitigate the risks.
RealNetworks, Inc. has released a security update for multiple vulnerabilities affecting Helix Server and Helix Mobile Server. The vulnerabilities affect versions 12.x, 13.x, and 14.x of Helix Server and Helix Mobile Server installed on Red Hat Enterprise Linux 5, Sun Solaris 10, Windows 2003, and Windows 2008 platforms. Successful exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service attack.
US-CERT encourages administrators to review the March 31, 2011 Security Update for Helix Server and Helix Mobile Server (PDF) and apply the necessary updates to mitigate the risks.
Cisco has released a security advisory to address a vulnerability in some versions of Cisco Secure Access Control System (ACS). This vulnerability may allow an attacker to change the password of a user account without any previous access to the user's account or knowledge of the account's previous password.
Additionally, Cisco has released a security advisory to address a vulnerability in some versions of the Cisco Network Access Control (NAC) Guest Server System Software. This vulnerability may allow an unauthenticated user to access the protected network.
US-CERT encourages users and administrators to review Cisco security advisories cisco-sa-20110330-acs and cisco-sa-20110330-nac and apply any necessary updates to help mitigate the risks.