The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released a new, fully supported version of the Enhanced Mitigation Experience Toolkit (EMET) designed to mitigate exploitation attempts. EMET allows users to manage security mitigation technologies to make it more difficult for an attacker to exploit software vulnerabilities.
US-CERT encourages users and administrators to review the Microsoft Security Research and Defense blog entry for further information about this new version of EMET.
Users should be aware of potential email scams, fake antivirus, and phishing attacks regarding the Mississippi flooding disaster. Email scams may contain links or attachments that may direct users to phishing or malicious websites. Fake antivirus attacks may come in the form of pop-ups that flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus charitable organizations commonly appear after these types of natural disasters.
US-CERT encourages users to take the following measures to protect themselves:
Adobe has released updates for Flash Player and Flash Media Server to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 10.2.159.1 and earlier versions for Windows, Macintosh, Linux, and Solaris; Adobe Flash Player 10.2.157.51 and earlier versions for Android; Adobe Flash Media Server 4.0.1 and earlier versions; and Adobe Flash Media Server 3.5.5 and earlier versions for Windows and Linux. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code.
US-CERT encourages users and administrators to review Adobe Security Advisory APSB11-12 and Adobe Security Advisory APSB11-11 and apply any necessary updates to help mitigate the risks.