The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
The Australian Cyber Security Centre (ACSC) has released its 2015 Threat Report. This report provides threat information that Australian organizations are facing, such as cyber espionage, cyber attacks, and cyber crime. Mitigation and remediation steps are also included to assist organizations with preventing and responding to such threats.
ACSC is the government authority for providing protective security advice to the private sector and state and territory governments across the Australia’s national infrastructure.
Adobe has released a security update for Adobe Shockwave Player. Exploitation of this vulnerability could potentially allow an attacker to take control of the affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-26 and apply the necessary updates.
Joomla! has released version 3.4.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website.
US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.
The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of some of these vulnerabilities may allow an attacker to cause a denial-of-service (DoS) condition.
Apple has released several security updates to address critical vulnerabilities in multiple Apple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
- OS X Server 5.0.15 for OS X Yosemite v10.10.5 and OS X El Capitan v10.11.1 or later
- Xcode 7.1 for OS X Yosemite v10.10.5 or later
- Mac EFI Security Update 2015-002 for OS X Mavericks v10.9.5
- iTunes 12.3.1 for Windows 7 and later
- OS X El Capitan 10.11.1 and Security Update 2015-007 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
- Safari 9.0.1 for OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11
- watchOS 2.0.1 for Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes
- iOS 9.1 for iPhones 4s and later, iPod Touch 5th generation and later, and iPad 2 and later
Users and administrators are encouraged to review Apple security updates and apply the necessary updates.
Cisco has released updates to address multiple vulnerabilities in its Adaptive Security Appliance (ASA) software. Exploitation of these vulnerabilities could allow a remote attacker to cause a denial-of-service condition.
US-CERT encourages users and administrators to review the Cisco security advisories on the ASA DNS Vulnerability 1, ASA DNS Vulnerability 2, ASA DHCP Vulnerability, and ASA IKE Vulnerability and apply the necessary updates.