The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Apple has released QuickTime 7.6.9 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple article HT4447 and upgrade to Quicktime 7.6.9 to help mitigate the risks.
Google has released Chrome 8.0.552.215 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information or bypass security restrictions.
US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
VMware has released security advisory VMSA-2010-0018 to address multiple vulnerabilities affecting VMware Workstation, Player, Fusion, ESXi, and ESX. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges.
US-CERT encourages users and administrators to review VMware security advisory VMSA-2010-0018 and apply any necessary updates to help mitigate the risks.
The Internet Systems Consortium (ISC) has released three advisories to address multiple vulnerabilities affecting BIND.
The first advisory, CVE-2010-3613, addresses a vulnerability in BIND versions 9.6.2 to 9.6.2-P2, 9.6-ESV to 9.6-ESV-R2, and 9.70 to 9.7.2-P2. This vulnerability exists when cache incorrectly allows an ncache entry and a rrsig for the same type. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Additional information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#706148.
WordPress has released WordPress 3.0.2 to address a vulnerability that may allow a malicious Author-level user to gain further access to the site, to fix multiple software bugs, and to provide additional security enhancements.
US-CERT encourages users and administrators to review the WordPress blog entry regarding the release of WordPress 3.0.2 and apply any necessary updates to help mitigate the risks.
In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as the WikiLeaks website. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem relevant to a high-interest subject and appear to originate from a valid sender. US-CERT reminds users to remain vigilant for potential malicious cyber activity seeking to capitalize on interest in WikiLeaks. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to WikiLeaks, even if it appears to originate from a trusted source.
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns: