U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol

Cisco has released a security advisory to address a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100827-bgp and apply any necessary updates to help mitigate the risks.

RealNetworks Releases Update to Address Vulnerabilities in RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory for these vulnerabilities and apply any necessary updates to help mitigate the risks.

Cisco Releases Advisories for Unified Communications Manager and Unified Presence

Cisco has released security advisories to address multiple vulnerabilities affecting Unified Communications Manager and Unified Presence.

These vulnerabilities affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition, which could cause an interruption of voice services.

Cisco Unified Communications Manager users and administrators are encouraged to review Cisco security advisory cisco-sa-20100825-cucm and apply any necessary updates to help mitigate the risks. Cisco Unified Presence users and administrators are encouraged to review Cisco security advisory cisco-sa-20100825-cup and apply any necessary updates to help mitigate the risks.

APWG Fax Back Phishing Education Program

In an effort to respond to a growing public threat by offline phishers that conduct various scams via fax, the Anti-phishing Working Group (APWG) has partnered with the Internal Revenue Service (IRS) to create the APWG Fax Back Phishing Education Program. This program is designed to provide telecommunications companies and Fax over Internet Protocol (FoIP) hosting firms with information that can be used to educate consumers about these types of scams. Offline phishing differs from traditional phishing in that it involves sending emails with attachments or direct faxes to individuals or businesses and is not done strictly online. Recipients of offline phishing scams are coerced to complete the fake documents and fax them back or be penalized.

In conjunction with IRS's Online Fraud Detection and Prevention (OFDP) group, APWG created a fax coversheet that can be downloaded by carriers and used to notify victims of offline phishing. This fax coversheet also provides links to other APWG resources which allow the victims to submit a complaint directly to the appropriate clearinghouse.

Adobe Releases Security Bulletin for Shockwave Player

Adobe has released a security update to address multiple vulnerabilities affecting Shockwave Player 11.5.7.609 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-20 and upgrade to Adobe Shockwave Player 11.5.8.612 to help mitigate the risks.

Apple Releases Security Update 2010-005

Apple has released security update 2010-005 to address multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain.

US-CERT encourages users and administrators to review Apple article HT4312 and apply any necessary updates to help mitigate the risks.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top