In the past, US-CERT has received reports of phishing scams and malware campaigns related to topics that are of high-interest to the U.S. Government or news media, such as the WikiLeaks website. Users' systems have been compromised by receiving and accessing phishing emails with subject lines that seem relevant to a high-interest subject and appear to originate from a valid sender. US-CERT reminds users to remain vigilant for potential malicious cyber activity seeking to capitalize on interest in WikiLeaks.
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
VMware has released a security patch for ESX to address a vulnerability. Exploitation of this vulnerability may allow a local user to gain additional privileges on the affected system.
US-CERT encourages users and administrators to review VMware knowledgebase article 1029397 and apply any necessary updates to help mitigate the risks.
Apple has released iOS 4.2 for the iPhone, iPod Touch, and iPad to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, initiate a call, cause a denial-of-service condition, gain system privileges, or obtain sensitive information.
US-CERT encourages users and administrators to review Apple article HT4456 and update to iOS 4.2 to mitigate the risks.
Apple has released Safari 5.0.3 and 4.1.3 to address multiple vulnerabilities in the Safari and WebKit packages. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Apple article HT4455 and apply any necessary updates to help mitigate the risks.
As the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness.
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holiday and holiday shopping season. US-CERT reminds users to remain cautious when receiving unsolicited email messages that could be part of a potential phishing scam or malware campaign.
These phishing scams and malware campaigns may include but are not limited to the following:
OpenSSL has released OpenSSL 1.0.0b to address a vulnerability that may allow an attacker to execute arbitrary code.
US-CERT recommends that users and administrators of this product update to OpenSSL version 1.0.0b or apply the workaround provided in the OpenSSL security advisory. Because OpenSSL is often packaged in larger applications or operating system distributions, users and administrators should check with their software vendors for updated versions.
Describes what cloud computing is, discusses how it can help, and outlines possible security concerns.
Recommendations for best practices to achieve system integrity through software authenticity and...
Introduces emerging threats likely to have a significant impact on mobile devices and their users.
These reports summarize general activity, including updates to the National Cyber Awareness System, for past months in addition to other newsworthy events or highlights.
Web browsers are a common method attackers use to compromise systems. Learn how to secure your web browser and better protect against exploits.
This document provides guidance and resources for recovering a computer after it has been infected with a Trojan Horse or virus including steps to prevent it from happening again.