The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Adobe has released security updates for Adobe Photoshop Creative Cloud (CC) and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.
Updates available include:
- OpenSSL 1.0.2b for 1.0.2 users
- OpenSSL 1.0.1n for 1.0.1 users
- OpenSSL 1.0.0s for 1.0.0d (and below) users
- OpenSSL 0.9.8zg for 0.9.8r (and below) users
Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.
The Internet Crime Complaint Center (IC3) has released an alert warning consumers of fraud around the resale of gift cards. The secondary gift card market has grown in recent years, and criminal activity has been identified on sites facilitating such exchanges. When purchasing gift cards, look for reputable merchants who will ensure resold cards contain correct balances.