The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Oracle has released its Critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products.
This update contains the following security fixes:
- 8 for Oracle Database Server
- 36 for Oracle Fusion Middleware
- 10 for Oracle Enterprise Manager Grid Control
- 10 for Oracle E-Business Suite
- 6 for Oracle Supply Chain Products Suite
- 7 for Oracle PeopleSoft Products
- 1 for Oracle JD Edwards Products
- 17 for Oracle Siebel CRM
- 2 for Oracle iLearning
- 2 for Oracle Communications Applications
- 1 for Oracle Retail Applications
- 1 for Oracle Health Sciences Applications
- 19 for Oracle Java SE
- 29 for Oracle Sun Systems Products Suite
- 11 for Oracle Linux and Virtualization
- 9 for Oracle MySQL
US-CERT encourages users and administrators to review the Oracle January 2015 Critical Patch Update and apply the necessary updates.
Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code.
Users and administrators are encouraged to review Ubuntu Security Notices USN-2460-1, USN-2477-1, USN-2478-1, and USN-2479-1, and apply the necessary updates.
US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code.
US-CERT encourages users to take the following measures to protect themselves:
- Do not follow links or download attachments in unsolicited email messages.
- Maintain up-to-date antivirus software.
- Refer to the Avoiding Social Engineering and Phishing Attacks Security Tip for additional information on social engineering attacks.
If affected by the campaign, users should report the incident to appropriate parties within their organization and notify US-CERT.