US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 1 hour 35 min ago

Apple Releases Security Updates for QuickTime

Thu, 10/23/2014 - 19:39
Original release date: October 23, 2014

Apple has released QuickTime 7.7.6 for Windows 7, Vista, XP SP2 or later to address multiple vulnerabilities, some of which may allow remote attackers to execute arbitrary code or cause a denial of service.

Users and administrators are encouraged to review Apple Support Article HT6493 and apply any necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases Advisory for Unpatched Windows Vulnerability

Wed, 10/22/2014 - 11:02
Original release date: October 22, 2014

Microsoft has released a security advisory to provide recommended mitigations for an unpatched vulnerability, (CVE-2014-6352) which affects all Microsoft Windows releases except Windows Server 2003. This vulnerability could allow an attacker to take control of an affected system if a user opens a specially crafted Microsoft Office file.

US-CERT recommends users and administrators review the Microsoft Security Advisory and apply the recommended workarounds.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Updates for iOS and Apple TV

Mon, 10/20/2014 - 19:25
Original release date: October 20, 2014

Apple has released security updates for iOS devices and Apple TV to address multiple vulnerabilities, one of which could allow an attacker to decrypt data protected by SSL.

Updates available include:

  • iOS 8.1 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
  • Apple TV 7.0.1 for Apple TV 3rd generation and later

Users and administrators are encouraged to review Apple security updates HT6541 and HT6542, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

OpenSSL 3.0 Protocol Vulnerability

Fri, 10/17/2014 - 16:40
Original release date: October 17, 2014

US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. Exploitation of this vulnerability may allow a remote attacker to decrypt and extract information from inside an encrypted transaction.

US-CERT recommends users and administrators review TA14-290A for additional information and apply any necessary updates to address this vulnerability.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Update 2014-005

Fri, 10/17/2014 - 16:01
Original release date: October 17, 2014

Apple has released Security Update 2014-005 to address vulnerabilities in SSL 3.0.

US-CERT recommends users and administrators review Apple Security Update HT6531 for additional details.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Drupal Releases Security Advisory

Fri, 10/17/2014 - 11:11
Original release date: October 17, 2014

Drupal has released a security advisory to address an application program interface (API) vulnerability (CVE-2014-3704) that could allow an attacker to execute arbitrary SQL commands on an affected system.

This vulnerability affects all Drupal core 7.x versions prior to 7.32.

US-CERT advises users and administrators review Drupal's Security Advisory and apply the necessary update or patch.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Updates for Chrome and Chrome OS

Fri, 10/17/2014 - 01:41
Original release date: October 16, 2014

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, one of which could potentially allow an attacker to take control of the affected system.

Updates available include:

  • Chrome 38.0.2125.104 for Windows, Mac and Linux
  • Chrome OS 38.0.2125.108 for all Chrome OS devices except Chromeboxes

Users and administrators are encouraged to review the Google Chrome blog entries 1, and 2, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Ebola Phishing Scams and Malware Campaigns

Thu, 10/16/2014 - 18:31
Original release date: October 16, 2014

US-CERT reminds users to protect against email scams and cyber campaigns using the Ebola virus disease (EVD) as a theme. Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

OpenSSL Patches Four Vulnerabilities

Thu, 10/16/2014 - 10:50
Original release date: October 16, 2014

OpenSSL has released updates patching four vulnerabilities, some of which may allow an attacker to cause a Denial of Service (DoS) condition or execute man-in-the-middle attacks. The following updates are available:

  • OpenSSL 1.0.1 users should upgrade to 1.0.1j
  • OpenSSL 1.0.0 users should upgrade to 1.0.0o
  • OpenSSL 0.9.8 users should upgrade to 0.9.8zc

US-CERT recommends users and administrators review the OpenSSL Security Advisory for additional information and apply the necessary updates.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Updates for Firefox and Thunderbird

Wed, 10/15/2014 - 09:51
Original release date: October 15, 2014

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, bypass same-origin policy and key pinning, cause an exploitable crash, conduct a man-in-the-middle attack, or execute arbitrary code.

The following updates are available:

  • Firefox 33
  • Firefox ESR 31.2
  • Thunderbird 31.2

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR and Thunderbird to determine which updates should be applied to mitigate these risks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for ColdFusion and Flash Player

Tue, 10/14/2014 - 18:50
Original release date: October 14, 2014

Adobe has released security updates to address multiple vulnerabilities in ColdFusion and Flash Player. Exploitation could allow attackers to take control of a vulnerable system.

Users and administrators are encouraged to review Adobe Security Bulletins APSB 14-23  and APSB 14-22 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Oracle Releases October 2014 Security Advisory

Tue, 10/14/2014 - 18:45
Original release date: October 14, 2014

Oracle has released its Critical Patch Update for October 2014 to address 154 vulnerabilities across multiple products.

US-CERT encourages users and administrators to review the Oracle October 2014 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases October 2014 Security Bulletin

Tue, 10/14/2014 - 15:22
Original release date: October 14, 2014

Microsoft has released updates to address vulnerabilities in Windows, Office, Office Services and Web Apps, Developer Tools, .NET Framework, and Internet Explorer as part of the Microsoft Security Bulletin Summary for October 2014. These vulnerabilities could allow remote code execution, elevation of privilege, or security feature bypass.

US-CERT encourages users and administrators to review the bulletin and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco Releases Security Advisory for ASA Software

Wed, 10/08/2014 - 15:59
Original release date: October 08, 2014

Cisco has released an advisory to address multiple vulnerabilities in the Cisco Adaptive Security Appliance (ASA) Software that could result in a denial of service condition. Cisco has released free software updates that address these vulnerabilities.

Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Oracle Patches Bash Vulnerabilities

Tue, 10/07/2014 - 21:32
Original release date: October 07, 2014 | Last revised: October 10, 2014

Oracle has released security updates to address bash vulnerabilities found across multiple products.

US-CERT recommends users and administrators review the Oracle Security Article for additional details, and apply updates as necessary.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Updates for Chrome and Chrome OS

Tue, 10/07/2014 - 20:21
Original release date: October 07, 2014

Google has released security updates to address multiple vulnerabilities in Chrome and Chrome OS, some of which could potentially allow an attacker to take control of the affected system or cause a denial of service condition.

Updates available include:

  • Chrome 38.0.2125.101 for Windows, Mac and Linux
  • Chrome 38.0.2125.59 for iPhone and iPad
  • Chrome OS 38.0.2125.101 for all Chrome OS devices except Chromeboxes

Users and administrators are encouraged to review the Google Chrome blog entries 1, 2 and 3, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases OS X bash Update 1.0

Tue, 09/30/2014 - 23:17
Original release date: September 30, 2014

Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell (bash) which could allow a remote attacker to execute arbitrary shell commands.

US-CERT recommends users and administrators review Apple Security Update HT6495, TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Article for additional details.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas