US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 1 hour 27 min ago

Cisco Releases Semiannual IOS Software Security Advisory Bundled Publication

Thu, 03/26/2015 - 10:11
Original release date: March 26, 2015

Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak.

US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Installer Hijacking Vulnerability in Android Devices

Tue, 03/24/2015 - 15:08
Original release date: March 24, 2015

A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.

US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when installing software from third-party app stores.
 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Update for OS X Yosemite

Fri, 03/20/2015 - 21:38
Original release date: March 20, 2015

Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

Fri, 03/20/2015 - 21:27
Original release date: March 20, 2015 | Last revised: March 23, 2015

The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 36.0.4
  • Firefox ESR 31.5.3
  • SeaMonkey 2.33.1

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and SeaMonkey and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Drupal Releases Security Updates

Thu, 03/19/2015 - 19:48
Original release date: March 19, 2015 | Last revised: March 20, 2015

Drupal has released updates to address multiple vulnerabilities, one of which could allow a remote attacker to gain access to a system account.

Available updates include:

  • Drupal core 6.35 for 6.x users
  • Drupal core 7.35 for 7.x users

US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

OpenSSL Patches Multiple Vulnerabilities

Thu, 03/19/2015 - 14:50
Original release date: March 19, 2015

OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server.

Updates available include:

  • OpenSSL 1.0.2a for 1.0.2 users
  • OpenSSL 1.0.1m for 1.0.1 users
  • OpenSSL 1.0.0r for 1.0.0 users
  • OpenSSL 0.9.8zf for 0.9.8 users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Ubuntu Releases Security Update

Thu, 03/19/2015 - 13:22
Original release date: March 19, 2015

Ubuntu has released a security update to address multiple vulnerabilities in PHP5 affecting Ubuntu 14.10, 14.04 LTS, 12.04 LTS, and 10.04 LTS. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code.

Users and administrators are encouraged to review Ubuntu Security Notices USN-2535-1 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Releases Security Updates for Safari

Wed, 03/18/2015 - 11:54
Original release date: March 18, 2015 | Last revised: March 19, 2015

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or prevent users from discerning a phishing attack on an affected system.

Updates include:

  •     Safari 8.0.4 for OS X Yosemite v10.10.2
  •     Safari 7.1.4 for OS X Mavericks v10.9.5
  •     Safari 6.2.4 for OS X Mountain Lion v10.8.5

US-CERT encourages users and administrators to review Apple security update HT204560 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player

Thu, 03/12/2015 - 18:00
Original release date: March 12, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-05 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases March 2015 Security Bulletin and Patches FREAK

Tue, 03/10/2015 - 15:06
Original release date: March 10, 2015

Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. Exploitation of one of these vulnerabilities (FREAK) could allow a remote attacker to decrypt secure communications between vulnerable clients and servers.

US-CERT encourages users and administrators to review Microsoft Security Bulletin Summary MS15-MAR and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Apple Addresses FREAK and Releases Security Updates for OS X, iOS, and Apple TV

Mon, 03/09/2015 - 22:52
Original release date: March 09, 2015

Apple has released security updates for OS X, iOS, and Apple TV to address multiple vulnerabilities, one of which may allow an attacker to decrypt secure communications between vulnerable clients and servers (FREAK).

Updates available include:

  • Xcode 6.2 for OS X Mavericks v10.9.4 or later
  • Security Update 2015-002 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2
  • Apple TV 7.1 for Apple TV 3rd generation and later
  • iOS 8.2 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later

US-CERT encourages users and administrators to review Apple security updates HT204427, HT204413, HT204426, and HT204423, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

FREAK SSL/TLS Vulnerability

Fri, 03/06/2015 - 21:19
Original release date: March 06, 2015

FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers.

Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems.

Users and administrators are encouraged to review Vulnerability Note VU#243585 for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com to help determine whether their browsers are vulnerable. (Note: DHS does not endorse any private sector product or service. The last link is provided for informational purposes only.)

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Guidance for Defending Against Destructive Malware

Tue, 03/03/2015 - 13:51
Original release date: March 03, 2015 | Last revised: March 04, 2015

The Information Assurance Directorate of the National Security Agency (NSA) has released a report on Defensive Best Practices for Destructive Malware. This report details several steps network defenders can take to detect, contain, and minimize destructive malware infections.

US-CERT encourages users and administrators to review the NSA report and ICS-CERT TIP-15-022-01 for more information on destructive malware.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

FTC Details the Top 10 Imposter Scams of 2014

Mon, 03/02/2015 - 20:27
Original release date: March 02, 2015

The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions.

Users are encouraged to review the FTC advisory for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas