US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 31 min 40 sec ago

Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbird

Tue, 07/22/2014 - 18:49
Original release date: July 22, 2014

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code.

The following updates are available:

  • Firefox 31
  • Thunderbird 31
  • Firefox ESR 24.7
  • Thunderbird 24.7

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, and Thunderbird to determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

CPNI Releases Paper on Improving Defenses Against Targeted Attack

Tue, 07/22/2014 - 15:40
Original release date: July 22, 2014

The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack" (iDATA) cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by nation states and state-sponsored actors. CPNI is the government authority for providing protective security advice to businesses and organizations across the UK’s national infrastructure.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Vulnerabilities in LZO and LZ4 compression libraries

Mon, 07/21/2014 - 21:26
Original release date: July 21, 2014

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation. 

US-CERT recommends that all developers who either implement or import the LZO or LZ4 libraries into their software check for susceptibility to CVE-2014-4608, CVE-2014-4715, and CVE-2014-4611.

Users and administrators should apply software security updates as they become available.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco Addresses Wireless Residential Gateway Vulnerability

Wed, 07/16/2014 - 18:33
Original release date: July 16, 2014

Cisco has released an advisory to address a vulnerability in the web server used in multiple Wireless Residential Gateway products that could allow an unauthenticated, remote attacker to crash the web server and execute arbitrary code with elevated privileges.

  • Cisco products affected by this vulnerability include:
  • Cisco DPC3212 VoIP Cable Modem
  • Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco EPC3212 VoIP Cable Modem
  • Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
  • Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
  • Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
  • Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Oracle Releases July 2014 Security Advisory

Tue, 07/15/2014 - 18:50
Original release date: July 15, 2014

Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products.

This update contains the following security fixes:

  • 5 for Oracle Database Server
  • 29 for Oracle Fusion Middleware
  • 7 for Oracle Hyperion
  • 1 for Oracle Enterprise Manager Grid Control
  • 5 for the Oracle E-Business Suite
  • 3 for Oracle Supply Chain Products Suite
  • 5 for Oracle PeopleSoft Products
  • 6 for Oracle Siebel CRM
  • 1 for Oracle Communications Applications
  • 3 for Oracle Retail Applications
  • 20 for Oracle Java SE
  • 3 for Oracle and Sun Systems Products Suite
  • 15 for Oracle Virtualization
  • 10 for Oracle MySQL

US-CERT encourages users and administrators to review the Oracle July 2014 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases Security Advisory for Improperly Issued Digital Certificates

Thu, 07/10/2014 - 17:22
Original release date: July 10, 2014

Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Users and administrators are encouraged to review Microsoft Security Advisory 2982792 and apply the necessary updates.

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Cisco Addresses Apache Struts 2 Vulnerability

Wed, 07/09/2014 - 17:45
Original release date: July 09, 2014

Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system.

Cisco products affected by this vulnerability include:

  • Cisco Business Edition 3000 Series
  • Cisco Identity Services Engine (ISE)
  • Cisco Media Experience Engine (MXE) 3500 Series
  • Cisco Unified Contact Center Enterprise (Cisco Unified CCE)

US-CERT encourages users and administrators to review the Cisco Advisory and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player and Air

Tue, 07/08/2014 - 17:17
Original release date: July 08, 2014

Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.

 The following updates are available:

  • Adobe Flash Player 14.0.0.145 for Windows, Macintosh and Linux
  • Adobe Flash Player 11.2.202.394 for Linux
  • Adobe AIR 14.0.0.137 for Windows, Macintosh and Android
  • Adobe AIR SDK and Compiler 14.0.0.137 for Windows, Macintosh, Android and iOS
  • Adobe AIR SDK 14.0.0.137 for Windows, Macintosh, Android and iOS

Users and administrators are encouraged to review Adobe Security Bulletin APSB14-17 and determine which updates should be applied.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases July 2014 Security Bulletin

Tue, 07/08/2014 - 16:46
Original release date: July 08, 2014

Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, and Microsoft Service Bus for Windows Server as part of the Microsoft Security Bulletin Summary for July 2014. Some of these vulnerabilities could allow remote code execution, elevation of privilege, or denial of service.

US-CERT encourages users and administrators to review the bulletin and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

WordPress Releases Security Update

Tue, 07/08/2014 - 14:26
Original release date: July 08, 2014

WordPress 3.8.2 has been released to address multiple vulnerabilities, one of which could allow an attacker to gain unauthorized access using forged authentication cookies.  WordPress 3.7.1 users will be updated to 3.7.2, which contains the same security fixes as 3.8.2. Users operating older, unsupported versions of WordPress are encouraged to upgrade to 3.8.2.

US-CERT recommends users and administrators review the WordPress Maintenance and Security Release blog and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas