US CERT Current Activity

Syndicate content
A regularly updated summary of the most frequent, high-impact security incidents currently being reported to the US-CERT.
Updated: 2 hours 34 min ago

Apple Releases Security Updates for OS X, Safari, iOS and Apple TV

Tue, 01/27/2015 - 23:14
Original release date: January 27, 2015

Apple has released security updates for OS X, Safari, iOS and Apple TV to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system.

Updates available include:

  • OS X v10.10.2 and Security Update 2015-001 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10 and v10.10.1
  • Safari 8.0.3, Safari 7.1.3, and Safari 6.2.3 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.1
  • iOS 8.1.3 for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later
  • Apple TV 7.0.3 for Apple TV 3rd generation and later

US-CERT encourages users and administrators to review Apple security updates HT204244, HT204243HT204245 and HT204246, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Linux "Ghost" Remote Code Execution Vulnerability

Tue, 01/27/2015 - 19:39
Original release date: January 27, 2015 | Last revised: January 28, 2015

The Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Linux distributions employing glibc-2.18 and later are not affected.

US-CERT recommends users and administrators refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch if affected. Patches are available from Ubuntu, Red Hat, and Debian. The GNU C Library versions 2.18 and later are also available for experienced users and administrators to implement.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Security Advisory for Adobe Flash Player

Mon, 01/26/2015 - 18:39
Original release date: January 26, 2015

Adobe has released Flash Player desktop version 16.0.0.296 to address a critical vulnerability (CVE-2015-0311) in 16.0.0.287 and earlier versions for Windows and Macintosh. This vulnerability could allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

IC3 Releases Alert for a Scam Targeting Businesses

Sat, 01/24/2015 - 04:37
Original release date: January 24, 2015

The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.

Users are encouraged to review the IC3 Scam Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

FBI Releases "Ransomware on the Rise"

Fri, 01/23/2015 - 21:42
Original release date: January 23, 2015

The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it.

Users and administrators are encouraged to review the FBI article "Ransomware on the Rise" for details and refer to Alert TA-295A for information on Crypto Ransomware.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Google Releases Security Updates for Chrome

Fri, 01/23/2015 - 20:14
Original release date: January 23, 2015

Google has released Chrome 40.0.2214.91 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service condition or obtain personal information.

US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player

Thu, 01/22/2015 - 22:18
Original release date: January 22, 2015

Adobe has released security updates to address a vulnerability in Flash Player, which could potentially allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-02 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Oracle Releases January 2015 Security Advisory

Tue, 01/20/2015 - 21:54
Original release date: January 20, 2015

Oracle has released its Critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products.

This update contains the following security fixes:

  • 8 for Oracle Database Server
  • 36 for Oracle Fusion Middleware
  • 10 for Oracle Enterprise Manager Grid Control
  • 10 for Oracle E-Business Suite
  • 6 for Oracle Supply Chain Products Suite
  • 7 for Oracle PeopleSoft Products
  • 1 for Oracle JD Edwards Products
  • 17 for Oracle Siebel CRM
  • 2 for Oracle iLearning
  • 2 for Oracle Communications Applications
  • 1 for Oracle Retail Applications
  • 1 for Oracle Health Sciences Applications
  • 19 for Oracle Java SE
  • 29 for Oracle Sun Systems Products Suite
  • 11 for Oracle Linux and Virtualization
  • 9 for Oracle MySQL

US-CERT encourages users and administrators to review the Oracle January 2015 Critical Patch Update and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Ubuntu Releases Security Updates

Tue, 01/20/2015 - 16:24
Original release date: January 20, 2015

Ubuntu has released security updates to address multiple vulnerabilities affecting Ubuntu 10.04 LTS, 12.04 LTS, 14.04 LTS, and 14.10. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service or execute arbitrary code.

Users and administrators are encouraged to review Ubuntu Security Notices USN-2460-1, USN-2477-1, USN-2478-1, and USN-2479-1, and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Affordable Care Act Phishing Campaign

Thu, 01/15/2015 - 17:49
Original release date: January 15, 2015

US-CERT is aware of a phishing campaign purporting to come from a U.S. Federal Government Agency. The phishing emails reference the Affordable Care Act in the subject and claim to direct users to health coverage information, but instead direct them to sites which attempt to elicit private information or install malicious code.

US-CERT encourages users to take the following measures to protect themselves:

  • Do not follow links or download attachments in unsolicited email messages.
  • Maintain up-to-date antivirus software.
  • Refer to the Avoiding Social Engineering and Phishing Attacks Security Tip for additional information on social engineering attacks.

If affected by the campaign, users should report the incident to appropriate parties within their organization and notify US-CERT.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

IC3 Issues Alert on University Employee Payroll Scam

Thu, 01/15/2015 - 12:37
Original release date: January 15, 2015

The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials.

Users are encouraged to review the IC3 Alert for details and refer to Security Tip ST04-014 for information on social engineering and phishing attacks.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Mozilla Releases Security Updates for Firefox, Firefox ESR, SeaMonkey, and Thunderbird

Wed, 01/14/2015 - 18:50
Original release date: January 14, 2015

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, SeaMonkey, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.

Updates available include:

  • Firefox 35
  • Firefox ESR 31.4
  • SeaMonkey 2.32
  • Thunderbird 31.4

Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR, SeaMonkey, and Thunderbird and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Adobe Releases Security Updates for Flash Player

Tue, 01/13/2015 - 22:31
Original release date: January 13, 2015

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system.

Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

Microsoft Releases January 2015 Security Bulletin

Tue, 01/13/2015 - 17:16
Original release date: January 13, 2015

Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, or security feature bypass.

US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-001 - MS15-008 and apply the necessary updates.
 

 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas

OpenSSL Patches Eight Vulnerabilities

Thu, 01/08/2015 - 22:18
Original release date: January 08, 2015

OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition.
 
The following updates are available: 

  • OpenSSL 1.0.1k for 1.0.1 users
  • OpenSSL 1.0.0p for 1.0.0 users
  • OpenSSL 0.9.8zd for 0.9.8 users

Users and administrators are encouraged to review the OpenSSL Security Advisory for additional information and apply the necessary updates.
 

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: Alertas