Original release date: January 24, 2015 The Internet Crime Complaint Center (IC3) has released an alert warning companies of a sophisticated wire payment scam dubbed the Business E-mail Compromise. Scammers use fraudulent information to trick companies into directing financial transactions into accounts they control.
Original release date: January 23, 2015 The FBI has released an article addressing ransomware campaigns that use intimidating messages claiming to be from the FBI or other government agencies. Scam operators use ransomware – a type of malicious software – to infect a computer and restrict access to it until a ransom is paid to unlock it. Users and administrators are encouraged to review the FBI article ” Ransomware on the Rise ” for details and refer to Alert TA-295A for information on Crypto Ransomware.
Original release date: January 20, 2015 Oracle has released its critical Patch Update for January 2015 to address 169 vulnerabilities across multiple products. This update contains the following security fixes: 8 for Oracle Database Server 36 for Oracle Fusion Middleware 10 for Oracle Enterprise Manager Grid Control 10 for Oracle E-Business Suite 6 for Oracle Supply Chain Products Suite 7 for Oracle PeopleSoft Products 1 for Oracle JD Edwards Products 17 for Oracle Siebel CRM 2 for Oracle iLearning 2 for Oracle Communications Applications 1 for Oracle Retail Applications 1 for Oracle Health Sciences Applications 19 for Oracle Java SE 29 for Oracle Sun Systems Products Suite 11 for Oracle Linux and Virtualization 9 for Oracle MySQL US-CERT encourages users and administrators to review the Oracle January 2015 Critical Patch Update and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy
Original release date: January 15, 2015 The Internet Crime Complaint Center (IC3) has issued an alert addressing a spear phishing scam targeting university employees and their payroll accounts. Scam operators use fraudulent e-mails and websites to entice employees to reveal login credentials. Users are encouraged to review the IC3 Aler t for details and refer to Security Tip ST04-014 for information on social engineering and phishing attacks.
Original release date: December 22, 2014 The Open Source Computer Security Incident Response Team (oCERT) has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file
Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary.
Original release date: December 19, 2014 The Federal Trade Commission (FTC) has released a Scam Alert addressing a “Package Delivery” themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to reputable organizations to imply the email is legitimate. Users are encouraged to review the FTC Scam Alert for details, and refer to the Recognizing and Avoiding Email Scams Publication for information on email scams.
Original release date: December 09, 2014 VMware has released security updates to address a critical vulnerability in vCloud Automation Center (vCAC), which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the necessary updates
Original release date: December 09, 2014 A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0.