Original release date: December 09, 2014 VMware has released security updates to address a critical vulnerability in vCloud Automation Center (vCAC), which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security Advisory VMSA-2014-0013 and apply the necessary updates
Original release date: December 09, 2014 A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0.
Original release date: December 09, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion.
Original release date: December 09, 2014 Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code execution, or disclosure of information. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS14-DEC and apply the necessary updates.
Original release date: December 04, 2014 IBM has released Tivoli Endpoint Manager Mobile Device Management (MDM) version 9.0.60100 to address a vulnerability which may allow a remote attacker to gain control of an affected system. Users and administrators are encouraged to review the IBM Security Bulletin and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: November 25, 2014 Systems Affected Microsoft Windows NT, 2000, XP, Vista, and 7 Overview On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.
Original release date: November 24, 2014 US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments.
Original release date: November 19, 2014 Systems Affected Microsoft Windows Vista, 7, 8, and 8.1 Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and Server 2012 R2 Overview A remote escalation of privilege vulnerability exists in implementations of Kerberos Key Distribution Center (KDC) in Microsoft Windows which could allow a remote attacker to take control of a vulnerable system. [ 1 ] Description The Microsoft Windows Kerberos KDC fails to properly check service tickets for valid signatures, which can allow aspects of the service ticket to be forged
Original release date: November 18, 2014 The Internet Crime Complaint Center (IC3) released a Scam Alert regarding fraudulent ads for normally expensive items, such as cars and boats, at discounted prices.