Tagged: feeds

Installer Hijacking Vulnerability in Android Devices 0

Installer Hijacking Vulnerability in Android Devices

Original release date: March 24, 2015 A vulnerability in Google’s Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge

Apple Releases Security Update for OS X Yosemite 0

Apple Releases Security Update for OS X Yosemite

Original release date: March 20, 2015 Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey 0

Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkey

Original release date: March 20, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 36.0.3 Firefox ESR 31.5.2 SeaMonkey 2.33.1 Users and administrators are encouraged to review the Security Advisories for Firefox , Firefox ESR , and SeaMonkey and apply the necessary updates.

Apple Addresses FREAK and Releases Security Updates for OS X, iOS, and Apple TV 0

Apple Addresses FREAK and Releases Security Updates for OS X, iOS, and Apple TV

Original release date: March 09, 2015 Apple has released security updates for OS X, iOS, and Apple TV to address multiple vulnerabilities, one of which may allow an attacker to decrypt secure communications between vulnerable clients and servers ( FREAK ). Updates available include: Xcode 6.2 for OS X Mavericks v10.9.4 or later Security Update 2015-002 for OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, and OS X Yosemite v10.10.2 Apple TV 7.1 for Apple TV 3rd generation and later iOS 8.2 for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later US-CERT encourages users and administrators to review Apple security updates HT204427 , HT204413 , HT204426 , and HT204423 , and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.

Guidance for Defending Against Destructive Malware 0

Guidance for Defending Against Destructive Malware

Original release date: March 03, 2015 The National Security Agency (NSA)’s Information Assurance Directorate has released a report on Defensive Best Practices for Destructive Malware. This report details severalĀ  steps network defenders can take to detect, contain and minimize destructive malware infections

Thumbnail 0

FTC Details the Top 10 Imposter Scams of 2014

Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions

Cisco IPv6 Denial of Service Vulnerability 0

Cisco IPv6 Denial of Service Vulnerability

Original release date: February 25, 2015 Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence System 6000 (NCS 6000) and Cisco Carrier Routing System X (CRS-X) running an affected version of Cisco IOS XR Software are affected by this vulnerability

Samba Remote Code Execution Vulnerability 0

Samba Remote Code Execution Vulnerability

Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users and administrators refer to their respective Linux OS vendor(s) for an appropriate patch if affected

Lenovo Computers Vulnerable to HTTPS Spoofing 0

Lenovo Computers Vulnerable to HTTPS Spoofing

Original release date: February 20, 2015 Lenovo consumer personal computers employing the pre-installed Superfish Visual Discovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a remote attacker to read all encrypted web browser traffic (HTTPS), successfully impersonate (spoof) any website, or perform other attacks on the affected system. US-CERT recommends users and administrators review Vulnerability Note VU#529496 and US-CERT Alert TA15-051A for additional information and mitigation details