Original release date: February 14, 2014 An unpatched Internet Explorer 10 use-after-free vulnerability is being exploited in the wild. CERT/CC Vulnerability Note VU#732479 has been published with further details about the vulnerability. US-CERT recommends users protect themselves against this…
Original release date: February 11, 2014 Adobe has released a security update to address a vulnerability in Adobe Shockwave Player 12.0.7.148 and earlier versions for Windows and Macintosh operating systems. Exploitation of this vulnerability could allow an attacker to take control of the affected…
Original release date: February 07, 2014 | Last revised: February 11, 2014 Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Security Software, and Microsoft .NET Framework as part of the Microsoft Security Bulletin Summary for February…
Original release date: February 04, 2014 The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities: Firefox 27 Firefox ESR 24.3 Thunderbird 24.3 Seamonkey 2.24 These vulnerabilities could allow a remote attacker to execute arbitrary code, bypass…
Original release date: February 04, 2014 Adobe has released security updates to address a vulnerability in Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. Exploitation of this vulnerability could…
Original release date: February 04, 2014 | Last revised: February 05, 2014 Overview Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many…
Usernames and passwords were stolen from Yahoo! accounts. Yahoo says: Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users,…
Original release date: January 28, 2014 Google has released Google Chrome 32.0.1700.102 for Windows, Mac, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or bypass intended security restrictions. US-CERT…
Original release date: January 24, 2014 Apple has released a security update for Apple iTunes 11.1.4 to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to…
Original release date: January 22, 2014 Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow a local unauthenticated user to execute arbitrary commands with escalated privileges or cause a denial-of-service (DoS) condition. These…
According to investigators, the malware used to steal millions of people’s personal information from Target has been identified: “The malicious program used to compromise Target and other companies was part of a widespread operation using a Trojan tool known as Trojan.POSRAM, according to a new…
Original release date: January 16, 2014 Google has released Google Chrome 32.0.1700.95 for all Chrome OS devices (except Chromebook Pixel), Google Chrome 32.0.1700.76 for Windows and Chrome Frame, and Google Chrome 32.0.1700.77 for Mac and Linux to address multiple vulnerabilities. These…
The New York Times reports that the NSA has implemented a surveillance program on computers that can communicate without the Internet: The National Security Agency has implanted software in nearly 100,000 computers around the world that allows the United States to conduct surveillance on those…
Original release date: January 15, 2014 Cisco has released a security advisory to address multiple vulnerabilities in Cisco Secure Access Control System (ACS). These vulnerabilities affect the following: Cisco Secure ACS RMI Privilege Escalation Vulnerability Cisco Secure ACS RMI Unauthenticated…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.