Original release date: March 05, 2014 GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform…
Original release date: March 05, 2014 Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system. US-CERT encourages users and administrators to review…
Original release date: February 27, 2014 Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages users and administrators to review Apple Support…
Original release date: February 27, 2014 Apple has released OS X Mavericks v10.9.2 and Security Update 2014-001 to address multiple vulnerabilities for the following versions of OS X: OS X Lion v10.7.5 OS X Lion Server v10.7.5 OS X Mountain Lion v10.8.5 OS X Mavericks v10.9 and v10.9.1 US-CERT…
Original release date: February 27, 2014 Apple has released security updates for Safari 6.1.2Â and 7.0.2 for OS X to address multiple vulnerabilities in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. US-CERT encourages…
Original release date: February 26, 2014 In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that seek to take advantage of the United States tax season. The Internal Revenue Service has issued an advisory on its website warning consumers about…
Original release date: February 26, 2014 Cisco has released a security advisory to address a vulnerability in Cisco Prime Infrastructure software versions 1.2, 1.3, 1.4, and 2.0 which could allow an unauthenticated, remote attacker to execute arbitrary commands with root -level privileges. US-CERT…
Original release date: February 24, 2014 Google has released Google Chrome 33.0.1750.124 for several Chrome OS devices to address multiple vulnerabilities, one of which could allow a server certificate to change in a renegotiation. Users and administrators are encouraged to review the Google…
Original release date: February 21, 2014 Apple has released updates for iOS and Apple TV devices to address a vulnerability that allows an attacker with a privileged network position to capture or modify data in protected SSL/TLS sessions. Updates are available: iOS 6.1.6 for iPhone 3GS and iPod…
Original release date: February 21, 2014 Google has released Google Chrome 33.0.1750.117 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to completely compromise a vulnerable system. Users and administrators are encouraged…
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the…
Original release date: February 04, 2014 | Last revised: February 05, 2014 Overview Whether traveling to Sochi, Russia for the XXII Olympic Winter Games, or viewing the games from locations abroad, there are several cyber-related risks to consider. As with many…
Usernames and passwords were stolen from Yahoo! accounts. Yahoo says: Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users,…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.