Original release date: July 10, 2014 Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft…
Original release date: July 09, 2014 Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected…
Original release date: July 08, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash…
Original release date: July 08, 2014 Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, and Microsoft Service Bus for Windows Server as part of the Microsoft Security Bulletin Summary for July 2014. Some of these vulnerabilities could allow remote code…
Original release date: July 08, 2014 WordPress 3.8.2 has been released to address multiple vulnerabilities, one of which could allow an attacker to gain unauthorized access using forged authentication cookies. WordPress 3.7.1 users will be updated to 3.7.2, which contains the same security fixes…
Original release date: July 02, 2014 Cisco has released a security advisory to address multiple vulnerabilities in Cisco Unified Communications Domain Manager, some of which may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system. The following…
Original release date: July 01, 2014 Apple has released security updates for Mac OS X, Safari, iOS devices, and Apple TV to address multiple vulnerabilities, some of which could allow attackers to execute arbitrary code with system privileges or cause an unexpected application termination. Updates…
Original release date: June 23, 2014 Multiple weaknesses exist in several server platforms employing IPMI. Exploitation of these vulnerabilities could allow an attacker to take control of the affected system or expose sensitive server information. Server administrators are encouraged to review…
SANS Security Tip: Don’t get hooked by a Phishing expedition Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look…
Original release date: June 17, 2014 Microsoft has released a security advisory to address a vulnerability to the Microsoft Malware Protection Engine. Successful exploitation of the vulnerability could allow an attacker to cause a denial of service. An update is available for the following affected…
From “ask the lawyer on FaceBook”: Irena Dimitrieva June 7 at 9:35am · Edited IMPORTANT NOTE: We only answer questions that involve Pennsylvania law. We are NOT permitted by our rules of ethics to respond to questions that involve other states’ laws. Please do NOT ask questions if you are in…
Original release date: June 13, 2014 The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, Thunderbird, and Netscape Portable Runtime. Exploitation of these vulnerabilities may allow attackers to execute arbitrary code, cause a denial of…
The BBC is reporting that “The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.” Evgeniy Bogachev, said to be known as “lucky12345″ and “slavik”, is accused of being involved in attacks on more than a million…
Ebay was hacked and a database of user information was compromised. Though there is no information on the Ebay website, they said in a statement to a news organization that it is a victim of “a cyber attack on our corporate information network, which compromised a database containing eBay user…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.