Original release date: July 22, 2014 The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code. The following updates are available: Firefox 31 Thunderbird 31 Firefox…
Original release date: July 22, 2014 The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack" (iDATA) cyber research program. The report contains descriptions and outcomes from a number of…
Original release date: July 21, 2014 Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to…
Original release date: July 16, 2014 Cisco has released an advisory to address a vulnerability in the web server used in multiple Wireless Residential Gateway products that could allow an unauthenticated, remote attacker to crash the web server and execute arbitrary code with elevated privileges.…
Original release date: July 15, 2014 Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products. This update contains the following security fixes: 5 for Oracle Database Server 29 for Oracle Fusion Middleware 7 for Oracle Hyperion 1 for Oracle…
Original release date: July 10, 2014 Microsoft has released a security advisory to address improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft…
Original release date: July 09, 2014 Multiple Cisco products include an implementation of Apache Struts 2 which contains a vulnerability that could allow an unauthenticated, remote attacker to bypass security restrictions and execute arbitrary commands on a targeted system. Cisco products affected…
Original release date: July 08, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash Player and Air. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. The following updates are available: Adobe Flash…
Original release date: July 08, 2014 Microsoft has released updates to address vulnerabilities in Windows, Internet Explorer, and Microsoft Service Bus for Windows Server as part of the Microsoft Security Bulletin Summary for July 2014. Some of these vulnerabilities could allow remote code…
Original release date: July 08, 2014 WordPress 3.8.2 has been released to address multiple vulnerabilities, one of which could allow an attacker to gain unauthorized access using forged authentication cookies. WordPress 3.7.1 users will be updated to 3.7.2, which contains the same security fixes…
SANS Security Tip: Don’t get hooked by a Phishing expedition Don’t reply to email or pop-up messages that ask for personal or financial information, and don’t click on links in the message. Don’t cut and paste a link from the message into your Web browser — phishers can make links look…
From “ask the lawyer on FaceBook”: Irena Dimitrieva June 7 at 9:35am · Edited IMPORTANT NOTE: We only answer questions that involve Pennsylvania law. We are NOT permitted by our rules of ethics to respond to questions that involve other states’ laws. Please do NOT ask questions if you are in…
The BBC is reporting that “The US has charged a Russian man with being behind a major cybercrime operation that affected individuals and businesses worldwide.” Evgeniy Bogachev, said to be known as “lucky12345″ and “slavik”, is accused of being involved in attacks on more than a million…
Ebay was hacked and a database of user information was compromised. Though there is no information on the Ebay website, they said in a statement to a news organization that it is a victim of “a cyber attack on our corporate information network, which compromised a database containing eBay user…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.