The “Bash Bug” poses a serious threat to computers and networks. The bug is also known as “shellshock”. The hack allows a remote attack to webservers.
Original release date: September 24, 2014 | Last revised: September 26, 2014 US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system. The…
Original release date: September 24, 2014 A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other…
Original release date: September 18, 2014 Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination. Updates available include:…
Original release date: September 16, 2014 Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to…
Original release date: September 11, 2014 Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial…
A Russian hacker reportedly posted 5 million gmail usernames and passwords. Google denies being hacked. In a press release, Google said: One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and…
Original release date: September 10, 2014 Google has released Chrome 37.0.2062.120 for Windows, Mac and Linux. This update addresses multiple vulnerabilities one of which could potentially allow an attacker to cause a denial of service. US-CERT encourages users and administrators to review the…
Original release date: September 09, 2014 Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users…
Original release date: September 09, 2014 Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution,…
It appears one of the largest data breaches has effected customers of the Home Depot. In a statement the company says: We’re looking into some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate. We…
Original release date: September 04, 2014 WordPress 3.9.2 has been released to address multiple vulnerabilities, one of which could allow a possible denial of service issue in PHP’s XML processing. WordPress 3.7.3 or 3.8.3 users will be updated to 3.7.4 or 3.8.4. Users operating older,…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.