Original release date: September 30, 2014 Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell (bash) which could allow a remote attacker to execute arbitrary shell commands. US-CERT recommends users and administrators review Apple Security Update HT6495…
The “Bash Bug” poses a serious threat to computers and networks. The bug is also known as “shellshock”. The hack allows a remote attack to webservers.
Original release date: September 24, 2014 | Last revised: September 30, 2014 US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.…
Original release date: September 24, 2014 A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other…
Original release date: September 18, 2014 Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination. Updates available include:…
Original release date: September 16, 2014 Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. US-CERT encourages users and administrators to…
Original release date: September 11, 2014 Cisco has released an advisory to address a vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers that could allow an unauthenticated, remote attacker to cause a denial…
A Russian hacker reportedly posted 5 million gmail usernames and passwords. Google denies being hacked. In a press release, Google said: One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and…
Original release date: September 10, 2014 Google has released Chrome 37.0.2062.120 for Windows, Mac and Linux. This update addresses multiple vulnerabilities one of which could potentially allow an attacker to cause a denial of service. US-CERT encourages users and administrators to review the…
Original release date: September 09, 2014 Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and Air for Windows, Macintosh and Linux. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system. Users…
Original release date: September 09, 2014 Microsoft released updates to address vulnerabilities in Windows, .NET Framework, Internet Explorer and Lync Server as part of the Microsoft Security Bulletin Summary for September 2014. Some of these vulnerabilities could allow remote code execution,…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.