Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review…
Original release date: December 19, 2014 The Federal Trade Commission (FTC) has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to…
Who is held accountable for the Sony network hack? According to Homeland Security, the FTC and other government agencies — Sony. Sony is responsible for the personal data stored on their servers. A former employee currently involved in a class-action suit against Sony said, “The real problem…
Original release date: December 12, 2014 Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system. Users and administrators are encouraged to review the Docker Security Advisory…
Original release date: December 09, 2014 VMware has released security updates to address a critical vulnerability in vCloud Automation Center (vCAC), which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security…
Original release date: December 09, 2014 A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and…
Original release date: December 09, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion. Exploitation of these vulnerabilities may allow a remote attacker to take over an affected system. US-CERT recommends users and administrators…
Original release date: December 09, 2014 Microsoft has released updates to address vulnerabilities in Exchange, Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for December 2014. Some of these vulnerabilities could allow elevation of privilege, remote code…
From June 2009 to June 2014 the Internet Crime Complaint Center (IC3) received over 6800 complaints regarding criminals targeting online consumers by posting false advertisements for high priced items such as automobiles, boats, heavy equipment, recreational vehicles, lawn mowers, tractors, and…
The FBI reminds shoppers in advance of the holiday shopping season to beware of cyber criminals and their aggressive and creative ways to steal money and personal information. Scammers use many techniques to defraud consumers by offering too good to be true deals via phishing e-mails advertising…
Original release date: December 08, 2014 The Internet Systems Consortium (ISC) has released security updates to address multiple vulnerabilities in BIND, one of which may allow a remote attacker to cause a denial of service. Updates available include: BIND 9 version 9.9.6-P1 BIND 9 version 9.10.1-P1…
Original release date: December 05, 2014 VMware has released a security advisory to address multiple vulnerabilities in vCenter Server, vCenter Server Appliance, and ESXi. Exploitation of these vulnerabilities may allow a remote attacker to perform man-in-the-middle or cross-site scripting attacks.…
Original release date: December 04, 2014 | Last revised: December 05, 2014 Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial of service or execute arbitrary code on an affected…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.