Original release date: January 08, 2015 OpenSSL has released updates patching eight vulnerabilities, one of which may allow an attacker to cause a Denial of Service condition. Â The following updates are available:Â OpenSSL 1.0.1k for 1.0.1 users OpenSSL 1.0.0p for 1.0.0 users OpenSSL 0.9.8zd for…
Original release date: December 23, 2014 Apple has released security updates for OS X Mountain Lion, Mavericks, and Yosemite to address multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to take control of a vulnerable…
Original release date: December 22, 2014 The Open Source Computer Security Incident Response Team (oCERT) has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user…
Original release date: December 20, 2014 Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device. Users and…
Original release date: December 19, 2014 NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code. US-CERT encourages users and administrators to review…
Original release date: December 19, 2014 The Federal Trade Commission (FTC) has released a Scam Alert addressing a "Package Delivery" themed phishing campaign regarding package delivery notifications from the U.S. Postal Service. Scam operators often use false information linked to…
Who is held accountable for the Sony network hack? According to Homeland Security, the FTC and other government agencies — Sony. Sony is responsible for the personal data stored on their servers. A former employee currently involved in a class-action suit against Sony said, “The real problem…
Original release date: December 12, 2014 Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system. Users and administrators are encouraged to review the Docker Security Advisory…
Original release date: December 09, 2014 VMware has released security updates to address a critical vulnerability in vCloud Automation Center (vCAC), which could allow a remote attacker to take control of a vulnerable system. US-CERT encourages users and administrators to review VMware Security…
Original release date: December 09, 2014 A new variant of the POODLE attack may affect some TLS implementations on account of an issue similar to one present in SSL 3.0. Successful exploitation may enable actors to derive plaintext from encrypted communications. US-CERT encourages users and…
Original release date: December 09, 2014 Adobe has released security updates to address multiple vulnerabilities in Flash, Reader, Acrobat, and ColdFusion. Exploitation of these vulnerabilities may allow a remote attacker to take over an affected system. US-CERT recommends users and administrators…
From June 2009 to June 2014 the Internet Crime Complaint Center (IC3) received over 6800 complaints regarding criminals targeting online consumers by posting false advertisements for high priced items such as automobiles, boats, heavy equipment, recreational vehicles, lawn mowers, tractors, and…
The FBI reminds shoppers in advance of the holiday shopping season to beware of cyber criminals and their aggressive and creative ways to steal money and personal information. Scammers use many techniques to defraud consumers by offering too good to be true deals via phishing e-mails advertising…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.