Original release date: March 06, 2015 FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 ) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android…
Original release date: March 03, 2015 | Last revised: March 04, 2015 The Information Assurance Directorate of the National Security Agency (NSA) has released a report on Defensive Best Practices for Destructive Malware. This report details several steps network defenders can take to detect, contain,…
Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions.…
Original release date: February 25, 2015 Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence…
Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.…
Original release date: February 24, 2015 The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information or execute arbitrary code on…
The Lenovo computer company has admitted to shipping new computers with malware/spyware/adware known as Superfish. The company released a security warning: Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo…
Original release date: February 20, 2015 | Last revised: March 04, 2015 Lenovo consumer personal computers employing the pre-installed Superfish VisualDiscovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a…
Original release date: February 18, 2015 The Internal Revenue Service (IRS) has issued a press release addressing a new spear phishing scam targeting tax preparers and other tax professionals. Scam operators often use fraudulent e-mails to entice their targets to reveal login credentials. US-CERT…
Original release date: February 18, 2015 The Internet Systems Consortium (ISC) has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9.9.6-P2 BIND…
Original release date: February 10, 2015 Microsoft has released updates to address vulnerabilities in Windows as part of the Microsoft Security Bulletin Summary for February 2015. Some of these vulnerabilities could allow remote code execution, security feature bypass, elevation of privilege, or…
Data of 80 million customers accessed and may include names, health ID or social security numbers, birthdate, address, phone number, email address, employment info, etc. From the Desk of Joseph R. Swedish, President and CEO Anthem, Inc. — Safeguarding your personal, financial and medical…
Original release date: January 30, 2015 Overview Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.