Original release date: March 12, 2015 Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Adobe Security…
Wikimedia, the non-profit organization that runs Wikipedia has filed a lawsuit against the NSA over mass surveillance. In a press release, Wikimedia stated: The Wikimedia Foundation is filing suit against the National Security Agency (NSA) and the Department of Justice (DOJ) of the United States…
Original release date: March 10, 2015 Microsoft has released updates to address Windows vulnerabilities as part of the Microsoft Security Bulletin Summary for March 2015. Exploitation of one of these vulnerabilities ( FREAK ) could allow a remote attacker to decrypt secure communications between…
Original release date: March 09, 2015 Apple has released security updates for OS X, iOS, and Apple TV to address multiple vulnerabilities, one of which may allow an attacker to decrypt secure communications between vulnerable clients and servers ( FREAK ). Updates available include: Xcode 6.2 for OS…
Original release date: March 06, 2015 FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204 ) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android…
Original release date: March 03, 2015 | Last revised: March 04, 2015 The Information Assurance Directorate of the National Security Agency (NSA) has released a report on Defensive Best Practices for Destructive Malware. This report details several steps network defenders can take to detect, contain,…
Original release date: March 02, 2015 The Federal Trade Commission (FTC) has released an advisory describing the top 10 reported imposter scams for 2014. Scam operators often impersonate individuals, companies, and organizations to entice targets to participate in fraudulent financial transactions.…
Original release date: February 25, 2015 Cisco has identified a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. Cisco Network Convergence…
Original release date: February 24, 2015 Linux and Unix based operating systems employing Samba versions 3.5.0 through 4.2.0rc4 contain a vulnerability in the Server Message Block daemon (smbd). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.…
Original release date: February 24, 2015 The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to obtain sensitive information or execute arbitrary code on…
The Lenovo computer company has admitted to shipping new computers with malware/spyware/adware known as Superfish. The company released a security warning: Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo…
Original release date: February 20, 2015 | Last revised: March 04, 2015 Lenovo consumer personal computers employing the pre-installed Superfish VisualDiscovery software contain a critical vulnerability through a compromised root CA certificate. Exploitation of this vulnerability could allow a…
Data of 80 million customers accessed and may include names, health ID or social security numbers, birthdate, address, phone number, email address, employment info, etc. From the Desk of Joseph R. Swedish, President and CEO Anthem, Inc. — Safeguarding your personal, financial and medical…
Original release date: January 30, 2015 Overview Throughout the year, scam artists pose as legitimate entities—such as the Internal Revenue Service (IRS), other government agencies, and financial institutions—in an attempt to defraud taxpayers. They employ…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.