The FBI issued a warning about passengers using in-flight wifi to hack into the plane’s systems. “Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes.…
Original release date: April 23, 2015 WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability. US-CERT recommends users and administrators review the…
Original release date: April 21, 2015 The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without…
Original release date: April 21, 2015 The Mozilla Foundation has released Firefox 37.0.2 to address a vulnerability that may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review the Firefox Security Advisory and apply the necessary…
Original release date: April 15, 2015 | Last revised: April 16, 2015 Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users…
Original release date: April 15, 2015 Google has released Chrome 42.0.2311.90 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators…
Original release date: April 15, 2015 Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected…
Original release date: April 14, 2015 Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass. US-CERT…
Original release date: April 09, 2015 WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system. Users and administrators are encouraged to review the…
Original release date: April 08, 2015 Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: OS X…
Original release date: April 08, 2015 The Network Time Foundation's NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition. Users and…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.