The IRS announced that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street…
Original release date: May 22, 2015 | Last revised: May 25, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media—including doxing, click-jacking, and pharming—have increased substantially over the past five…
Original release date: May 19, 2015 Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and…
Original release date: May 14, 2015 Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service…
Original release date: May 12, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive…
Original release date: May 12, 2015 Adobe has released security updates to address multiple vulnerabilities in Flash Player, Reader, and Acrobat. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged…
Original release date: May 12, 2015 Microsoft has released 13 updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass. US-CERT encourages…
Original release date: May 08, 2015 Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT…
Original release date: May 07, 2015 WordPress 4.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress…
Original release date: May 07, 2015 Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: Safari 8.0.6 for OS X Yosemite v10.10.3…
Original release date: April 30, 2015 US-CERT warns users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent…
The FBI issued a warning about passengers using in-flight wifi to hack into the plane’s systems. “Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes.…
Wikipedia has reported several cases of government employees and police officers that have made fraudulent changes to Wikipedia pages. In 2014, Russia was caught changing an entry about the downing of a passenger jet from “shot down by terrorists” to “shot down by Ukrainian soldiers.” Also…
Wikimedia, the non-profit organization that runs Wikipedia has filed a lawsuit against the NSA over mass surveillance. In a press release, Wikimedia stated: The Wikimedia Foundation is filing suit against the National Security Agency (NSA) and the Department of Justice (DOJ) of the United States…
The Lenovo computer company has admitted to shipping new computers with malware/spyware/adware known as Superfish. The company released a security warning: Lenovo Security Advisory: LEN-2015-010 Potential Impact: Man-in-the-Middle Attack Severity: High Summary: This advisory only applies to Lenovo…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.