Original release date: June 12, 2015 OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam ( CVE-2015-4000 ). Exploitation of some of these…
Original release date: June 11, 2015 The Internet Crime Complaint Center (IC3) has released an alert warning consumers of fraud around the resale of gift cards. The secondary gift card market has grown in recent years, and criminal activity has been identified on sites facilitating such exchanges.…
Original release date: June 11, 2015 Cisco has identified a vulnerability that could allow an unauthenticated remote attacker to cause a denial-of-service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. A Cisco Carrier Routing System 3…
Original release date: June 11, 2015 Ubuntu has released 10 security updates to address multiple vulnerabilities affecting Ubuntu 15.04, 14.10, 14.04 LTS, and 12.04 LTS. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected system. US-CERT…
Original release date: June 09, 2015 VMWare has released four updates to address vulnerabilities in VMWare Workstation, Player, Fusion, and Horizon Client. Exploitation of some of these vulnerabilities could allow denial-of-service condition or remote code execution on the Windows OS running these…
Original release date: June 09, 2015 Microsoft has released eight updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges. US-CERT encourages users and administrators to review Microsoft…
Original release date: June 09, 2015 Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators…
WASHINGTON, DC — The OPM (Office of Personnel Management) was hacked. In a statement, OPM said: The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former…
The IRS announced that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street…
Original release date: May 22, 2015 | Last revised: May 25, 2015 The Internet Crime Complaint Center (IC3) has released its Internet Crime Report for 2014, indicating that scams relating to social media—including doxing, click-jacking, and pharming—have increased substantially over the past five…
Original release date: May 19, 2015 Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. US-CERT encourages users and…
Original release date: May 14, 2015 Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service…
The FBI issued a warning about passengers using in-flight wifi to hack into the plane’s systems. “Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes.…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.