Original release date: June 25, 2015 Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may…
Original release date: June 24, 2015 The Financial Services Information Sharing and Analysis Center (FS-ISAC) and federal law enforcement agencies have released a joint alert warning companies of a sophisticated wire payment scam referred to as business email compromise (BEC). Scammers use…
Original release date: June 23, 2015 The Internet Crime Complaint Center (IC3) has issued an alert warning that U.S. individuals and businesses are still at risk of CryptoWall ransomware fraud. Scam operators use ransomware—a type of malicious software—to infect a device and restrict access…
Original release date: June 23, 2015 Adobe has released security updates to address a critical vulnerability in Flash Player for Windows, Macintosh, and Linux. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are…
Original release date: June 22, 2015 Google has released Chrome version 43.0.2357.130 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow an attacker to obtain sensitive information. Users and administrators are encouraged to review…
Original release date: June 18, 2015 Drupal has released updates to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to gain access to a system account, including an administrator's. Available updates include: • Drupal core 6.36 for…
Original release date: June 16, 2015 Adobe has released security updates for Adobe Photoshop Creative Cloud (CC) and Bridge CC to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users…
Original release date: June 12, 2015 OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam ( CVE-2015-4000 ). Exploitation of some of these…
Original release date: June 11, 2015 The Internet Crime Complaint Center (IC3) has released an alert warning consumers of fraud around the resale of gift cards. The secondary gift card market has grown in recent years, and criminal activity has been identified on sites facilitating such exchanges.…
Original release date: June 11, 2015 Cisco has identified a vulnerability that could allow an unauthenticated remote attacker to cause a denial-of-service condition. The vulnerability is due to improper processing of malformed IPv6 packets carrying extension headers. A Cisco Carrier Routing System 3…
WASHINGTON, DC — The OPM (Office of Personnel Management) was hacked. In a statement, OPM said: The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former…
The IRS announced that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street…
The FBI issued a warning about passengers using in-flight wifi to hack into the plane’s systems. “Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes.…
Wikipedia has reported several cases of government employees and police officers that have made fraudulent changes to Wikipedia pages. In 2014, Russia was caught changing an entry about the downing of a passenger jet from “shot down by terrorists” to “shot down by Ukrainian soldiers.” Also…
Wikimedia, the non-profit organization that runs Wikipedia has filed a lawsuit against the NSA over mass surveillance. In a press release, Wikimedia stated: The Wikimedia Foundation is filing suit against the National Security Agency (NSA) and the Department of Justice (DOJ) of the United States…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.