Original release date: August 07, 2015 US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025 . Systems may still be vulnerable to exploitation if administrators have not cleared…
Original release date: August 06, 2015 The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. Exploitation of the vulnerability may allow an attacker to read and steal sensitive local files on the victim's…
Original release date: August 04, 2015 WordPress 4.2.3 and prior versions contain critical cross-site scripting and potential SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are…
Original release date: July 31, 2015 The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a…
Original release date: July 31, 2015 The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage…
Original release date: July 30, 2015 Cisco has released software updates to address a vulnerability in Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. US-CERT encourages…
Original release date: July 28, 2015 | Last revised: July 29, 2015 ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Updates available include: BIND 9-version 9.9.7-P2 BIND…
Original release date: July 28, 2015 | Last revised: August 04, 2015 Android devices running Android versions 2.2 through 5.1.1_r5 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially…
Original release date: July 27, 2015 A vulnerability affecting the Uconnect software from FCA has been reported. Exploitation of this vulnerability may allow an unauthorized user to take remote control of an affected vehicle, but the attack requires access to Sprint's cellular network, which…
The BBC reports: Several car infotainment systems are vulnerable to a hack attack that could potentially put lives at risk, a leading security company has said. NCC Group said the exploit could be used to seize control of a vehicle’s brakes and other critical systems. The Manchester-based company…
Original release date: July 23, 2015 WordPress 4.2.2 and prior versions contain critical cross-site scripting vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are encouraged to review the WordPress…
WASHINGTON, DC — The OPM (Office of Personnel Management) was hacked. In a statement, OPM said: The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former…
The IRS announced that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street…
The FBI issued a warning about passengers using in-flight wifi to hack into the plane’s systems. “Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes.…
Wikipedia has reported several cases of government employees and police officers that have made fraudulent changes to Wikipedia pages. In 2014, Russia was caught changing an entry about the downing of a passenger jet from “shot down by terrorists” to “shot down by Ukrainian soldiers.” Also…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.