Original release date: August 13, 2015 Apple has released security updates for OS X Server, iOS, Safari, and Yosemite to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: iOS…
Original release date: August 12, 2015 Certain Lenovo personal computers contain a vulnerability in LSE (a Lenovo BIOS feature). Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Lenovo Security…
Original release date: August 12, 2015 Cisco has observed increasingly complex attacks that could allow an attacker to gain administrative access to a Cisco IOS device by installing a malicious ROMMON image. Successful exploitation using this image could allow an attacker to manipulate device…
Original release date: August 11, 2015 The Mozilla Foundation has released security updates to address critical vulnerabilities in Firefox, Firefox ESR, and Firefox OS. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates…
Original release date: August 11, 2015 Microsoft has released 14 updates to address vulnerabilities in Microsoft Windows. Exploitation of some of these vulnerabilities could allow remote code execution or elevation of privileges and information disclosure. US-CERT encourages users and administrators…
Original release date: August 11, 2015 Adobe has released security updates to address multiple vulnerabilities in Flash Player for Windows, Macintosh, and Linux. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators…
Original release date: August 07, 2015 US-CERT is aware of continued exploitation of insecurely stored passwords in Group Policy Preferences, due to incomplete implementations of Microsoft Security Bulletin MS14-025 . Systems may still be vulnerable to exploitation if administrators have not cleared…
Original release date: August 06, 2015 | Last revised: August 11, 2015 The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. Exploitation of the vulnerability may allow an attacker to steal files from an…
Original release date: August 04, 2015 WordPress 4.2.3 and prior versions contain critical cross-site scripting and potential SQL injection vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected website. Users and administrators are…
Original release date: July 31, 2015 The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a…
The BBC reports: Several car infotainment systems are vulnerable to a hack attack that could potentially put lives at risk, a leading security company has said. NCC Group said the exploit could be used to seize control of a vehicle’s brakes and other critical systems. The Manchester-based company…
WASHINGTON, DC — The OPM (Office of Personnel Management) was hacked. In a statement, OPM said: The U.S. Office of Personnel Management (OPM) recently became aware of a cybersecurity incident affecting its systems and data that may have compromised the personal information of current and former…
The IRS announced that criminals used taxpayer-specific data acquired from non-IRS sources to gain unauthorized access to information on approximately 100,000 tax accounts through IRS’ “Get Transcript” application. This data included Social Security information, date of birth and street…
The FBI issued a warning about passengers using in-flight wifi to hack into the plane’s systems. “Although the media claims remain theoretical and unproven, the media publicity associated with these statements may encourage actors to use the described intrusion methods,” the alert notes.…
Wikipedia has reported several cases of government employees and police officers that have made fraudulent changes to Wikipedia pages. In 2014, Russia was caught changing an entry about the downing of a passenger jet from “shot down by terrorists” to “shot down by Ukrainian soldiers.” Also…
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.