Nepal Earthquake Disaster Email Scams

Original release date: April 30, 2015 US-CERT warns users of potential email scams citing the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. Phishing emails and websites requesting donations for fraudulent charitable organizations commonly appear after these types of natural disasters. US-CERT Read more about Nepal Earthquake Disaster Email Scams[…]

WordPress Releases Security Update

Original release date: April 23, 2015 WordPress 4.1.2 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 4.1.1 and earlier are affected by this vulnerability. US-CERT recommends users and administrators review the WordPress Security Release and apply the necessary updates. This product Read more about WordPress Releases Security Update[…]

IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials

Original release date: April 21, 2015 The Internet Crime Complaint Center (IC3) has issued an alert warning that law enforcement personnel and public officials may be at an increased risk of cyber attacks. Doxing—the act of gathering and publishing individuals’ personal information without permission—has been observed. Hacking collectives may exploit publicly available information identifying officers Read more about IC3 Warns of Cyber Attacks Focused on Law Enforcement and Public Officials[…]

Information Security

Oracle Releases April 2015 Security Advisory

Original release date: April 15, 2015 | Last revised: April 16, 2015 Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Read more about Oracle Releases April 2015 Security Advisory[…]

Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex

Original release date: April 15, 2015 Adobe has released three security updates to address multiple vulnerabilities in Flash Player, ColdFusion, and Flex. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system, or lead to a reflected cross-site scripting attack. Users and administrators are encouraged to review Adobe Security Read more about Adobe Releases Security Updates for Flash Player, ColdFusion, and Flex[…]

Microsoft Releases April 2015 Security Bulletin

Original release date: April 14, 2015 Microsoft has released eleven updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass. US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-032 – MS15-042 and apply the necessary Read more about Microsoft Releases April 2015 Security Bulletin[…]

Information Security

WP Super Cache Cross-Site Scripting (XSS) Vulnerability

Original release date: April 09, 2015 WP Super Cache, a WordPress plugin, contains a persistent XSS vulnerability in versions prior to 1.4.4. Exploitation of this vulnerability could allow a remote attacker to take control of the affected system. Users and administrators are encouraged to review the WP Super Cache Changelog for more information and update Read more about WP Super Cache Cross-Site Scripting (XSS) Vulnerability[…]

Information Security

Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV

Original release date: April 08, 2015 Apple has released security updates for OS X, iOS, Safari, and Apple TV to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: OS X Yosemite v10.10.3 and Security Update 2015-004 for OS X Read more about Apple Releases Security Updates for OS X, iOS, Safari, and Apple TV[…]

Information Security

Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)

Original release date: April 08, 2015 The Network Time Foundation’s NTP Project has released an update addressing multiple vulnerabilities in ntpd. Exploitation of these vulnerabilities may allow an attacker to conduct a man-in-the-middle attack or cause a denial of service condition. Users and administrators are encouraged to review Vulnerability Note VU#374268 for more information and Read more about Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)[…]

Information Security

IC3 Issues Alert for Fake Government Websites

Original release date: April 07, 2015 The Internet Crime Complaint Center (IC3) has released an alert that warns consumers of fraudulent government-services websites that mimic legitimate ones.  Scam operators lure consumers to these fraudulent websites in order to steal their personal identifiable information (PII) and collect fees for services that are never delivered. US-CERT encourages Read more about IC3 Issues Alert for Fake Government Websites[…]