Personal Device Security During the Holiday Season

Original release date: December 21, 2015 As the winter holiday travel season begins, US-CERT and Stop.Think.Connect would like to remind users to be mindful of the security risks associated with portable devices such as smart phones, tablets, and laptops. These devices offer a range of conveniences such as allowing us to order gifts on-the-go, providing Read more about Personal Device Security During the Holiday Season[…]

IRS Releases Fourth Tax Security Tip

Original release date: December 17, 2015 The Internal Revenue Service (IRS) has released the fourth in a series of tips intended to help the public protect personal and financial data online and at home. This tip focuses on protecting your passwords. Recommendations include creating longer and more complex passwords, not using the same passwords for Read more about IRS Releases Fourth Tax Security Tip[…]

Juniper Releases Out-of-band Security Advisory for ScreenOS

Original release date: December 17, 2015 Juniper has discovered unauthorized code in ScreenOS which could allow an attacker to take control of NetScreen devices and to decrypt VPN connections. US-CERT recommends that users and administrators review Juniper Security Bulletin 2015-12 and update all affected ScreenOS versions.   This product is provided subject to this Notification Read more about Juniper Releases Out-of-band Security Advisory for ScreenOS[…]

Securing Home and Small Business Routers

Original release date: December 15, 2015 Home and Small Business routers have become the ideal target for attackers seeking to gain control over a user’s gateway to the Internet. Router misconfigurations (e.g., default credentials, interfaces open to the Internet) or the lack of security precautions (e.g., absence of updates) may make users susceptible to exploitation. Read more about Securing Home and Small Business Routers[…]

Internet Systems Consortium (ISC) Releases Security Updates for BIND

Original release date: December 15, 2015 ISC has released security updates to address vulnerabilities in BIND. Exploitation of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition. Available updates include: BIND 9 version 9.9.8-P2 BIND 9 version 9.10.3-P2 BIND 9 version 9.9.8-S3 Users and administrators are encouraged to review ISC Knowledge Base Read more about Internet Systems Consortium (ISC) Releases Security Updates for BIND[…]

Information Security

Mozilla Releases Security Updates for Firefox and Firefox ESR

Original release date: December 15, 2015 The Mozilla Foundation has released security updates to address vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Available updates include: Firefox 43 Firefox ESR 38.5 US-CERT encourages users and administrators to review the Read more about Mozilla Releases Security Updates for Firefox and Firefox ESR[…]

Symantec Releases Security Update

Original release date: December 15, 2015 Symantec has released an update to address vulnerabilities in Symantec Endpoint Protection version 12.1. Exploitation of this vulnerability may allow an attacker to take control of an affected system. US-CERT encourages users and administrators to review the Security Advisory from Symantec (link is external) and apply the necessary update. Read more about Symantec Releases Security Update[…]

Information Security

Joomla! Releases Security Update for CMS

Original release date: December 15, 2015 Joomla! has released version 3.4.6 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected website. US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT’s Alert on Read more about Joomla! Releases Security Update for CMS[…]

Information Security

Apple Releases Security Update for iTunes

Original release date: December 11, 2015 Apple has released a security update for Apple iTunes to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review information on iTunes 12.3.2 and apply the necessary update. This product is Read more about Apple Releases Security Update for iTunes[…]

Information Security

Apple Releases Multiple Security Updates

Original release date: December 08, 2015 Apple has released security updates for iOS 9.2, tvOS 9.1, OS X, watchOS 2.1, Safari 9.0.2, and Xcode 7.2 to address multiple vulnerabilities, one of which could allow a remote attacker to take control of an affected system. Updates available include: iOS 9.2 for iPhone 4s and later, iPod Read more about Apple Releases Multiple Security Updates[…]