Microsoft Releases May 2017 Security Updates

Microsoft has released updates to address vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of a system.

US-CERT encourages users and administrators to review Microsoft’s May 2017 Security Update Summary (link is external) and Deployment Information (link is external) and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/09/Microsoft-Releases-May-2017-Security-Updates

FTC Announces Resource for Small Business Owners

The Federal Trade Commission (FTC) has released an announcement about its new website devoted to protecting small businesses. This resource aims to help business owners avoid scams, protect their computers and networks, and keep their customers’ and employees’ data safe.

Business owners and other interested parties are encouraged to explore the new FTC website and review US-CERT resources for small and midsize businesses.

Source: https://www.us-cert.gov/ncas/current-activity/2017/05/09/FTC-Announces-Resources-Small-Businesses

Linux Kernel Vulnerability

US-CERT is aware of a Linux kernel vulnerability affecting Linux PCs and servers and Android-based devices. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

US-CERT recommends that users and administrators review the Redhat Security Blog (link is external) and the Debian Security Bug Tracker for additional details and refer to their Linux or Unix-based OS vendors for appropriate patches.

Source: https://www.us-cert.gov/ncas/current-activity/2016/01/19/Linux-Kernel-Vulnerability

Google Releases Security Update for Chrome

Google has released Chrome version 47.0.2526.80 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.

Source: https://www.us-cert.gov/ncas/current-activity/2015/12/08/Google-Releases-Security-Update-Chrome

US-CERT Alerts Users to Holiday Phishing Scams and Malware Campaigns

US-CERT reminds users to remain vigilant when browsing or shopping online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.

To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following actions:

  • Avoid following unsolicited links or downloading attachments from unknown sources.

If you believe you are a victim of a holiday phishing scam or malware campaign, consider the following actions:

  • Contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.
  • Immediately change any passwords you might have revealed and do not use that password in the future. Avoid reusing passwords on multiple sites.

Source: https://www.us-cert.gov/ncas/current-activity/2015/11/25/US-CERT-Alerts-Users-Holiday-Phishing-Scams-and-Malware-Campaigns

Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip

Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review Adobe Security Bulletins for ColdFusion (link is external), LiveCycle Data Services (link is external), and Adobe Premier Clip (link is external) and apply the necessary updates.

Source: https://www.us-cert.gov/ncas/current-activity/2015/11/17/Adobe-Releases-Security-Updates-ColdFusion-LiveCycle-Data-Services

Apache Commons Collections Java Library Vulnerability

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections (ACC) Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution.

US-CERT encourages users and administrators to review Vulnerability Note VU#576313 for more information and apply the necessary mitigations.

Source: https://www.us-cert.gov/ncas/current-activity/2015/11/13/Apache-Commons-Collections-Java-Library-Vulnerability