Current Activity Calendar
| January 13, 2009 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Oracle Releases Critical Patch Update for January 2009added January 13, 2009 at 04:08 pm
Oracle has released their Critical Patch Update for January 2009 to address 41 vulnerabilities across several products. This update contains the following security fixes:
Microsoft Releases January Security Bulletinadded January 13, 2009 at 02:09 pm
Microsoft has released the Microsoft Security Bulletin Summary for January 2009. Included in this bulletin is an update to address a vulnerability in Microsoft Windows. This vulnerability may allow an attacker to execute arbitrary code. BlackBerry Security Advisoriesadded January 13, 2009 at 10:23 am
Research In Motion has released Security Advisories KB17118 and KB17119 to address vulnerabilities in the PDF Distiller of the BlackBerry Attachment Service for BlackBerry Unite and BlackBerry Enterprise Server. The vulnerabilities are due to the improper processing of PDF files within the Distiller component of the BlackBerry Attachment Service. By convincing a user to open a maliciously crafted PDF attachment on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system running the BlackBerry Attachment Service. Oracle Issues Pre-Release Announcement for January Critical Patch Updateadded January 12, 2009 at 09:09 am
Oracle has issued a Pre-Release Announcement indicating that its January Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products.
US-CERT will provide additional information as it becomes available. Malicious Code Circulating via Israel/Hamas Conflict Spam Messagesadded January 9, 2009 at 09:25 am
US-CERT is aware of public reports of malicious code circulating via spam email messages related to the Israel/Hamas conflict in Gaza. These messages may contain factual information about the conflict and appear to come from CNN. Additionally, the messages indicate that additional news coverage of the conflict can be viewed by following a link provided in the email body. If users click on this link, they are redirected to a bogus CNN website that appears to contain a video. Users who attempt to view this video will be prompted to update to a new version of Adobe Flash Player in order to view the video. This update is not a legitimate Adobe Flash Player update; it is malicious code. If users download this executable file, malicious code may be installed on their systems.
Microsoft Releases Advance Notification for January Security Bulletinadded January 8, 2009 at 01:22 pm
Microsoft has issued a Security Bulletin Advance Notification indicating that the January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this Critical bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday, January 13. Cisco Releases Security Advisory for Global Site Selectoradded January 8, 2009 at 09:03 am
Cisco has released a Security Advisory to address a vulnerability in the Application Control Engine Global Site Selector (GSS). By sending a specially crafted sequence of DNS requests, a remote attacker may be able to cause a denial-of-service condition. OpenSSL Releases Security Advisoryadded January 8, 2009 at 08:47 am
The OpenSSL project has released a Security Advisory to address a vulnerability in OpenSSL. This vulnerability results from several incorrect checks of the result of the EVP_VerifyFinal function when performing signature checks on DSA and ECDSA keys used with SSL/TLS. As a result, a malformed signature could be treated as valid. Exploitation of this vulnerability may allow a remote attacker to bypass signature checks and conduct spoofing attacks. Rogue MD5 SSL Certificate Vulnerabilityadded December 30, 2008 at 05:05 pm | updated December 31, 2008 at 05:54 pm
US-CERT is aware of a public report describing how MD5 collisions can be leveraged to generate rogue SSL CA certificates. A rogue CA certificate could be used by an attacker to generate valid SSL certificates for arbitrary web sites. Using these certificates in DNS redirection attacks, an attacker could spoof an SSL protected web site and obtain sensitive information. Worm Exploiting Vulnerability described in MS08-067added December 31, 2008 at 02:04 pm | updated December 31, 2008 at 05:54 pm
US-CERT is aware of a public report of a worm circulating that has the capability of exploiting the patched vulnerability described in Microsoft Security Bulletin MS08-067.
US-CERT will continue to monitor this activity and provide updates as needed. |
Information For
Sign Up
Reporting
DHS Threat Advisory
![Current National Threat Level is elevated](https://webarchive.library.unt.edu/eot2008/20090114021455im_/http://www.us-cert.gov/images2/current_new.gif)
The threat level in the airline sector is High or Orange. Read more