Current Activity Calendar
| April 01, 2009 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Conficker Worm Targets Microsoft Windows Systemsadded March 29, 2009 at 08:18 pm | updated March 30, 2009 at 03:06 pm
US-CERT is aware of public reports indicating a widespread infection of the Conficker/Downadup worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across a corporate network, if the network servers are not patched with the MS08-067 patch from Microsoft. Mozilla Foundation Releases Firefox 3.0.8added March 30, 2009 at 09:25 am
Mozilla Foundation has released Firefox 3.0.8 to address two vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. The Mozilla Foundation Security Advisories also indicate that one of these vulnerabilities also affects SeaMonkey. Sun Releases Updates for Java SEadded March 26, 2009 at 08:54 am
Sun has released updates for Java SE to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges. OpenSSL Releases Security Advisoryadded March 26, 2009 at 08:36 am
OpenSSL has released a security advisory to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or bypass security restrictions in affected applications. Cisco Releases Multiple Security Advisories for IOS Vulnerabilitiesadded March 25, 2009 at 03:41 pm
Cisco has released multiple security advisories to address vulnerabilities in IOS Software. These vulnerabilities may allow an attacker to cause a denial-of-service condition, interfere with network traffic, or operate with escalated privileges.
Sun Releases Alert for Java System Identity Manager Vulnerabilitiesadded March 23, 2009 at 12:24 pm
Sun Microsystems has released an alert to address multiple vulnerabilities in the Java System Identity Manager. These vulnerabilities may allow an attacker to execute arbitrary commands, conduct cross-site scripting attacks, modify configuration settings, or obtain sensitive information. Adobe Releases Security Bulletinadded March 18, 2009 at 04:39 pm
Adobe has released security bulletin APSB09-04 to address multiple vulnerabilities, one of which is the JBIG2 vulnerability originally addressed in security advisory APSA09-01 and security bulletin APSB09-03. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Autonomy KeyView SDK Vulnerabilityadded March 18, 2009 at 09:13 am
US-CERT is aware of reports of a vulnerability that affects the Autonomy KeyView SDK wp6sr.dll library. This library is used by certain products, including Lotus Notes and Symantec, to support the handling of Word Perfect documents. By convincing a user to open a specially crafted Word Perfect document with an application using the affected Autonomy KeyView SDK library, a remote attacker may be able to execute arbitrary code.
Waledac Trojan Horse Spam Campaign Circulatingadded March 17, 2009 at 09:08 am
US-CERT is aware of public reports of malicious code circulating via spam email messages related to bogus terror attacks in the recipient's local area. These messages use subject lines implying that a fatal bomb attack has occurred near the recipient and contain a link to "breaking news." Users who click on the link will be taken to a site posing as a Reuters news article that contains a bogus news story about the fatal bomb attack. The systems serving the bogus news story check a visiting user's IP address to obtain a geographical location to insert a nearby placename into the bogus article. The articles also contain links to video content, claiming that the latest Flash Player is required to view the video. If users attempt to update or install the Flash Player from the link provided in the article, their systems may become infected with malicious code.
Adobe Releases Security Updates for Reader 9 and Acrobat 9added March 11, 2009 at 09:45 am | updated March 11, 2009 at 11:18 am
Adobe has released Reader 9.1 and Acrobat 9.1 to address a vulnerability. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 streams. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that it is aware of reports of active exploitation. |
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more