1-888-595-0672[email protected]

Posts on Jan 1970

IC3 Releases 2014 Internet Crime Report

IC3 – The Internet Crime Complaint Center has released its 2014 Internet Crime Report, which reveals that social media related scams such as doxing, click-jacking, and pharming have significantly increased over the past five years.

Please review the IC3 Alert for details and refer to the US-CERT Tip ST04-014 for information on social engineering and phishing attacks.

“IC3 Issues Internet Crime Report for 2014.” IC3 Issues Internet Crime Report for 2014. US-CERT, 22 May 2015. Web. 26 May 2015.

Read More
Google Releases Security Update for Chrome

Chrome version 43.0.2357.65 for Windows, Mac, and Linux has been released by Google to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.

Review the Google Chrome blog entry and apply the updates.

“Google Releases Security Update for Chrome.” US-CERT. Department of Homeland Security, 19 May 2015. Web. 19 May 2015.

Read More
Apple Releases Security Updates for Safari

Security updates for Safari have been released by Apple to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system.

Available updates include:

  • Safari 8.0.6 for OS X Yosemite v10.10.3
  • Safari 7.1.6 for OS X Mavericks v10.9.5
  • Safari 6.2.6 for OS X Mountain Lion v10.8.5

Please review HT204826 and apply the necessary updates.

“Apple Releases Security Updates for Safari.” US-CERT. Department of Homeland Security, 7 May 2015. Web. 11 May 2015.

Read More
Cisco UCS Central Software Vulnerability

A security advisory has been released by Cisco to address a vulnerability in the web framework of Cisco Unified Computing System (UCS) Central Software. A remote attacker may take control of an affected system by the exploitation of this vulnerability.

Please review the Cisco Security Advisory and apply the necessary updates.

 

“Cisco UCS Central Software Vulnerability.” US-CERT. Department of Homeland Security, 8 May 2015. Web. 11 May 2015.

Read More
Update TLS/SSL (Transport Layer Security and Secure Socket Layer)

It is recommended to upgrade TLS to 1.1 or higher and ensuring TLS 1.0 and SSL 1, 2, 3.x are disabled, unless required. TLS 1.0 clients can fall back to version 3.0 of the SSL protocol, which is vulnerable to a padding oracle attack when Cypher-Block Chaining mode is used. This method is commonly referred to as the POODLE (Padding Oracle on Downgraded Legacy Encryption) attack. Vulnerable TLS implementations can be updated by applying the patch provided by the vendor. Vendor information is available in the National Vulnerability Database.

Read More
Nepal Earthquake Disaster Email Scams

There are potential email scams referring the earthquake in Nepal. The scam emails may contain links or attachments that may direct users to phishing or malware infected websites. It is common for phishing emails and websites requesting donations for fraudulent charitable organizations to appear after these types of natural disasters.

You can take some measures to protect yourself:

  • Do not click on unsolicited web links or attachments in email messages.
  • Always keep your antivirus software up-to-date.
  • Review the Federal Trade Commission’s Charity Checklist.
  • Contact the organization directly to verify the legitimacy of the email through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.
  • Review Security Tip (ST04-014) on Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.

“Nepal Earthquake Disaster Scams | US-CERT.” US-CERT. Department of Homeland Security, 30 Apr. 2015. Web. 06 May 2015.

Read More