Current Activity Calendar
| February 07, 2008 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Microsoft Releases Advance Notification for February Security Bulletinadded February 7, 2008 at 01:49 pm
Microsoft has issued a Security Bulletin Advance Notification indicating that its February release cycle will contain 12 bulletins, seven of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, Visual Basic, VBScript, JScript and Internet Explorer. There will also be five Important bulletins for Windows, IIS, Active Directory, ADAM, Office, Works, and Works Suite. The release is scheduled for Tuesday, February 12, 2008. Adobe Reader Updateadded February 7, 2008 at 10:20 am
Adobe has released Adobe Reader 8.1.2 to address multiple unspecified vulnerabilities. Apple QuickTime Updateadded February 7, 2008 at 10:07 am
Apple has released QuickTime 7.4.1 to address a vulnerability in QuickTime. By convincing a user to visit a malicious web site, an attacker may be able to execute arbitrary code or cause a denial of service condition. Sun Java SE 6 Updateadded February 7, 2008 at 09:55 am
Sun has released an update for Java SE 6. This update addresses two vulnerabilities. These vulnerabilities may allow an untrusted application to execute with elevated privileges on an affected system. Fraudulent Microsoft Update Web Siteadded February 6, 2008 at 01:20 pm | updated February 6, 2008 at 02:21 pm
US-CERT is aware of a fraudulent Microsoft Update web site. This web site contains an "Urgent Install" button that, when clicked, attempts to download and install malicious software on a user's system. The file that attempts to download is not signed by Microsoft and is called "WindowsUpdateAgent30-x86-x64.exe". Of further interest, this web site is using fast flux DNS for its web hosting.
Apple Releases Security Update to Address iPhoto Vulnerabilityadded February 6, 2008 at 09:35 am
Apple has released iPhoto 7.1.2 to address a vulnerability in this product. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilitiesadded February 5, 2008 at 11:18 am
US-CERT is aware of publicly available exploit code for vulnerabilities affecting Yahoo! Music Jukebox. These vulnerabilities are caused by buffer overflows in the Yahoo! MediaGrid ActiveX control and the YMP Datagrid ActiveX control. Successful exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system. Publicly Available Exploit for Facebook and MySpace Image Uploader Vulnerabilityadded February 4, 2008 at 10:28 am | updated February 4, 2008 at 11:38 am
US-CERT is aware of publicly available exploit code for an unpatched vulnerability affecting an image uploader used by Facebook and MySpace. This vulnerability is caused by a buffer overflow in Aurigma's ImageUploader ActiveX control. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected system. Department of Justice Phishing Campaignadded February 1, 2008 at 03:35 pm
US-CERT has received reports of a phishing campaign that involves targeted email messages claiming to be from the Department of Justice. The emails include messaging that is designed to convince recipients that they are the subject of a business complaint filed through the Department of Justice. Initial reports indicate that as many as 20,000 users, representing a wide range of companies in the US, Canada, and Australia, have been targeted. Possible Department of Justice Phishing Campaignadded January 31, 2008 at 09:33 pm | updated February 1, 2008 at 08:02 am
US-CERT has received information indicating that a phishing campaign involving targeted malicious email messages may be imminent. The messages may attempt to convince users that they are the subject of a business complaint filed through the Department of Justice, and could include a malicious attachment or a link to a malicious website. |
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more