Feed aggregator

Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 23.0.1271.64. This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Secure updates are available for the following versions of Adobe Flash Player: Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh Adobe Flash Player 11.2.202.243 and earlier versions for Linux Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x US-CERT encourages users and administrators to review Adobe Security Bulletin APSB12-24 and follow best practice security policies to determine if their organization is affected and the appropriate response. This product is provided subject to this Notification and this Privacy & Use policy.

Cisco Prime Data Center Network Manager (DCNM) contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released software updates that address this vulnerability. US-CERT encourages users and administrators of this software to review Cisco Security Advisory 20121031-DCNM and follow best-practice security policies to determine if their organization is affected and the appropriate response. This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released a security bulletin to address multiple vulnerabilities in Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Adobe security bulletin APSB12-23 and update to Adobe Shockwave Player 11.6.8.638 to help mitigate the risks. Additional information regarding CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, and CVE-2012-4176 can be found in Vulnerability Note VU#872545. This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and earlier versions for Linux, Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. US-CERT encourages users and administrators to review Adobe Security Bulletin APSB12-22 and apply any necessary updates to help mitigate the risks. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, SQL Server, Server Software, Office, and Lync as part of the Microsoft Security Bulletin summary for October 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

Adobe has released a security bulletin to address an issue with a current Adobe code signing certificate. The certificate to be revoked has been used to sign malicious code. The certificate will be revoked on October 4, 2012 for all software code signed after July 10, 2012. Adobe is issuing a new digital certificate for all affected products. US-CERT encourages users and administrators to review the Adobe Security Bulletin ASPA12-01 and take any necessary actions to help mitigate the risk. This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems (CMSs) such as Wordpress and Joomla. Compromised CMS installations can be used to host malicious content. US-CERT recommends that users and administrators ensure that their CMS installations are patched or upgraded to remove known vulnerabilities. This may require contacting the hosting provider. Also, users and administrators can check for known vulnerabilities in the National Vulnerability Database by searching their CMS by name. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released Security Advisory 2757760 to address a vulnerability in Microsoft Internet Explorer 6, 7 , 8, and 9. This vulnerability may allow an attacker to execute arbitrary code if a user accesses specially crafted HTML documents (e.g., a web page or an HTML email message or attachment). US-CERT encourages users and administrators to review Microsoft Security Advisory 2757760. This advisory indicates that the workaround does not correct the vulnerability, but it may help mitigate the risk against known attack vectors. Additional information regarding CVE-2012-4969 can be found in the US-CERT Technical Alert TA12-262A and Vulnerability Note VU#480095. Update: Microsoft has released an out-of-band patch to address this vulnerability. US-CERT encourages users and administrators to review Microsoft Security Bulletin MS12-063 and apply any necessary updates to help mitigate the risk. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Development Tools and Server Software as part of the Microsoft Security Bulletin summary for September 2012. These vulnerabilities may allow an attacker to operate with elevated privileges. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI). Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user's computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services. Affected users should not follow the payment instructions. US-CERT encourages users to follow the recommendations in Security Tip ST05-006, Recovering from Viruses, Worms, and Trojan Horses. Users may also choose to file a complaint with the FBI's Internet Crime Complaint Center (IC3). This product is provided subject to this Notification and this Privacy & Use policy.

US-CERT has released Vulnerability Note VU#636312 to address a vulnerability in Oracle Java Runtime Environment (JRE) 1.7. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. US-CERT encourages users and administrators to review Vulnerability Note VU#636312. This advisory includes possible workarounds that help mitigate the risk against known attack vectors by disabling the Java plug-in. Update: Oracle has released an out-of-band patch to address this vulnerability. US-CERT encourages users and administrators to review the Oracle Security Alert for CVE-2012-4681 and apply any necessary updates to help mitigate the risk. This product is provided subject to this Notification and this Privacy & Use policy.

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Office, SQL Server, Server Software, Developer Tools, and Exchange Server as part of the Microsoft Security Bulletin summary for August 2012. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with elevated privileges. US-CERT encourages users and administrators to review the bulletin and follow best-practice security policies to determine which updates should be applied. Additional information regarding the bulletin can be found in US-CERT Technical Alert TA12-227A. This product is provided subject to this Notification and this Privacy & Use policy.

The Gateway NV50A16u LX.WSH02.013 Notebook PC offers you serious style and serious performance.

The Jamo S426HCS3 5pcs Home Theater Speaker System is the newest addition to to Jamo’s constant commitment to value-for-money loudspeaker systems.

Clear, crisp moving pictures fill you living room as the Panasonic TC-P42S30 Viera Plasma TV uses 600Hz Sub-field Drive to move full-HD motion.

The Samsung HW-C700 Home Theater Receiver features 4 HDMI inputs, so you can connect your Blu-ray Disc player and three other HDMI devices.

With 840 Watts total power, the Samsung HWC900 A/V Home Theater Receiver delivers supreme 7.2 channel surround sound.

Sansa Clip+ MP3 Player is a tiny MP3 player that boasts an array of cool features, as well as distinctively big sound for its small size.