US-CERT Current Activity
Oracle has released its Critical Patch Update for April 2014 to address 104 vulnerabilities across multiple products. This update contains the following security fixes:
US-CERT encourages users and administrators to review the April 2014 Critical Patch Update and follow best practice security policies to determine which updates should be applied.
As the Easter holiday approaches, US-CERT reminds users to stay aware of holiday scams and cyber campaigns, which may include:
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
Adobe has released security updates to address multiple vulnerabilities in Adobe Flash Player and AIR. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.
The following updates are available:
Users and administrators are encouraged to review Adobe Security Bulletin APSB14-09 to determine which updates should be applied.
Microsoft has released updates to address vulnerabilities in Microsoft Office, Office Services, Web Apps, Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for April, 2014. These vulnerabilities could allow remote code executions.
US-CERT encourages users and administrators to review the bulletin and follow best practice security policies to determine which updates should be applied.
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension. This may allow an attacker to decrypt traffic or perform other attacks. OpenSSL version 1.0.1g resolves this vulnerability. The 1.0.0 and 0.9.8 branches are not vulnerable.
US-CERT recommends users and administrators review Vulnerability Note VU#720951 for additional information and mitigation details.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
Organizations and users are also advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.