US-CERT Current Activity
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, and Thunderbird, some of which may allow attackers to execute arbitrary code.
The following updates are available:
The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has released a report on its “Improving Defenses Against Targeted Attack" (iDATA) cyber research program. The report contains descriptions and outcomes from a number of projects aimed at addressing threats posed by nation states and state-sponsored actors. CPNI is the government authority for providing protective security advice to businesses and organizations across the UK’s national infrastructure.
Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation.
Users and administrators should apply software security updates as they become available.
Cisco has released an advisory to address a vulnerability in the web server used in multiple Wireless Residential Gateway products that could allow an unauthenticated, remote attacker to crash the web server and execute arbitrary code with elevated privileges.
Users and administrators are encouraged to review the Cisco Advisory and apply the necessary updates.
Oracle has released its Critical Patch Update for July 2014 to address 113 vulnerabilities across multiple products.
This update contains the following security fixes:
US-CERT encourages users and administrators to review the Oracle July 2014 Critical Patch Update and apply the necessary updates.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
Organizations and users are also advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.