US-CERT Current Activity
Apple has released OS X bash Update 1.0 to address vulnerabilities found in the Bourne-again Shell (bash) which could allow a remote attacker to execute arbitrary shell commands.
US-CERT is aware of a Bash vulnerability affecting Unix-based operating systems such as Linux and Mac OS X. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code on an affected system.
US-CERT recommends users and administrators review TA14-268A, Vulnerability Note VU#252743 and the Redhat Security Blog for additional details and to refer to their respective Linux or Unix-based OS vendor(s) for an appropriate patch. A GNU Bash patch is also available for experienced users and administrators to implement.
A vulnerability in the Mozilla NSS library could allow an attacker to forge an RSA signature, such as an SSL certificate. The package is often included in 3rd party software, including Linux distributions, Google Chrome, and others. It is possible that other cryptographic libraries may be similarly affected.
US-CERT recommends users and administrators review Vulnerability Note VU#772676, Mozilla Foundation Security Advisory 2014-73, and Google Stable Channel Update Blog for additional information and mitigation details.
Apple released security updates for iOS devices, Apple TV, and Xcode to address multiple vulnerabilities, some of which could allow attackers to execute code with system privileges or cause an unexpected application termination.
Updates available include:
Adobe has released security updates for Adobe Reader and Acrobat for Windows and Macintosh. Exploitation of these vulnerabilities could potentially allow an attacker to take control of the affected system.
US-CERT encourages users and administrators to review Adobe Security Bulletin APSB14-20 and apply the necessary updates.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
Organizations and users are also advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.