US-CERT Current Activity
Cisco has released its semiannual Cisco IOS Software Security Advisory Bundled Publication. This publication includes seven Security Advisories that address vulnerabilities in Cisco IOS Software. Exploits of these vulnerabilities could result in a denial of service (DoS) condition, interface queue wedge, or exchange memory leak.
US-CERT encourages users and administrators to review the following Cisco Security Advisory and apply the necessary updates.
A vulnerability in Google's Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge. Devices running Android version 4.4 or later are not vulnerable.
US-CERT advises users to ensure their devices are running an up-to-date version of Android and to use caution when installing software from third-party app stores.
Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review Apple Security Update 2015-003 and apply the necessary updates.
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and SeaMonkey. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.
Available updates include:
Drupal has released updates to address multiple vulnerabilities, one of which could allow a remote attacker to gain access to a system account.
Available updates include:
US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
On March 24, 2015, the Cyber Alert Threat Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Mozilla, Adobe, OpenSSL, Drupal, and Apple products. On March 19, we issued two advisories. One for vulnerabilities in OpenSSL that could lead to denial of service conditions and one in Drupal CMS which could allow for security bypass of access controls. On March 20, we issued an update to our Adobe Flash Player advisory that had originally been released on March 12, 2015 because an exploit for this vulnerability was added to the Nuclear Exploit Kit. Additionally, we issued two advisories on March 23. One for vulnerabilities in Mozilla products which could allow for remote code execution and one update to our Apple Mac OS X advisory from March 10th, 2015. The updated Apple advisory was issued because two vulnerabilities that were supposed to be addressed by the patch were not fixed. Finally, we are currently tracking all of the vulnerabilities that were released for internet browsers at the Pwn2Own competition this past week. As more information becomes available, we will issue advisories as necessary. At this level, malicious activity has been identified with minor impact. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.