US-CERT Current Activity
Google has released Chrome version 43.0.2357.65 for Windows, Mac, and Linux to address multiple vulnerabilities. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system.
US-CERT encourages users and administrators to review the Google Chrome blog entry and apply the necessary updates.
Cisco has released two security advisories to address multiple vulnerabilities in TelePresence products. Successful exploitation could allow an attacker to bypass system authentication, execute arbitrary code with elevated privileges, or cause a denial-of-service condition.
The Mozilla Foundation has released security updates to address vulnerabilities in Firefox, Firefox ESR, and Thunderbird. Exploitation of one of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition or steal sensitive information.
Available updates include:
Adobe has released security updates to address multiple vulnerabilities in Flash Player, Reader, and Acrobat. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.
Microsoft has released 13 updates to address vulnerabilities in Microsoft Windows. Some of these vulnerabilities could allow elevation of privilege, denial of service, remote code execution, information disclosure, or security feature bypass.
US-CERT encourages users and administrators to review Microsoft Security Bulletins MS15-043 - MS15-055 and apply the necessary updates.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
On May 20, 2015, the Cyber Alert Threat Level was evaluated and is remaining at Blue (Guarded) due to vulnerabilities in Mozilla, Google, and TLS. On May 13, we issued one advisory for Mozilla Firefox and Thunderbird, which could lead to remote code execution. On May 20th we issued an advisory for vulnerabilities in Google Chrome which could allow for remote code execution. We also issued a Cyber alert on May 20th for a vulnerability in the way TLS handles Diffie-Hellman key exchanges. This issue could allow for an attacker to downgrade the RSA key used so they can attempt to break the cipher and perform a man-in-the-middle attack. This attack has been nicknamed â??Logjamâ?? and is similar to the FREAK vulnerability that was reported this past March. This level indicates a moderate threat for hacking, malware, or other malicious activity. Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.