US-CERT Current Activity
GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks.
Many Linux distributions and other software which use GnuTLS are affected.
Updates available include:
Users and administrators are encouraged to review the GnuTLS Security Advisory GNUTLS-SA-2014-2 and apply the necessary updates to help mitigate the risk.
Google has released Google Chrome 33.0.1750.146 for Windows, Mac, and Linux to address multiple vulnerabilities, some of which could allow a remote, unauthenticated attacker to compromise a vulnerable system.
US-CERT encourages users and administrators to review the Google Chrome Release blog entry and apply the update.
Apple has released QuickTime 7.7.5 for Windows operating systems to address multiple vulnerabilities, which may lead to an unexpected application termination or arbitrary code execution.
US-CERT encourages users and administrators to review Apple Support Article HT6151 and apply any necessary updates.
Apple has released OS X Mavericks v10.9.2 and Security Update 2014-001 to address multiple vulnerabilities for the following versions of OS X:
US-CERT encourages users and administrators to review Apple Support Article HT6150 and apply any necessary updates.
Apple has released security updates for Safari 6.1.2 and 7.0.2 for OS X to address multiple vulnerabilities in WebKit.
Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.
US-CERT encourages users and administrators to review Apple Support Article HT6145 and apply any necessary updates.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
Organizations and users are also advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.