US-CERT Current Activity
Adobe has released security updates to address a vulnerability in Flash Player which could potentially allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB14-26 and apply the necessary updates.
Docker has released a critical security advisory to address vulnerabilities in Docker versions prior to version 1.3.2, one of which could allow an attacker to escalate privileges and execute remote code on an affected system.
US-CERT encourages users and administrators to review Docker's Security Advisory and apply the necessary updates.
US-CERT reminds users to remain vigilant when browsing online this holiday season. E-cards from unknown senders may contain malicious links. Fake advertisements or shipping notifications may deliver infected attachments. Spoofed e-mail messages and fraudulent posts on social networking sites may request support for phony causes.
To avoid seasonal campaigns that could result in security breaches, identity theft, or financial loss, US-CERT encourages users to take the following action:
If you believe you are a victim of a Holiday Phishing scam or Malware campaign, consider the following actions:
WordPress 4.0.1 has been released to address multiple vulnerabilities, one of which could allow a site to be compromised by a remote attacker. WordPress 3.9.2 and earlier are affected by this vulnerability.
US-CERT recommends users and administrators review the WordPress Maintenance and Security Release and apply the necessary updates.
Drupal has released an advisory to address multiple vulnerabilities in Drupal core 6.x versions prior to 6.34 and Drupal core 7.x versions prior to 7.34, one of which could allow a remote attacker to cause a denial of service.
US-CERT encourages users and administrators to review Drupal's Security Advisory and apply the necessary updates.
SFA CyberSecurity Newletters -
Welcome to the official IT Security Website of Stephen F. Austin State University. This site tries to aggregate IT security information from a variety of sources. We hope you find everything you are looking for, but if not, contact us at ITSECURITY@SFASU.EDU.
We welcome your comments.
The Internet Crime Complaint Center (IC3)
The IC3 was established as a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to serve as a means to receive Internet related criminal complaints and to further research, develop, and refer the criminal complaints to federal, state, local, or international law enforcement and/or regulatory agencies for any investigation they deem to be appropriate. The IC3 was intended, and continues to emphasize, serving the broader law enforcement community to include federal, as well as state, local, and international agencies, which are combating Internet crime and, in many cases, participating in Cyber Crime Task Forces.
TEEX/NERRTC Cybersecurity Awareness Training
The DHS-FEMA Cyber Security Courses are developed to assist communities in improving their cyber security to introduce cyber security issues to cities and communities across the nation. The online courses are designed to ensure that the privacy, reliability, and integrity of the information systems that power our global economy remain intact and secure.
Organizations and users are also advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.