Cyber Security Alerts & Advisories

A vulnerability has been discovered in Windows Shell, a component of Microsoft Windows Operating System, that could allow automatic file execution.

A Twitter user has demonstrated a persistent cross site scripting (XSS) vulnerability on Twitter he found on June 21st, 2010, using his own Twitter account...

You may be a champ at Mafia Wars and Farmville, but what do you know about the security risks of social media sites? Social media sites unfortunately pose many security risks for the unwary. Here is a guide to avoiding scams of all sorts...

Twitter users are being warned about a widespread phishing attack spreading across the system, designed to steal the usernames and passwords of unsuspecting members...

A vulnerability has been discovered in Microsoft Office which could allow an attacker to take complete control of an affected system. The vulnerability can be exploited by opening a specially crafted Office file received as an email attachment, or by visiting a web site that is hosting a specially crafted Office file...

Six new vulnerabilities have been discovered in Microsoft PowerPoint. These vulnerabilities can be exploited by opening a specially crafted PowerPoint presentation (.PPT or .PPS file) received as an email attachment, or by visiting a web site that is hosting a specially crafted PowerPoint file...

With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online attackers are targeting it with an unusually sophisticated attack, and indication of the length attackers are willing to go to in order to make their malware as hard to detect as possible, not only for the AV vendors, but also for victims...

Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available, currently scheduled for release by January 12, 2010...

The inadvertent exposure of a sensitive Transportation Security Administration (TSA) security manual serves as a sobering reminder to enterprises that often overlook pitfalls of electronic document redaction security.

The lapses often result from a very simple misunderstanding of how electronic redaction works. Obscuring portions of text in a word processor by placing black boxes over it, for instance, does nothing to redact it...

A vulnerability has been discovered in Microsoft's web browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. At this point in time, no patches are available for this vulnerability...

Three vulnerabilities have been discovered in the Microsoft .NET Framework, a widely used Microsoft software development platform, which could allow an attacker to take complete control of an affected system...

Critical vulnerabilities have been identified in various Adobe products for Windows, Macintosh and UNIX. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system...

Four vulnerabilities have been discovered in Microsoft's web browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. Exploitation may occur if a user visits a web page which is specifically crafted to take advantage of these vulnerabilities...

Two vulnerabilities have been discovered in the Windows Media Format Runtime that could allow a remote attacker to take complete control of a vulnerable system. The Windows Media Format Runtime provides information to applications, such as Windows Media Player...

A vulnerability has been discovered in the Server Message Block 2 (SMB2) protocol that could allow a remote attacker to take complete control of a vulnerable system. SMB2 is used to provide shared access to files, printers...

A remote buffer overflow vulnerability has been discovered in Microsoft Internet Information Services (IIS) when using the File Transfer Protocol (FTP) server component...

Apple has released iTunes version 9.0.1 for Mac OS X and Windows to fix various bugs and one critical security vulnerability when processing playlists...

A state has reported suspicious websites which may affect residents of multiple states. The websites in question appear to be functioning as an intermediary for State DMV transactions and are collecting State DMV registration renewal information such as credit card information, first and last names, addresses, and driver license numbers from visitors. The website may prompt the recipient to provide excessive personal information such as social security number, bank account number or driver license number which may not be required for these transactions.

The intentions of the sites in question are unclear. The legitimacy may be contingent upon State law. One state is reporting this website as "bogus". Some news articles are reporting another website as fraudulent. In at least one state, law enforcement has been notified and is investigating.

Commonwealth of Massachusetts residents are reminded that the safest way to access online RMV services is via the Mass.gov web portal.

Two vulnerabilities have been discovered in the Microsoft Windows Embedded OpenType Font Engine that could allow for remote code execution...

A new vulnerability has been discovered in the Mozilla Firefox web browser which could allow attackers to execute arbitrary code on affected systems...

A vulnerability has been discovered in the Microsoft Office Web Components Spreadsheet ActiveX control that could allow a remote attacker to take complete control of a vulnerable system...

A vulnerability has been discovered in Microsoft DirectX that could allow a remote attacker to take complete control of a vulnerable system...

A vulnerability has been discovered in Microsoft Video ActiveX control that could allow a remote attacker to take complete control of a vulnerable system...

Oracle has released its Critical Patch Update for July 2009 to address 30 vulnerabilities across several products...