Business Information Technologies, LLC

Mozilla Releases Firefox 10 and 3.6.26

admin — Wed, 01 Feb 2012 14:50:28 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: February 1, 2012 10:15:03 EST

Mozilla Releases Firefox 10 and 3.6.26

added February 1, 2012 at 09:50 am

The Mozilla Foundation has released Firefox 10 and Firefox 3.6.26 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisories for Firefox 10 and Firefox 3.6.26 and apply any necessary updates to help mitigate the risk.

Denial-of-Service Malware Campaign

added January 24, 2012 at 05:35 pm

US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector.

Denial-of-Service Malware Campaign

admin — Tue, 24 Jan 2012 22:35:42 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: January 24, 2012 17:50:04 EST

Denial-of-Service Malware Campaign

added January 24, 2012 at 05:35 pm

US-CERT is aware of public reports of ongoing distributed denial-of-service attacks against entities in the government and private sector. According to the reports, these attacks are being attributed to the hacker group Anonymous.

US-CERT encourages users and administrators to do the following to reduce the risk associated with this and other malware campaigns:

Do not open attachments in email messages from unknown sources.
Install anti-virus software and keep virus signatures files up to date.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
Refer to
Read more at: http://www.us-cert.gov/current/index.html#anonymous_activities

Google Releases Chrome 16.0.912.77

admin — Tue, 24 Jan 2012 18:03:34 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: January 24, 2012 17:50:04 EST

Denial-of-Service Malware Campaign

added January 24, 2012 at 05:35 pm

US-CERT encourages users and administrators to do the following to reduce the risk associated with this and other malware campaigns:

Do not open attachments in email messages from unknown sources.
Install anti-virus software and keep virus signatures files up to date.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for information on social engineering attacks.
Refer to
Read more at: http://www.us-cert.gov/current/index.html#google_releases_chrome_16_02

Symantec pcAnywhere Hotfix

admin — Tue, 24 Jan 2012 16:30:37 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: January 24, 2012 12:10:43 EST

Symantec pcAnywhere Hotfix

added January 24, 2012 at 11:30 am

Symantec has released an update for pcAnywhere to address multiple vulnerabilities for the following software versions running on Windows:

pcAnywhere 12.5 SP3
pcAnywhere Solutions 7.1 GA, SP 1, and SP 2

US-CERT encourages users and administrators to review the Symantec pcAnywhere hot fix and apply any necessary updates to help mitigate the risk.

US-CERT will provide additional information as it becomes available.

Best Practices for Recovery from the Malicious Erasure of Files

added January 19, 2012 at 04:12 pm | updated January 20, 2012 at 09:49 am

There are many ways in which cyber criminals can damage computer systems and data, including changing or

Best Practices for Recovery from the Malicious Erasure of Files

admin — Thu, 19 Jan 2012 21:12:18 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: January 19, 2012 16:13:02 EST

Best Practices for Recovery from the Malicious Erasure of Files

added January 19, 2012 at 04:12 pm

Cyber criminals can damage their victim’s computer systems and data by changing or deleting files, wiping hard drives, or erasing backups to hide some or all of their malicious activity and tradecraft. By wiping, or “zeroing out,” the hard disk drives, which overwrites good data with zeroes or other characters, the criminals effectively erase or alter all existing data, greatly impeding restoration. This sort of criminal activity makes it difficult to determine whether criminals merely accessed the network, stole information, or altered network access and configurations files. Completing network restoration efforts and business damage assessments may be also hampered.

The FBI and

Oracle Releases Critical Patch Update for January 2012

admin — Wed, 18 Jan 2012 15:58:17 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: January 18, 2012 10:59:13 EST

Oracle Releases Critical Patch Update for January 2012

added January 18, 2012 at 10:58 am

Oracle has released its Critical Patch Update for January 2012 to address 78 vulnerabilities across multiple products. This update contains the following security fixes:

2 for Oracle Database Server
1 for Oracle Fusion Middleware
3 for Oracle E-Business Suite
1 for Oracle Supply Chain Products Suite
6 for Oracle PeopleSoft Products
8 for Oracle JD Edwards Products
17 for Oracle Sun Products Suite
3 for Oracle Virtualization
27 for Oracle MySQL

US-CERT encourages users and administrators to review the January 2012 Critical Patch Update and apply any necessary updates to help mitigate the risks.

Additional information regarding CVE-2012-0110 can be found in US-CERT Vulnerability Note VU#738961.

Last reviewed: January 10, 2012 16:50:28 EST

Adobe Releases Security Advisory for Adobe Reader and Acrobat

added January 10, 2012 at 04:40 pm

Adobe has released a Security Advisory for Adobe Reader and Acrobat to address multiple vulnerabilities affecting the following software versions:

Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.7 and earlier 9.x versions for Windows
Adobe Reader 9.4.6 and earlier 9.x versions for Macintosh
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.7 and earlier 9.x versions for Windows
Acrobat 9.4.6 and earlier 9.x versions for Macintosh

Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected system.

US-CERT encourages users and administrators to review Adobe security advisory APSB12-01

Google Releases Chrome 16.0.912.75

admin — Fri, 06 Jan 2012 14:26:20 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: January 6, 2012 09:29:42 EST

Google Releases Chrome 16.0.912.75

added January 6, 2012 at 09:26 am

Google has released Chrome 16.0.912.75 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 16.0.912.75.

Microsoft Releases Advance Notification for January Security Bulletin

added January 5, 2012 at 01:24 pm

Microsoft has issued a Security Bulletin Advance Notification indicating that its January release will contain seven bulletins. These bulletins will have the severity rating of critical and important and will be for Microsoft Windows and Microsoft Developer Tools and Software. Release of these bulletins is scheduled

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

admin — Wed, 28 Dec 2011 18:04:01 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: December 28, 2011 13:23:30 EST

Multiple Programming Language Implementations Vulnerable to Hash Table Collision Attacks

added December 28, 2011 at 01:04 pm

US-CERT is aware of reports stating that multiple programming language implementations, including web platforms, are vulnerable to hash table collision attacks. This vulnerability could be used by an attacker to launch a denial-of-service attack against websites using affected products.

The Ruby Security Team has updated Ruby 1.8.7. The Ruby 1.9 series is not affected by this attack. Additional information can be found in the ruby 1.8.7 patchlevel 357 release notes.

Microsoft has released a security advisory for ASP.NET containing a workaround. Additional information can be found in Microsoft Security Advisory 2659883.

More information regarding this vulnerability can be found in US-CERT Vulnerability Note VU#903934 and

Mozilla Releases Firefox 9 and 3.6.25

admin — Wed, 21 Dec 2011 15:56:48 +0000

The US-CERT Current Activity web page is a regularly updated summary
of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: December 21, 2011 11:40:14 EST

Mozilla Releases Firefox 9 and 3.6.25

added December 21, 2011 at 10:56 am

The Mozilla Foundation has released Firefox 9 and Firefox 3.6.25 to
address multiple vulnerabilities. These vulnerabilities may allow an
attacker to execute arbitrary code, cause a denial-of-service condition,
or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Security Advisories for Firefox 9 and Firefox 3.6.25 and apply any necessary updates to help mitigate the risk.

USAA Phishing Scam and Malware Campaign

added December 20, 2011 at 01:14 pm

US-CERT is aware of public reports of an active spear-phishing attack via email messages directed at United Services Automobile Association (USAA) members.