Oracle Releases Security Bulletin
Oracle has released its Critical Patch Update for October 2016 to address 247 vulnerabilities across multiple products. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle October 2016 Critical Patch Update and apply the necessary updates.
Google Releases Security Update for Chrome
Google has released Chrome version 54.0.2840.59 to address multiple vulnerabilities for Windows, Mac, and Linux. Exploitation of some of these vulnerabilities may allow an attacker to take control of an VPN. Users and administrators are encouraged to review the Chrome Releases page and apply the necessary update.
Cisco Releases Security Updates
Cisco has released security updates to address vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of virtual private network. US-CERT encourages users and administrators to review the following Cisco Security Advisories and apply the necessary updates:
- Cisco Meeting Server Client Authentication Bypass Vulnerability [cisco-sa-20161012-msc]
- Cisco Wide Area Application Services Central Manager Denial of Service Vulnerability [cisco-sa-20161012-waas]
- Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability [cisco-sa-20161012-ucm]
- Cisco Prime Infrastructure and Evolved Programmable Network Manager Database Interface SQL Injection Vulnerability [cisco-sa-20161012-prime]
- Cisco Finesse Cross-Site Request Forgery Vulnerability [cisco-sa-20161012-fin]
- Cisco cBR-8 Converged Broadband Router vty Integrity Vulnerability [cisco-sa-20161012-cbr-8]
Microsoft Releases Security Updates
Microsoft has released 10 updates to address vulnerabilities in Microsoft software. Exploitation of some of these vulnerabilities could allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review Microsoft Security Bulletins MS16-118 through MS16-127 and apply the necessary updates.
Adobe Releases Security Updates
Adobe has released security updates to address vulnerabilities in Flash Player and the Creative Cloud Desktop Application. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to review Adobe Security Bulletins APSB16-32 and APSB16-34 and apply the necessary updates.
Potential Hurricane Matthew Phishing Scams
US-CERT warns users to remain vigilant for malicious cyber activity seeking to capitalize on interest in Hurricane Matthew. Users are advised to exercise caution in handling any email with subject line, attachments, or hyperlinks related to Hurricane Matthew, even if it appears to originate from a trusted source. Fraudulent emails will often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from deceptive charitable organizations commonly appear after major natural disasters.
US-CERT encourages users and administrators to use caution when encountering these types of email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns:
- Do not follow unsolicited web links in email messages.
- Use caution when opening email attachments. Refer to the Security Tip Using Caution with Email Attachments for more information on safely handling email attachments.
- Keep antivirus and other computer software up-to-date.
- Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
- Review the Federal Trade Commission information on Charity Scams.
- Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number. You can find trusted contact information for many charities on the BBB National Charity Report Index.