The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Cisco Releases Security Advisory for IOS XR Software Border Gateway Protocol

Cisco has released a security advisory to address a vulnerability in the Cisco IOS XR Software Border Gateway Protocol feature. Exploitation of this vulnerability may result in the continuous resetting of BGP peering sessions, which may cause a denial-of-service condition for affected networks.

US-CERT encourages users and administrators to review Cisco security advisory cisco-sa-20100827-bgp and apply any necessary updates to help mitigate the risks.

RealNetworks Releases Update to Address Vulnerabilities in RealPlayer

RealNetworks, Inc. has released an update for RealPlayer to address multiple vulnerabilities. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review the RealNetworks, Inc. security advisory for these vulnerabilities and apply any necessary updates to help mitigate the risks.

Cisco Releases Advisories for Unified Communications Manager and Unified Presence

Cisco has released security advisories to address multiple vulnerabilities affecting Unified Communications Manager and Unified Presence.

These vulnerabilities affect the processing of Session Initiation Protocol (SIP) messages. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition, which could cause an interruption of voice services.

APWG Fax Back Phishing Education Program

In an effort to respond to a growing public threat by offline phishers that conduct various scams via fax, the Anti-phishing Working Group (APWG) has partnered with the Internal Revenue Service (IRS) to create the APWG Fax Back Phishing Education Program. This program is designed to provide telecommunications companies and Fax over Internet Protocol (FoIP) hosting firms with information that can be used to educate consumers about these types of scams.

Adobe Releases Security Bulletin for Shockwave Player

Adobe has released a security update to address multiple vulnerabilities affecting Shockwave Player 11.5.7.609 and earlier versions. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB10-20 and upgrade to Adobe Shockwave Player 11.5.8.612 to help mitigate the risks.

Apple Releases Security Update 2010-005

Apple has released security update 2010-005 to address multiple vulnerabilities affecting the ATS, CFNetwork, ClamAV, CoreGraphics, libsecurity, PHP, and Samba applications. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, cause a denial-of-service condition, or impersonate hosts within a domain.

US-CERT encourages users and administrators to review Apple article HT4312 and apply any necessary updates to help mitigate the risks.