The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
Microsoft has released Security Advisory 979352 to alert users of a vulnerability in Microsoft Internet Explorer. The advisory indicates that exploitation of this vulnerability may allow an attacker to execute arbitrary code. Microsoft also indicates that it is aware of public, active exploitation of this vulnerability.
US-CERT would like to warn users of potential email scams and search engine poisoning campaigns that may circulate regarding the Haitian Earthquake disaster. The scam emails may contain links or attachments which may direct users to phishing or malware-laden websites. Fraudulent search engine results may return similar malicious web links to phishing and malware websites.
US-CERT encourages users to take the following measures to protect themselves:
US-CERT is aware of reports of tax season phishing scams. The U.S. Internal Revenue Service has issued a news release on its website warning consumers about potential scams. These scams are circulating via fraudulent email or other online messages appearing to come from the IRS. They attempt to convince consumers to reveal personal and financial information that can be used to gain access to bank accounts, credit cards, and other financial institutions.
Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
Oracle has released its Critical Patch Update for January 2010 to address 24 vulnerabilities across several products. This update contains the following security fixes:
Microsoft has released an update to address a vulnerability in Microsoft Windows in its Microsoft Security Bulletin Summary for January 2010. This vulnerability may allow an attacker to execute arbitrary code. An attacker may be able to exploit this vulnerability by convincing a user to view content rendered in a specially crafted Embedded OpenType (EOT) font in an application that can render EOT fonts.