Cybercrooks use popular stories in the news to deceive people into giving up confidential information.
The dreaded disease Ebola that is spreading rapidly throughout West Africa made landfall in the US recently, and since then many news agencies have sensationalized the “outbreak†with constant coverage. Panic has grown as politicians raise the public’s fears and medical experts are confusing people with contradictory information. These things all combine to create the perfect atmosphere for scammers.
It’s quite common for cybercrooks to use social engineering techniques to fool people during a big news event, and we have seen an increase in phishing attempts. The United States Computer Emergency Readiness Team (US-CERT) issued an alert today to remind users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme.
“Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system, “ says the advisory.
Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:
Do not follow unsolicited web links or attachments in email messages.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
Red Hat Security Advisory 2014-1658-01 – Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
Debian Linux Security Advisory 3052-1 – Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
Red Hat Security Advisory 2014-1652-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
Red Hat Security Advisory 2014-1653-01 – OpenSSL is a toolkit that implements the Secure Sockets Layer, Transport Layer Security, and Datagram Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
Ubuntu Security Notice 2385-1 – It was discovered that OpenSSL incorrectly handled memory when parsing DTLS SRTP extension data. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that OpenSSL incorrectly handled memory when verifying the integrity of a session ticket. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, resulting in a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2014-1655-01 – The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted for this update to take effect.
Red Hat Security Advisory 2014-1654-01 – The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon.
Red Hat Security Advisory 2014-1657-01 – Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section.
