University of Southern California

Category Archives: Security Updates

← Older posts

Recent Security Updates

Posted on by mbordas

Microsoft: This week, Microsoft released a critical security update to address a zero-day vulnerability in Windows that could allow a malicious user to take over an exploited computer. This update comes a week after the company released its July 2015 Security … Continue reading

Posted in Security Updates |

Security Update for Adobe Flash Player

Posted on by mbordas

Adobe has released a security update for Flash Player. This update addresses a recently disclosed zero-day vulnerability that could result in system crashes and remote code execution. To update to the newest version of Flash Player, visit the Adobe downloads site at get.adobe.com/flashplayer. For more information about this vulnerability, see … Continue reading

Posted in Security Updates |

Kerberos KDC Flaw Requires Microsoft Out-of-Band Patch

Posted on by mbordas

BACKGROUND Hackers have bypassed Microsoft’s previous security patch to address the Object Linking and Embedding (OLE) remote code execution flaw resulting in the company issuing an out-of-band patch this week. IMPACT The vulnerability could allow remote elevation of privilege in … Continue reading

Posted in Patch Tuesday, Security Updates |

Sandworm Vulnerability Requires Another Fix from Microsoft

Posted on by mbordas

BACKGROUND Hackers have bypassed Microsoft’s security patch to address the Sandworm vulnerability in Windows resulting in the company issuing another advisory and warning users of the new threat. IMPACT The vulnerability could allow remote code execution if a user opens … Continue reading

Posted in Malware, Security Updates | Tagged , ,

Adobe Flash Vulnerability Currently Being Exploited

Posted on by mbordas

BACKGROUND There is a vulnerability in Adobe Flash that is being exploited in large scale attacks. The vulnerability is being tracked as CVE-2014-0569 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0558) on the Common Vulnerabilities and Exposures (CVE) database. The exploit includes memory corruption vulnerabilities and an integer overflow vulnerability that … Continue reading

Posted in Malware, Security Updates | Tagged , , ,

Bash Vulnerability Update

Posted on by mbordas

Please note the following updates to the September 25 post regarding the Bash / Shellshock vulnerability.

Posted in Security Breach, Security Updates | Tagged , , , ,

More OpenSSL Vulnerabilities Reported

Posted on by mbordas

Security researchers have recently identified several vulnerabilities in the OpenSSL encryption library in addition to the widely publicized Heartbleed bug (see https://it-security.usc.edu/2014/04/09/openssl-heartbleed-bug​ for more information about Heartbleed). System Administrators within USC’s IT units should complete the action items (fixes) summarized … Continue reading

Posted in Security Updates | Tagged , , ,

TrueCrypt is insecure

Posted on by Robert

The anonymous developers of TrueCrypt warned yesterday “Using TrueCrypt is not secure” and that “the development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP.” They recommend using BitLocker on Windows and provide directions to migrate from TrueCrypt … Continue reading

Posted in Encryption, Security Updates | Tagged ,

Zero-Day Vulnerability in Internet Explorer

Posted on by mbordas

Microsoft has issued a security advisory about a recently discovered zero-day vulnerability in Internet Explorer versions 6 – 11. The vulnerability could allow an attacker to install malware on a system without the user’s knowledge or consent if the user … Continue reading

Posted in Malware, Security Updates |

Heartbleed – vendor updates 2014-04-17 10:56

Posted on by Robert

Below is a partial list of vendors that have released updates to address the Heartbleed vulnerability.
This list will be updated as more information becomes available. Continue reading

Posted in Security Updates | Tagged

← Older posts