The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. (más…)

NOTABLE RECENT SECURITY ISSUES

SELECTED BY THE SOURCEFIRE VULNERABILITY RESEARCH TEAM (más…)

Original release date: August 19, 2013

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

• High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
• Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
• Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis. (más…)

Microsoft announced the first-ever major update to its Microsoft Active Protections Program (MAPP) this week, dramatically expanding the list of potential members and providing several new levels of service in the process. The information-sharing program has been instrumental to high-quality detection for security vendors for years, and incident responders are the primary beneficiaries of the expansion. (más…)