Apple Releases Security Updates

Original release date: December 14, 2016

Apple has released security updates to address vulnerabilities in iCloud for Windows, Safari, iTunes for Windows, and macOS Sierra. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Users and administrators are encouraged to review the Apple security pages for iCloud for Windows, Safari, iTunes for Windows, and macOS Sierra and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Yahoo admits it’s been hacked again, and 1 billion accounts were exposed

Someone had faster access to over a billion Yahoo accounts' data. (credit: Scott Schiller)

On December 14, Yahoo announced that after an investigation into data provided by law enforcement officials in November, the company and outside forensics experts have determined that there was in fact a previously undetected breach of data from over 1 billion user accounts. The breach took place in August 2013, and is apparently distinct from the previous mega-breach revealed this fall—one Yahoo claims was conducted by a "state-sponsored actor".

The information accessed from potentially exposed accounts "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers," Yahoo's chief information security officer Bob Lord reported in the statement issued by the company. "The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected."

It's not clear whether the data provided by law enforcement to Yahoo is connected to samples offered on an underground site this past August, particularly since Yahoo still remains unsure of how the user data was spirited out of its systems in the first place. But the breach news doesn't end there.

Read 4 remaining paragraphs | Comments

Joomla! Releases Security Update for CMS

Original release date: December 14, 2016

Joomla! has released version 3.6.5 of its Content Management System (CMS) software to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected website.

US-CERT encourages users and administrators to review the Joomla! Release News and US-CERT's Alert on Content Management Systems Security and Associated Risks and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Mozilla Releases Security Updates

Original release date: December 14, 2016

Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

  • Firefox 50.1
  • Firefox ESR 45.6

Users and administrators are encouraged to review the Mozilla Security Advisories for Firefox and Firefox ESR and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.