Microsoft has released security updates to address a vulnerability in Windows 7 x64 and Windows Server 2008 R2 x64 systems. Exploitation of this vulnerability may allow an attacker to take control of an affected system.
Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system.
NCCIC/US-CERT encourages users and administrators to review Apple security pages for the following products and apply the necessary updates:
The Apache Software Foundation has released a security update to address a vulnerability in Struts 2. A remote attacker could exploit this vulnerability to cause a denial-of-service condition.
NCCIC/US-CERT encourages users and administrators to review the Apache Security Bulletin and make the necessary update.
The Internet Crime Complaint Center (IC3) has released an alert on tech support fraud. Tech support fraud involves criminals claiming to provide technical support to fix problems that don't exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending emails to entice users to accept fraudulent tech support services. Users should not give control of their computers or mobile devices to any stranger offering to fix problems.
NCCIC/US-CERT encourages users and administrators to refer to the IC3 Alert and the NCCIC Tip on Avoiding Social Engineering and Phishing Attacks for more information. If you believe you are a victim of a tech support scam, file a complaint with the IC3 at www.ic3.gov.