Security Alert: Tax Season is Coming!

November 28, 2015 in Security Alert! by Web Master  |  Comments Off on Security Alert: Tax Season is Coming!

IRS Releases First in a Series of Tax Security Tips

Original release date: November 27, 2015

The Internal Revenue Service (IRS) has released the first in a series of tips intended to increase public awareness of how to protect personal and financial data online and at home. A new tip will be available each Monday through the start of the tax season in January, and will continue through the April tax deadline.

The first tip focuses on seven simple steps to secure your computer when conducting business online. US-CERT encourages users and administrators to review IRS Security Awareness Tax Tip Number 1 for additional information.

Security Alert: Dell Consumer Computers

November 28, 2015 in Security Alert! by Web Master  |  Comments Off on Security Alert: Dell Consumer Computers

Dell Computers Contain a CA Root Certificate Vulnerability

Original release date: November 24, 2015 REVISED November 27, 2015

Dell personal computers using the preinstalled certificate authority (CA) root certificate (eDellRoot) contain a critical vulnerability. Exploitation of the vulnerability could allow a remote attacker to read encrypted web browser traffic (HTTPS), impersonate (spoof) any website, or perform other attacks on the affected system.

The eDellRoot certificate originated from an update to the Dell Foundation Services (DFS) application on August 18, 2015. As of November 23, that update is no longer being provided. The certificate was also preinstalled on some systems November 20–23, 2015. Dell is pushing a DFS software update to remove the vulnerable certificate from affected systems.

US-CERT encourages users and administrators to review Vulnerability Note VU#870761 and Dell’s blog post for more information and guidance on removing the certificate.

 

From US-CERT

A copy of this publication is available at www.us-cert.gov. If you need help or have questions, please send an email to info@us-cert.gov. This alert was generated from a notification-only address that is not monitored.

  • System News