http://www.fbi.gov/scams-safety/e-scams?utm_campaign=email-Immediate&utm...

"05/08/12—Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while they are establishing an Internet connection in their hotel rooms.

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

Various issues in multiple VMware products could allow for DoS or arbitrary code execution on the host from within a VM, or remotely from the network.

It is recommended to update to the latest patches. Please see the link above for more detail as this issue affects a wide range of products and versions.

Thanks,
Brian

http://drupal.org/node/1557938

Drupal core 7.13 was updated to correct several security issues including:

http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2

"We're releasing both Gallery 3.0.3 and Gallery 2.3.2 as security releases. Several researchers, working independently, discovered possible encryption-related vulnerabilities. Low-risk XSS vulnerabilities limited to the administration area were also reported."

It is recommended that gallery users upgrade to the latest version.

Thanks,
ep

http://puppetlabs.com/security/cve/cve-2012-1906

"A bug in Puppet uses a predictable filename in /tmp.
When installing Mac OS X packages from a remote source, Puppet uses a predictable filename in /tmp to store the package. Using a symlink at that filename, it is possible to either overwrite arbitrary files on the system or to install an arbitrary package. (Note that OS X package installers can also execute arbitrary code.)"

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml

F-Secure has released the steps needed to determine if you Mac OSX has been infiltrated by the Flashback Trojan.

http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php

"The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks."

This is a non-critical update, but it may be a good time to review what version of phpMyAdmin you are running and consider upgrading to 3.4.10.2 for other security vulnerabilities that have been patched along the way.

Thanks,
Brian

http://www.packetfence.org/news/2012/article/packetfence-320-released.html

http://www.h-online.com/security/news/item/PacketFence-3-2-0-brings-new-...

"Reflected Cross-site scripting (XSS) in Web Admin printing system (#1362)" vulnerability was fixed in this release.

Various other non-security improvements are part of this release.

http://blog.intego.com/new-flashback-trojan-horse-variant-uses-novel-del...

By using vulnerable version of Java on MacOS, the flashback Trojan installs itself without user intervention. "There is no more installer, no request for a password."

There is a patch for the Macintosh version of Java available.

We continue to suggest using anti-virus on MacOS X. Also, make sure to keep 3rd party applications up to date.

https://technet.microsoft.com/en-us/security/bulletin/ms12-020
http://www.techworld.com.au/article/418814/leaked_exploit_prompts_resear...

For anyone who hasn't already patched their vulnerable version of Remote Desktop (RDP), here are some very good reasons to do so.

Thanks,
ep