Date: 02.03.12

Enabling security policies in routers, switches, firewalls, IPS, AAA authentication, etc within your network would ensure a layered security approach for superior fraud protection and provide complete security to consumers and businesses.

By default all syslog related traffic from devices to the syslog server is transmitted via UDP port 514. The first step is to change this to alternative custom port not in use.

Use of RFC3704 ensures that packets should be sourced from valid, allocated address space, consistent with the topology and space allocation. For this, there is a list of all unused or reserved IP addresses, you should never see coming in from the Internet. If it's there, it comes from a spoofed source IP and should be dropped.

  • Apple Security Update 2012-001 for OS X
  • Mozilla Fixes Critical Vulnerabilities with Firefox 10
  • Hackers exploit critical vulnerability in Windows Media Player
  • DMARC Anti-Phishing Standard to Protect Email Accounts
  • Cisco Security Appliances at risk from Telnet bug
Sparklines show the number of articles that referenced a given topic everyday over the last 12 weeks
SECURITY NEWS
Feb
03
CoSoSys goes on a channel recruitment drive in Australia
Security vendor, CoSoSys, is currently on the prowl for Australian resellers to promote its endpoint security products in the Australian market.
Feb
03
Microsoft team discovers malicious cookie-forwarding scheme
Microsoft researchers checking how easy it is to identify users by analyzing commonly collected Web-log data incidentally discovered a cookie-forwarding scheme that can be used to aid session hijacking.
Feb
03
Netop updates remote support and management solution
Netop unveiled the latest version of its remote support product, Netop Remote Control 11.
Feb
02
Symantec recants Android malware claims
Symantec has backtracked from assertions that 13 Android apps distributed by Google's Android Market were malicious.
Feb
02
Continuous monitoring of network infrastructures
Skybox Security announced Skybox Network Assurance 6.0, a solution for continuous monitoring of network infrastructures.
Feb
02
Apple issues security update for OS X
Apple has released a security update for its OS X Lion, Snow Leopard and Server platforms.
Feb
02
4 ways to prevent domain name hijacking
On the night of Monday, January 23, the hacktivist group UGNazi hijacked Coach.com, the Internet domain name of luxury goods manufacturer Coach.
Feb
02
HITBSecConf2012: New hackathon, CTF and high-profile keynotes
Hack In The Box Security Conference is back again in Amsterdam this year for the European leg of its annual circuit.
Feb
02
HTC Android phones can leak Wi-Fi passwords
A group of HTC Android phones is susceptible to an exploit that can steal Wi-Fi credentials and passwords and send them to attackers.
Feb
02
Multi-factor authentication for mobile users
DigitalPersona announced the newest version of DigitalPersona Pro Enterprise has support for a variety of new authentication credentials.
APPLICATION SECURITY
Feb
02
Critical PHP vulnerability being fixed
The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions. The cause of the problem is the security update to PHP 5.3.9, which was written to prevent denial of service (DoS) attacks using hash collisions.
Feb
01
Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey
Following the release of new versions of its open source Firefox web browser, Thunderbird email client and SeaMonkey suite, Mozilla has detailed the security fixes included in each of the updates. According to the project's Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as "Critical" by Mozilla.
Vulnerabilities
Feb
03
Apple Mac OS X MP4 File Remote Code Execution Vulnerability
Description:
Apple Mac OS X before 10.7.3 is prone to buffer overflow vulnerability. The issue occurs due to improper processing of a crafted MP4 file in QuickTime which does not prevent access to uninitialized memory locations. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (application crash).
Feb
03
Apple Mac OS X QuickTime 'rdrf' Atom Remote Code Execution Vulnerability
Description:
Apple Mac OS X before 10.7.3 is prone to buffer overflow vulnerability. The issue occurs due to improper processing of a crafted rdrf atom in a movie file in QuickTime. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (application crash).
Feb
03
Apple Mac OS X QuickTime PNG File Buffer Overflow Vulnerability
Description:
Apple Mac OS X before 10.7.3 is prone to buffer overflow vulnerability. The issue occurs due to improper processing of a crafted PNG file that triggers a buffer overflow in the PNG file. This could be exploited by remote attackers to execute arbitrary code or cause a denial of service (application crash).
Feb
03
Mozilla Products Ogg Vorbis Files Memory Corruption Vulnerability
Description:
A vulnerability has been discovered in Mozilla Firefox before 3.6.26 and 4.x to 9.0, Thunderbird before 3.1.18 and 5.0 to 9.0, and SeaMonkey before 2.7. The vulnerability is triggered due to a memory corruption error exists in application which does not properly initialize nsChildView data structures. This could be exploited by a remote attacker to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
Feb
03
Mozilla Products Multiple Unspecified Vulnerabilities
Description:
Multiple unspecified vulnerabilities has been discovered in Mozilla Firefox 4.x to 9.0, Thunderbird 5.0 to 9.0, and SeaMonkey before 2.7. The issue arises due to a memory corruption error exists in the browser engine when handling unspecified vectors. This could be exploited by a remote attacker to cause a denial of service (application crash) or possibly execute arbitrary code on a vulnerable system.
Feb
03
Mozilla Products Multiple Unspecified Vulnerabilities
Description:
Multiple unspecified vulnerabilities have been discovered in Mozilla Firefox before 3.6.26 and 4.x to 9.0, Thunderbird before 3.1.18 and 5.0 to 9.0, and SeaMonkey before 2.7. The issue arises due to a memory corruption error exists in the browser engine when handling unknown vectors. This could be exploited by a remote attacker to cause a denial of service (application crash) or possibly execute arbitrary code on a vulnerable system.
Feb
02
Mozilla Products XSLT Stylesheets Memory Corruption Vulnerability
Description:
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 are prone to memory corruption vulnerability. The issue occurs due to improper handling of a malformed XSLT stylesheet that is embedded in a document. This could be exploited by a remote attacker to cause a denial of service (application crash) or execute arbitrary code on the vulnerable system.
Jan
30
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerability
Description:
Remote code execution vulnerability has been discovered in IBM SPSS Dimensions, version 5.5 and SPSS Data Collection, versions 5.6, 6.0, and 6.0.1. The vulnerability is triggered due to an error exists in the ExportHTML ActiveX Control (ExportHTML.ocx) when handling the "Render()" method. This remotely exploitable vulnerability requires persuading victim into visiting a specially-crafted Web page and permit attackers to execute arbitrary code on a vulnerable system.
Jan
30
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerability
Description:
Remote code execution vulnerability has been discovered in IBM SPSS Dimensions, version 5.5 and SPSS Data Collection, versions 5.6, 6.0, and 6.0.1. The vulnerability is triggered due to an error exists in the mraboutb ActiveX Control (mraboutb.dll) when handling the "SetLicenseInfoEx()" method. This remotely exploitable vulnerability requires persuading victim into visiting a specially-crafted Web page and permit attackers to execute arbitrary code via a crafted HTML document.
Feb
03
Linux kernel 'thcping' Denial of Service Vulnerability
Description:
A vulnerability has been discovered in Linux kernel. The vulnerability is triggered due to an error exists when handling thcping. Exploitation of this vulnerability can be possible when using IPv6. This could permit a remote attacker to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent.
Viruses / Worms / Trojans
Feb
02
Trojan.Zeroaccess!gen8
Aliases:
Infects:Windows 2000,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Feb
02
Backdoor.Whalfrost!gen
Aliases:
Infects:Windows 2000,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Feb
01
W32.Pilleuz!gen30
Aliases:
Infects:Windows Vista,Windows XP
Feb
01
Trojan.Zatvex!gen4
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Feb
01
Backdoor.Whalfrost
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jan
30
PWS-Banker.dldr!h
Aliases:
Infects:Windows Me,Windows XP
Jan
30
W32/IRCbot.gen.br
Aliases:
Infects:Windows Me,Windows XP
Jan
29
Generic.mfr!bk
Aliases:
Infects:Windows Me,Windows XP
Jan
29
W32.Facedrest
Aliases:
Infects:Linux,Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jan
28
Trojan.Gatak!gen
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
THREAT INTEL
Exploit of the week
We at CERTStation Labs have selected an exploit for Microsoft Windows Media Player. Heap overflow vulnerability occurs due to improper parsing of specially crafted MIDI file in the Windows Multimedia Library (winmm.dll). Successful exploitation allows remote attackers to execute arbitrary code by using Windows Media Player's ActiveX control.
Security tool of the week
The security tool of the week selected by CERTStation Labs is Microsoft Security Compliance Manager 2 (SCM 2) . Microsoft Security Compliance Manager 2 (SCM 2) is a free tool to help achieve a secure, reliable, and centralized IT environment and access the latest security setting and configuration recommendations from Microsoft. To access the security guidance for Windows client and server operating systems and Microsoft applications, simply download the tool, import your product baselines of choice, and select the "Attachments \ Guides" node within each product baseline tree.
Website of the week
The website selected this week by CERTStation Labs is http://www.vulnerability-lab.com/ . Vulnerability-Lab belongs to a research team who can identify and detect their own vulnerabilities, security holes, and bad security practices in software and applications, bringing together information a single platform where vendors can be notified in a professional and timely manner. Vulnerability-Lab is committed to discovering vulnerabilities and collaborates with researchers for enhanced software and application security.
  • Last Week
  • Viruses1
  • Worms1
  • Trojans12
  • Vulnerabilities75
  • Total Records*
  • Viruses473
  • Worms1640
  • Trojans3058
  • Vulnerabilities21273