Date: 07.23.10

Giving up information in an email or an instant messaging client could be harmful if your connection is not securely being transmitted to the other end. Using digital certificates can encrypt a connection and make it difficult to figure out the actual conversation.

Domain owners who have shared their domain contact persons should have their domain name locked with the current registrar. The contact details of the administrator for your domain name can be used to setup a transfer request and successfully accept the domain transfer request from the new registrar.

It is best to run a vulnerability scan on your system and network to test the patch management if there are any un-patched applications or hardware rather than updating them one by one.

  • Adobe plans to use sandbox to protect Acrobat Reader users from hackers
  • Toy Story 3 gets enough popularity for scammers to fake websites and software
  • Security Researcher found a flaw which could expose millions of home routers
  • Microsoft confirms Windows shortcut zero-day flaw
  • Mozilla offers $3,000 for their bug reports
Sparklines show the number of articles that referenced a given topic everyday over the last 12 weeks
SECURITY NEWS
Jul
22
Microsoft: No money for bugs
Microsoft will not follow the lead of Mozilla and Google in paying researchers for reporting vulnerabilities, a company executive said today.
Jul
22
Shortened URL spam shows big rise
The tendency of spammers to use shortened URLs to evade detection has gone from last year's clever exploit to this year's mainstream tactic, MessageLabs has reported.
Jul
22
Cisco's Content Delivery System discloses files
Internet Streamer, a component of Cisco's Content Delivery System that handles the sharing of videos on the internet, discloses arbitrary files outside of the shared web folder to attackers.
Jul
22
Defcon hackers challenged to social engineering contest
A capture-the-flag-style competition slated to take place at Defcon later this month has raised eyebrows at a number of companies who are concerned they will be embarrassed or negatively impacted in some way.
Jul
22
Corporate ID theft hits Georgia businesses
Just days after Colorado officials warned businesses about scammers who are forging corporate identities to commit financial fraud, an official in Georgia said the same has been happening in that state as well.
Jul
22
Mariposa botnet suspects quizzed in Slovenia
Slovenian police have arrested four suspects over allegations that they developed the Mariposa botnet malware.
Jul
22
Dell revamps hardware testing in wake of malware issue
A sequence of errors led to Dell's delivery of motherboards with malware and the company is in the process of overhauling its testing process to resolve issues before dispatching hardware to customers, it said on Thursday.
Jul
22
GSM-cracking software may help hackers spy on mobile phone calls
The Global System for Mobile Communications technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference, and what the security researchers there have to say isn't pretty.
Jul
22
4chan flings faeces at Gawker
An attack by hackers at 4chan on Gawker left the news blog intermittently unavailable on Wednesday.
Jul
22
Siemens: Removing SCADA worm may harm industrial systems
Removing a dangerous worm that targets industrial systems could disrupt plant operations, Siemens Industry warned customers Thursday.
APPLICATION SECURITY
Jul
21
Critical Security Update Available for Firefox
Mozilla has released Firefox 3.6.7, an update which addresses several security and stability issues. In total, eight critical, two high and four moderate security advisories were issued along with the new version of the popular browser. According to Mozilla's severity rating system, vulnerabilities marked as critical allow attackers to execute arbitrary code remotely in a manner that is transparent to users.
July
21
Thunderbird Security Updates Address Critical
Mozilla released updates to its popular Thunderbird email client in order to address multiple security and stability issues. The new Thunderbird 3.1.1 and 3.0.6 contain fixes for critical bugs that can be exploited to execute arbitrary code on targeted systems. There are a total of ten security advisories associated with these Thunderbird updates, but some of them are related to issues only affecting the 3.1.x branch.
Vulnerabilities
Jul
22
Microsoft Windows Shell Shortcut Parsing Remote Code Execution Vulnerability
Description:
A vulnerability has been discovered in Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7. The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed in Windows Explorer. Exploitation of this vulnerability can be possible via locally through a malicious USB drive, or remotely via network shares and WebDAV or via documents supporting embedded shortcuts. This could permit a local user or remote attacker to execute arbitrary code via a crafted ".LNK" or ".PIF" shortcut file, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems
Jul
16
Oracle E-Business Suite Knowledge Management Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Oracle Knowledge Management component for Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2 has an impact on the integrity with remote attack vectors. This entry will be updated when more information is available.
Jul
16
Oracle Times Ten In-Memory Database Data Server Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Data Server component for Oracle Times Ten In-Memory Database version 7.0.6.0 and 11.2.1.4.1 has an impact on the availability with remote attack vectors. This entry will be updated when more information is available.
Jul
16
Oracle Times Ten In-Memory Database Data Server Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Data Server component for Oracle Times Ten In-Memory Database version 7.0.6.0 has an impact on the confidentiality, integrity and availability with remote attack vectors. This entry will be updated when more information is available.
Jul
16
Oracle Secure Backup Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Oracle Secure Backup component for Oracle Secure Backup version 10.3.0.1 has unknown impact on the Confidentiality, integrity, and availability with remote attack vectors. This entry will be updated when more information is available. Note: A different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906.
Jul
16
Oracle Secure Backup Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Oracle Secure Backup component for Oracle Secure Backup version 10.3.0.1 has unknown impact on the Confidentiality, integrity, and availability with remote authenticated attack vectors. Successful exploitation requires "Valid Session" Package/Privileges. This entry will be updated when more information is available.
Jul
16
Oracle Secure Backup Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Oracle Secure Backup component for Oracle Secure Backup version 10.3.0.1 has unknown impact on the integrity with remote attack vectors. This entry will be updated when more information is available.
Jul
16
Oracle Secure Backup Component Unspecified Vulnerability
Description:
Unspecified vulnerability in the Oracle Secure Backup component for Oracle Secure Backup version 10.3.0.1 has unknown impact on the Confidentiality, integrity and availability with remote authenticated attack vectors. Successful exploitation requires "Valid Session" Package/Privileges. This entry will be updated when more information is available. Note: A different vulnerability than CVE-2010-0898, CVE-2010-0907, and CVE-2010-0906.
Jul
23
Zeus Cart 'index.php' SQL Injection Vulnerability
Description:
SQL injection vulnerability has been discovered in Zeus Cart, versions 2.3 and previous. The vulnerability is triggered due to an input validation error in 'index.php' script when processing the "maincatid" parameter in a "showmaincatlanding" action. This could be exploited by a remote attacker to manipulate SQL queries by injecting arbitrary SQL code on a vulnerable system.
Jul
23
Joomla! JVideo! Component 'user_id' Parameter SQL Injection Vulnerability
Description:
SQL injection vulnerability has been discovered in JVideo! (com_jvideo) component for Joomla!, versions 0.3.11c Beta and 0.3.x. The vulnerability is triggered due to an input validation error in "user_id" parameter in a user action used in 'index.php' script. This could be exploited by a remote attacker to execute arbitrary SQL commands on a vulnerable system.
Viruses / Worms / Trojans
Jul
21
Trojan.FakeAV!gen36
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jul
21
Trojan.Komplexad!gen
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jul
19
Bloodhound.Exploit.340
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jul
17
W32.Temphid!lnk
Aliases:LNK_STUXNET.A [Trend],Troj/Cplink-A [Sophos]
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jul
16
Packed.Negmuru
Aliases:
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
Jul
16
Packed.Generic.306
Aliases:Trojan.Sasfis [Symantec],VirusDoctor [Symantec],Viruses [Symantec],W32.Koobface [Symantec]
Infects:Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP
THREAT INTEL
Exploit of the week
We at CERTStation Labs have selected an exploit that has been released for Microsoft Windows Shortcut files vulnerability. To exploit this issue, an attacker must entice an unsuspecting user to view an icon of a maliciously crafted shortcut file. There are two worms which are active on a wild W32.Stuxnet and W32.Temphid. This exploit was a Proof of Concept exploit presented by a security company and later on a real exploit has been released which creates an icon resource pointing to a malicious DLL and creates a WebDAV service that can be used to run an arbitrary payload when accessed as UNC path.
Security tool of the week
The security tool of the week selected by CERTStation Labs is Microsoft Security Essentials. Microsoft Security Essentials (MSE) is free antivirus software created by Microsoft that provides protection against viruses, malware, spyware, adware, scareware, rogue security software, rootkits, keyloggers, dialers, worms and trojans for Windows XP, Windows Vista, and Windows 7. MSE replaces Windows Live OneCare, a commercial subscription-based antivirus service and the free Windows Defender, which only protected users from adware and spyware. It is geared for consumer use, unlike Microsoft's upcoming enterprise-oriented product Microsoft Forefront.
Website of the week
The website selected this week by CERTStation Labs is http://jeremiahgrossman.blogspot.com/2010/07/third-party-web-widget-security-faq.html . This week we have selected a post from a blog and its very informative for webmasters on widget security as you can see widgets everywhere now days.
  • Last Week
  • Viruses0
  • Worms1
  • Trojans5
  • Vulnerabilities74
  • Total Records*
  • Viruses423
  • Worms1577
  • Trojans2258
  • Vulnerabilities16492