|
|
|
Malware disguised as a false security alert from Microsoft
|
|
Cisco fixes vulnerabilities in Unified MeetingPlace
|
|
Google finally starts to pay bounties for the bugs in Chrome
|
|
iPhone vulnerable to remote attack on SSL
|
|
Hundreds of organization are under an unexplained assault
|
|
|
|
 |
|
 |
|
| | Inside FarmVille's sinister underbelly | Sun, Feb 07 2010 | | You see it all the time on Facebook: A friend moving on up in FarmVille. Another friend trying to expand his posse in Mafia Wars. Everyone thinks of them as harmless third-party applications, free from the crooks and cooks of cyberspace. |
| | | P2P snoopers know what's in your wallet | Sun, Feb 07 2010 | | Being security researchers and all, Larry Pesce and Mick Douglas thought it would be a hoot to take a look at some of the information people send out over peer-to-peer (P2P) networks. They were taken aback by what they found. |
| | | | | Your iPhone's dirty little security secret | Sun, Feb 07 2010 | | We've heard much about how our PCs and laptops can be compromised through malware and insecure wireless access points and often comfort ourselves with the knowledge that our smart phones are safe from such things. |
| | | Dear Adobe: It's time for security rehab | Fri, Feb 05 2010 | | The stories about Adobe software keep coming, and the news hasn't been good. Critical bugs in Reader and Flash have come under real-world, zero-day attacks so many times in the past year that the exploits almost seem routine. |
| | | | | ZeuS tracker shrinks takedowns from days to minutes | Fri, Feb 05 2010 | | A site dedicated to tracking the infamous ZeuS botnet is celebrating its first birthday. In the twelve months since the ZeuS Tracker was born, on 2 February 2009, the site has tracked more then 2,800 malicious botnet command and control servers associated with ZeuS. |
| | | | | Oracle rushes out patch for gaping server hole | Fri, Feb 05 2010 | | Oracle has released an out-of-band patch to fix a gaping security hole in the Oracle WebLogic Node Manager and warned that an attacker could launch remote attacks over a network without the need for a username and password. |
| | |
|
|
|
 |
| |
56 additonal records not shown
|
|
 |
|
 |
|
| Exploit of the week |
|
We at CERTStation Labs have selected an exploit that has been released for Microsoft Internet Explorer. The exploit which we had selected acts as a web server that generates an exploit to target vulnerability (CVE-2010-0249) in Internet Explorer. Exploit is written in python and spawns the calculator when it's get executed. After given a port while running it will wait for incoming connection and when target host comes to the attacker site it will send exploit code to the browser and will execute a payload which is calculated here. Attackers can also exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions.
|
| |
| Security tool of the week |
|
The security tool of the week selected by CERTStation Labs is Ncrack. Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by pro-actively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behavior based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.
|
| |
| Website of the week |
| The website selected this week by CERTStation Labs is http://wepawet.iseclab.org
.
WEPAWET is a service for detecting and analyzing web-based malware. It currently handles Flash and JavaScript. WEPAWET runs various analyses on the URLs or files that you submit. At the end of the analysis phase, it tells you whether the resource is malicious or benign and provides you with information that helps you understand why it was classified in a way or the other.
|
 |
|
 |
|
|
|
Mozilla overlooked malware-laced Firefox add-ons
|
Fri, Feb 05, 2010 |
|
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.
|
|
|
|
Oracle Breaks Regular Patch Cycle Because of Zero-Day Bug
|
Sat, Feb 06, 2010 |
|
Oracle has released an out-of-band patch for a critical vulnerability in the WebLogic Node Manager utility. The company was forced to take this step after exploit code has been publicly released by a security research company without any notification in advance.
|
|
|
|
|
 |
|
 |
|
| | Geo++ GNCASTER HTTP Authentication Bypass Vulnerability | Mon, Feb 08 2010 | | Geo++ GNCASTER 1.4.0.7 and earlier are prone to authentication bypass vulnerability. The issue occurs as the server generates a nonce for HTTP Digest authentication and utilizes the same nonce for all other authentication until it is restarted. This could be exploited by remote attackers to hijack web sessions or bypass authentication via a replay attack. | | Severity |  |
|
| | | IRCD-hybrid and ircd-ratbox 'LINKS' Command Integer Underflow Vulnerability | Mon, Feb 08 2010 | | Integer underflow vulnerability has been discovered in IRCD-hybrid, versions 7.2.2 and 7.2.3, ircd-ratbox before 2.2.9, and oftc-hybrid before 1.6.8. The vulnerability is triggered due to the boundary condition error exists in "clean_string" function used in 'irc_string.c' script when processing the "LINKS" command. Exploitation of this vulnerability requires that "flatten_links" is disabled. This could permit a remote attacker to cause the daemon to crash, creating a denial of service condition or execute arbitrary code on a vulnerable system. | | Severity |  |
|
| | | ircd-ratbox 'HELP' Command Denial of Service Vulnerability | Sun, Feb 07 2010 | | A vulnerability has been discovered in ircd-ratbox before 2.2.9. The vulnerability is triggered due to a NULL pointer dereference error in
'cache.c' script when processing the "HELP" command. This could be exploited by a remote attacker to cause the daemon to crash, creating a denial of service condition. | | Severity |  |
|
| | | Apache 'ap_proxy_send_fb()' Integer Overflow Vulnerability | Wed, Feb 03 2010 | | Apache HTTP Server before 1.3.42 on 64-bit platforms are prone to integer overflow vulnerability. The issue occurs due to improper processing of a large chunk size that triggers a heap-based buffer overflow in the "ap_proxy_send_fb" function in 'proxy/proxy_util.c' script in 'mod_proxy'. This could allow remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | | Severity |  |
|
| | | Asterisk T.38 'FaxMaxDatagram' Denial of Service Vulnerability | Mon, Feb 08 2010 | | Asterisk Open Source before 1.6.0.22, 1.6.1.14, and 1.6.2.2; and Business Edition before C.3.3.2 are prone to a denial of service (DoS) vulnerability. The issue occurs due to improper handling of T.38 negotiations over SIP with a negative or overly large value in the "FaxMaxDatagram" field or without any "FaxMaxDatagram" field. This could be exploited by a remote attacker to rash a vulnerable server, creating a denial of service condition. | | Severity |  |
|
| | | IRCD-Hybrid 'mystring.c' Denial of Service Vulnerability | Mon, Feb 08 2010 | | A vulnerability has been discovered in IRCD-Hybrid (aka Hybrid2 IRC Services), version 1.9.2 to 1.9.4. The vulnerability is triggered due to an input validation error in 'mystring.c' used in hybserv when processing private messages. This could be exploited by a remote attacker to cause the service to crash by sending a specially-crafted private message containing ":help t" to the MemoServ service, creating a denial of service condition. | | Severity |  |
|
| | | Xerox WorkCentre Network Controller Multiple Unspecified Vulnerabilities | Sat, Feb 06 2010 | | Multiple unspecified vulnerabilities have been discovered in Xerox WorkCentre, version 5632, 5638, 5645, 5655, 5665, 5675, and 5687. The issue is triggered due to access validation error in the Network Controller and Web Server which allows bypass "Scan to Mailbox" authorization and web server authorization. Exploitation of the vulnerability require that the user must interact with the attack mechanism. This could allow remote attackers to access mailboxes and read device configuration information. | | Severity |  |
|
| | | Microsoft Internet Explorer Dynamic Object Tag Information Disclosure Vulnerability | Sat, Feb 06 2010 | | A vulnerability has been discovered in Microsoft Internet Explorer, versions 5.01 SP4, 6, 6 SP1, 7, and 8. The vulnerability is triggered due to the design error exists in the application which does not prevent rendering of non-HTML local files as HTML documents. This remotely exploitable vulnerability requires persuading user into opening a Web site and permit attackers to bypass access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an "index.dat" file. | | Severity |  |
|
| | | Microsoft Internet Explorer URLMON Sniffing Information Disclosure Vulnerability | Sat, Feb 06 2010 | | A vulnerability has been discovered in Microsoft Internet Explorer, versions 5.01 SP4, 6, 6 SP1, 7, and 8. The vulnerability is triggered due to the design error exists in the application which does not prevent rendering of non-HTML local files as HTML documents. This remotely exploitable vulnerability requires persuading user into opening a Web site and permit attackers to bypass access restrictions and read arbitrary files via vectors involving the product's use of 'text/html' as the default content type for files that are encountered after a redirection, aka the URLMON sniffing vulnerability. | | Severity |  |
|
| | | IBM WebSphere Commerce Merchant Key Vulnerability | Sat, Feb 06 2010 | | A vulnerability has been discovered in IBM WebSphere Commerce, version 7.0. The vulnerability is triggered due to an error in the application which provide weaker than expected security when using a single merchant key provided by the administrator for session and data encryption. This could be exploited by a remote attacker to compromise the integrity of WebSphere Commerce sites. | | Severity |  |
|
|
|
|
|
 |
| |
53 additonal records not shown
|
|
|
 |
|
 |
|
| | Suspicious.SillyFDC | Fri, Feb 05 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | Suspicious.Lop.2 | Wed, Feb 03 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | W32/Routrobot.worm | Wed, Feb 03 2010 | | Severity |  | | Aliases: | Trojan.Win32.Buzus.dbfm (Kaspersky),Worm:W32/Prolaco.O (F-Secure),Worm:Win32/Prolaco.gen!C (Microsoft),Worm.Win32.Prolaco.gen (Sunbelt) | | Infects: | Windows Me,Windows XP |
|
| | | Packed.Generic.242 | Tue, Feb 02 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | Trojan.Sasfis | Tue, Feb 02 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | Trojan.Spyeye | Tue, Feb 02 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | Trojan.Zbot!gen5 | Tue, Feb 02 2010 | | Severity |  | | Aliases: | | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | W32.Netsky@mm | Mon, Feb 01 2010 | | Severity |  | | Aliases: | WORM_NETSKY.A [Trend] | | Infects: | Windows 2000,Windows 95,Windows 98,Windows Me,Windows NT,Windows Server 2003,Windows Vista,Windows XP |
|
| | | Cutwail.gen.o | Mon, Feb 01 2010 | | Severity |  | | Aliases: | Backdoor.Win32.HareBot.anq [Kaspersky Lab],Mal/Harebot-A [Sophos],Trojan.Pandex [Symantec],Trojan:Win32/Malagent [Microsoft] | | Infects: | Windows Me,Windows XP |
|
| | | DOS-FFIRC | Mon, Feb 01 2010 | | Severity |  | | Aliases: | | | Infects: | Windows Me,Windows XP |
|
|
|
|
|
 |
| |
0 additonal records not shown
|
|
 |
Do NOT reply
to this message. For any queries or concerns please contact
news-admin@certstation.com
This email is in compliance with the CAN-SPAM Act of 2003. Click
here to view our CAN-SPAM Act compliance policy.
To unsubscribe from the CERTStation Security News Wire, go to
http://www.certstation.com/tma/tmaforum.asp?qs=tmaform,
enter your email address, and click Unsubscribe
* Number 52000 represents current users of CERTStation Lite and CERTStation Lite based components such as CERTStation RSS and CERTStation TMA
|
|
|
Security
Sparklines |
|
Microsoft |
|
OS X |
|
Windows
XP |
|
Linux |
|
Internet
Explorer |
|
Mozilla |
|
Sparklines show the number of articles that referenced a given topic everyday over the last 12 weeks |
|
|
|
|
|
Podcast
|
|
|
|
|
Metrics |
| Last
Week |
|
| Viruses |
0 |
| Worms |
2 |
| Trojans |
8 |
| Vulnerabilities |
63 |
| Total
Records* |
|
| Viruses |
413 |
| Worms |
1538 |
| Trojans |
2041 |
| Vulnerabilities |
15044 |
*since 2004 |
|
|
|
|
|
|