IT Security Portal

Microsoft Updates for Multiple Vulnerabilities

2008-10-14T22:25:00.001-07:00

Microsoft Security Bulletin Major Revisions

2008-09-14T22:46:00.000-07:00

Microsoft has released their monthly security bulletins for June, fixing vulnerabilities in various Microsoft products

2008-06-12T23:18:00.001-07:00

Microsoft Updates for Multiple Vulnerabilities

2008-05-13T22:52:00.000-07:00

Microsoft has released updates to remedy critical vulnerabilities in
Microsoft Windows and Office for Windows and Mac.
Updates for Microsoft Windows and Office are available on the
Microsoft Update site.

Office for Mac users should go to the Mactopia
website to obtain updates.

Microsoft Excel -- ZERO-DAY exploit - PATCH AVAILABLE NOW - targeted attacks exploiting unspecified error in the handling of Excel files

2008-03-12T02:57:00.000-07:00

Some vulnerabilities and weaknesses have been fixed in the latest

2008-02-19T00:30:00.000-08:00

Some vulnerabilities and weaknesses have been fixed in the latest version of Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system.
Various errors have been fixed in Firefox's browser engine and Javascript engine, which can be exploited to cause a memory corruption and allow the execution of arbitrary code.
A weakness due to a design error within the focus handling and which can potentially be exploited to trick a user into uploading arbitrary files has also been fixed.
An error in the handling of images when a user leaves a page, which uses "designMode" frames, can be exploited to disclose the user's navigation history, forward navigation information, and to cause a memory corruption. Successful exploitation of this vulnerability may allow execution of arbitrary code.
A design error related to timer-enabled dialogs can be exploited to trick a user into unintentionally confirming a security dialog.
A problem in Firefox, which follows "302" redirects for stylesheets and allows reading the target URL via "element.sheet.href", can potentially be exploited to disclose sensitive URL parameters.
The vulnerabilities are reported in versions prior to 2.0.0.12. Users
are advised to download the updated version immediately.

Microsoft Updates for Multiple Vulnerabilities

2008-02-19T00:26:00.000-08:00

Vulnerabilities in Microsoft Windows and Office could allow an attacker to gain control of your computer.
Updates for Microsoft Windows are available on the Microsoft Update site. We also recommend enabling Automatic Updates.

Microsoft Updates for Multiple Vulnerabilities

2008-01-08T22:52:00.000-08:00

Microsoft has released updates to remedy vulnerabilities in Microsoft Windows.

Updates for Microsoft Windows are available on the Microsoft Update site.
We also recommend enabling Automatic Updates.

Merry Christmas and a prosperous New Year !!!!

2007-12-26T23:48:00.001-08:00

Microsoft released its last batch of Security Bulletins for the year

2007-12-14T03:48:00.000-08:00

Seven Security Bulletins were released, with one Extremely Critical advisory, two Highly Critical advisories, two Moderately Critical advisories, and two Less Critical advisories.

Microsoft Updates for Multiple Vulnerabilities

2007-11-14T05:31:00.000-08:00

A vulnerability in Microsoft Windows may allow an attacker to access
your computer, install and run malicious software on your computer, or
cause it to crash.

Some vulnerabilities and a weakness have been reported in Mozilla Firefox

2007-10-28T23:37:00.001-07:00

Microsoft issues 3 critical security updates patching several vulnerabilities

2007-10-28T23:36:00.001-07:00

Sun updates for command execution and information disclosure vulnerabilities in Java

2007-10-28T23:34:00.000-07:00

The Java Runtime Enviornment software contains multiple vulnerabilities that could allow:
multiple unspecified errors in Java Runtime Environment, may allow an untrusted Java Web Start application or Java applet to move or copy arbitrary files on the system, tricking a user into dragging and dropping a file from an applet to a desktop application that has the proper permissions.
unspecified errors in Java Web Start, which could allow an untrusted application to determine the location of the Java Web Start cache, or read and write local files that are accessible to the user running the untrusted application.
unspecified errors in the Java Runtime Environment, which could be exploited by a malicious appleta applet or by using Java APIs to establish network connections to certain services on machines other than the originating host.
The vulnerabilities are reported in the following versions:
JDK and JRE 6 Update 2 and earlier
JDK and JRE 5.0 Update 12 and earlier
SDK and JRE 1.4.2_15 and earlier
SDK and JRE 1.3.1_20 and earlier
OPERATING SYSTEMS Regardless if you run the above programs under :
Windows 2000, XP, Vista,
Windows 2003 Server the vulnerabilities apply! Remember, most PCs have this software installed since many webpages require Java to allow the user a good surfer experience.
IMPORTANT Java Runtime Environment must be removed from a PC before the update/later released is installed ==> see section OTHER ACTIONS below on how to do it - fast and easy.

Malicious PDF files being spammed out in volume

2007-10-28T23:32:00.000-07:00

These PDF files exploit a recent vulnerability. When such PDF files are viewed on vulnerable machines, they get infected.
An unknown party has been sending out tens of thousands of mails with Subject-lines like:
Your credit report
Personal Financial Statement
Your Credit File
Balance Report
The mails contain no mail body, only an attachment called "report.pdf". When opened, the PDF file uses the CVE-2007-5020 vulnerability via Acrobat Reader and IE7 and downloads further malware from a server in Malaysia. The target of the malware seems to be to create a botnet of infected machines to be used for further malicious activity.

Microsoft Updates for Multiple Vulnerabilities

2007-10-10T06:34:00.000-07:00

Microsoft Updates for Multiple Vulnerabilities

2007-09-13T00:18:00.000-07:00

Vulnerabilities in Microsoft Windows Windows and MSN Messenger could allow an attacker to gain control of your computer.
Updates for Microsoft Windows are available on the Microsoft Update site. We also recommend enabling Automatic Updates.

Microsoft Updates for Multiple Vulnerabilities

2007-08-15T22:00:00.000-07:00

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server.
Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Apply updates from Microsoft.

Cisco released several security advisories this week for various products

2007-08-09T22:08:00.000-07:00

Cisco IOS and IOS XR are reportedly affected by a vulnerability that can be exploited to disclose sensitive information or cause a Denial of Service. The problem is due to an error when processing Ipv6 packets with a Type 0 routing header. Sending a specially crafted packet may lead to disclosure of a number of bytes of packet buffer memory, or to crash the device.
This vulnerability affects Cisco IOS 12.x and Cisco IOS XR 3.x products. Vendor patches have been released for some, but not all, affected devices.

Mozilla released Firefox 2.0.0.6

2007-08-02T22:18:00.000-07:00

The first is a vulnerability caused by an error in the handling of "about:blank" pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g.
clicking on a link opened in an "about:blank" window created and populated in a certain ways by an addon.

Microsoft Updates for Multiple Vulnerabilities

2007-07-10T22:26:00.000-07:00

Microsoft has released updates to remedy vulnerabilities in Microsoft Windows and Office.
To obtain these updates, visit the Microsoft Update web site.

Microsoft Updates for Multiple Vulnerabilities

2007-06-12T22:47:00.000-07:00

Vulnerabilities in Microsoft Windows, Internet Explorer, and Office
could allow an attacker to gain control of your computer.
MS07-031 - Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution
MS07-033 - Cumulative Security Update for Internet Explorer
MS07-034 - Cumulative Security Update for Outlook Express and Windows Mail
MS07-035 - Vulnerability in Win32 API Could Allow Remote Code Execution

Yahoo Messenger - TWO zero-day - buffer overflow security issue in an ActiveX control AND one vulnerability that affects the viewer ywcvwr.dll

2007-06-07T04:03:00.000-07:00

Mozilla Firefox, Sea Monkey and Thunderbird - multiple security vulnerabilities

2007-03-05T02:47:00.000-08:00

The vulnerabilities could be exploited by attackers to take complete control of an affected system or bypass security restrictions.
You need to upgrade your software as follows:
Downloading latest version of Firefox 2.0.0.2
Downloading latest version of SeaMonkey 1.1
Downloading latest version of Thunderbird 1.5.0.9

Microsoft issues 12 security updates

2007-02-13T22:25:00.000-08:00

CRITICAL
2 for Windows;
2 for Office;
1 for Live OneCare, Antigen, Windows Defender, and Forefront
1 for Windows, Internet Explorer
IMPORTANT
1 for Windows and Visual Studio;
1 for Windows and Office;
1 for Step-by-Step Interactive Training;
2 for Windows

DDoSers bombard Military root server

2007-02-12T04:05:00.000-08:00

At least three DNS root servers, including one maintained by the US Department of Defense, were flooded with data for about 12 hours in an attack that was notable more for its audacity than any noticeable degradation of internet traffic.
The DOD's G server was among those sustaining the most damage, according to an analysis of the machine's unanswered queries. The L server, maintained by ICANN, and the WIDE Project's M server, located in multiple locations, were also hit in attacks that started a little after midnight GMT on Tuesday.
There were reports that F and I servers also faced increased traffic, but those attacks appeared to be short-lived. They appeared to affect certain top-level-domains, including .org.
SANS said it was aware of root server attacks but is still wading through data before issuing a report. It encouraged people with logs, or other information relating to the attacks to send it to SANS officials.
It was unclear where the attacks originated, since the perpetrators disguised the origination of the packet flood, according to the Associated Press. There was some speculation they may have come out of Korea.
SOURCE: The Register

3 critical security bulletins from Microsoft

2007-01-09T22:49:00.000-08:00

Microsoft Security Bulletins were issued today
1 Microsoft Security Bulletin affecting Microsoft Windows - Internet Explorer - Critical
1 Microsoft Security Bulletin affecting Microsoft Office - Excel - Critical
1 Microsoft Security Bulletin affecting Microsoft Office - Outlook - Critical
1 Microsoft Security Bulletin affecting Microsoft Office 2003 Brazilian Portuguese Grammar Checker Vulnerability - Important

The critical vulnerabilities affect the following: operating systems:
Microsoft Windows 2000/XP/2003/Server 2003/software
Microsoft Office 2000/XP/2003
Microsoft Works Suite 2004/2005
Apple Mac
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac

Adobe Acrobat Reader - cross-site scripting vulnerability

2007-01-04T04:33:00.000-08:00

The vulnerability could be exploited by attackers by getting javascript executed by simply having it appended to the PDF's URL. Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users.

Systems Affected: Adobe Acrobat Reader version 7.0.8 and prior

Solution: Upgrade to Adobe Reader version 8.0.0

SOURCE: CyTRAP Labs

SEASON'S GREETINGS

2007-01-02T02:26:00.000-08:00

BEST WISHES FOR A HAPPY NEW YEAR!!!

Yahoo IM Vulnerability

2006-12-21T02:04:00.000-08:00

Yahoo! reported a vulnerability in its instant messaging client for versions obtained prior to November 2, 2006. The vulnerability is caused by an unspecified error in Yahoo! Messenger's ActiveX control, which potentially can be exploited by malicious people to compromise a user's system.
Users are advised to upgrade to the latest version of Yahoo! Messenger.

Mozilla Addresses Multiple Vulnerabilities

2006-12-20T22:44:00.000-08:00

Mozilla Firefox, Thunderbird, and derived products contain several vulnerabilities. By taking advantage of one or more of these vulnerabilities, an attacker may be able to take control of your computer.
Upgrade to the latest versions of Firefox, Thunderbird, and SeaMonkey. Mozilla has released Firefox 1.5.0.9, Firefox 2.0.0.1, Thunderbird 1.5.0.9 and SeaMonkey 1.0.7 to correct these
problems. Mozilla Firefox, Thunderbird, and SeaMonkey automatically check for updates by default.
Security updates for Firefox 1.5 are scheduled to end in April 2007. According to Mozilla: Firefox 1.5.0.x will be maintained with security and stability updates until April 24, 2007. All users are strongly encouraged to upgrade to Firefox 2.

Microsoft Security Bulletin Summary for December 2006

2006-12-14T00:43:00.000-08:00

Critical Security Bulletins
MS06-072 - Cumulative Security Update for Internet Explorer -
MS06-073 - Vulnerability in Visual Studio 2005
MS06-078 - Vulnerability in Windows Media Format

Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash

2006-11-15T05:45:00.000-08:00

Vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash may allow an attacker to access your computer, install and run malicious software on your computer, or cause it to crash. An attacker could exploit these vulnerabilities by using specially crafted network traffic, or by convincing you to view a speciallycrafted web site or HTML email message.

Firefox 2.0 Out a Day Early

2006-10-24T23:48:00.000-07:00

The final version of Mozilla's Firefox 2.0 web browser was available on the company's FTP servers on Monday, October 23, a day before its scheduled official release. The public launch page is not yet up. A preview version of the browser, Release Candidate 3, was posted for download on October 16. The release follows close on the heels of that of Microsoft's Internet Explorer (IE) 7. Firefox 2.0 has integrated anti-phishing controls as well as RSS and XML feed viewing capabilities.

Flash MP3 Players Given as Prizes in Japan Infected with Trojan

2006-10-17T23:34:00.000-07:00

As many as 10,000 people in Japan received Flash MP3 players as prizes from McDonalds, but they came with an unexpected extra bit of software: a variant of the QQpass spyware Trojan horse program. The players were preloaded with ten songs and the malware. If the devices were connected to Windows PCs, passwords and other sensitive data could potentially be exposed to attackers. It is likely that a machine used to load the content was infected with the malware. McDonalds Japan has apologized, established a helpline to facilitate the recall of the infected MPs players and posted directions for cleansing infected PCs.

Microsoft Updates for Vulnerabilities in Windows, Office, and Internet Explorer

2006-10-11T00:33:00.000-07:00

Microsoft has provided updates to remedy these vulnerabilities. To obtain these updates, visit the Microsoft Update web site.
Microsoft Office 2000 users must visit the Microsoft Office Update web site to get the appropriate updates.
Apple Mac OS X users should obtain updates from the Mactopia web site.

Microsoft Internet Explorer VML Buffer Overflow

2006-09-27T00:13:00.000-07:00

Microsoft Internet Explorer (IE) fails to properly handle Vector Markup Language (VML) tags. This creates a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code.
Microsoft Internet Explorer contains a stack buffer overflow in code that handles VML. More information is available in Vulnerability Note VU#416092, Microsoft Security Advisory (925568), and Microsoft Security Bulletin MS06-055.
By convincing a user to open a specially crafted HTML document, such as a web page or HTML email message, a remote attacker could execute arbitrary code with the privileges of the user running IE.
Apply update from Microsoft

Mozilla Releases Firefox 1.5.0.7 to Address Seven Flaws

2006-09-20T00:11:00.000-07:00

Mozilla released Firefox 1.5.0.7, addressing seven vulnerabilities in earlier versions of the browser. Four are rated critical, two are rated moderate and one is rated low. The flaws could allow cross-site scripting, spoofing and man-in-the-middle attacks.

Serious ActiveX Vulnerability in IE 5.01 and 6.0

2006-09-20T00:07:00.000-07:00

Microsoft is investigating reports of a flaw in the Microsoft DirectAnimation Path ActiveX Control in Internet Explorer (IE) that could be exploited to allow remote code execution. Proof-of-concept code has been published, but there are no reports of active attacks that exploit this flaw. Microsoft recommends that until a fix is released, users disable ActiveX and active scripting controls. The vulnerability affects IE versions 5.01 and 6.0.

Microsoft Windows and Publisher Vulnerabilities

2006-09-13T00:59:00.000-07:00

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Microsoft Publisher. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Microsoft has provided updates for these vulnerabilities in the September 2006 Security Bulletins. The security bulletins describe any known issues related to the updates. Note any known issues described in the bulletins and test for any potentially adverse affects in your environment.
Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Microsoft Office 2000 updates are available on the Microsoft Office Update site.

Malicious Files on Samsung Web Site

2006-09-13T00:58:00.000-07:00

Last week, Samsung Electronics' US web site was hosting a Trojan horse program capable of logging keystrokes and disabling antivirus software.
Users had to be tricked into downloading the code onto their computers; there is no evidence of an exploit that downloaded the malware without user interaction. The malicious files appear to have been removed from the site.

Credit Card Companies Update PCI

2006-09-13T00:55:00.000-07:00

The five major credit card companies, American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International, have formed the Payment Card Industry Security Standards Council, marking the first time all have agreed on a common framework for payment card security. Their first order of business was to update the current PCI Data Security Standard by providing instructions for implementing the requirements and clarifying the language, for instance, replacing vague terms, such as "regularly," with specifics, such as "annually" or "quarterly." The council's goal is "to enhance payment account security by fostering broad adoption of the PCI Data Security Standard."

Critical vulnerabilities have been identified in Flash Player that could allow an attacker who successfully exploits these vulnerabilities to take con

2006-09-13T00:51:00.000-07:00

Systems Affected
Macromedia Flash Player - Version 8.0.24.0 and earlier,
Browsers affected - Firefox, Mozilla, Netscape, Opera, Internet Explorer and CompuServe - using Macromedia Flash Player

Vulnerability in Word Could Allow Remote Code Execution

2006-09-12T00:14:00.000-07:00

Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Word 2000. In order for this attack to be carried out, a user must first open a malicious Word file attached to an e-mail or otherwise provided to them by an attacker.
As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources.

Mobile Devices Hold On to Old Data

2006-09-03T23:28:00.000-07:00

Following the directions that come with mobile devices, such as phones and PDAs, to remove data before selling or recycling them is not enough to ensure the next person who holds the device will not be able to see your private information. Data can still be retrieved from phones that have been reset. A security software company that purchased 10 used smartphones and PDAs on eBay found sensitive, personally identifiable information on nearly all of them. The company plans to return all the phones to their original owners and has kept all the data it retrieved from the phones on a computer not connected to its corporate network.
Some companies have provided stronger data wiping functions in their newer devices.
SOURCE: SANS

Microsoft Tries Again on Internet Explorer Patch

2006-08-31T06:22:00.000-07:00

Microsoft released a corrected cumulative security patch for Internet Explorer because its first patch created a vulnerability.

Cisco Warns of Flaw in Firewall Products

2006-08-31T06:20:00.000-07:00

An alert from Cisco Systems Inc. describes an unintentional password modification vulnerability in multiple firewall products that could be exploited to change passwords without user interaction and allow "unauthorized users ... to gain access to a device that has been reloaded after passwords in its startup configuration have been changed.
Authorized users can be locked out and lose the ability to manage the affected device." The flaw affects Cisco PIX 500 Series Security Appliances, Cisco ASA 5500 Series Adaptive Security Appliances and Firewall Service Module (FWSM) for Cisco Catalyst 6500 switches and Cisco 7600 Series Routers running affected versions of the software.
Cisco has issued software to address this vulnerability. A second alert from Cisco describes a pair of flaws in Cisco VPN 3000 series concentrators with FTP file management enabled that could be exploited to execute some FTP commands and delete files. Cisco has issued free software to address these two flaws and also made workarounds available.

Microsoft Patch Disclosure - August 2006

2006-08-08T23:43:00.000-07:00

Critical
MS06-040 - Vulnerability in Server Service Could Allow Remote Code Execution
MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code Execution
MS06-042 - Cumulative Security Update for Internet Explorer
MS06-043 - Vulnerability in Microsoft Windows Could Allow Remote Code Execution
MS06-044 - Vulnerability in Microsoft Management Console Could Allow Remote Code Execution
MS06-046 - Vulnerability in HTML Help Could Allow Remote Code Execution
MS06-047 - Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution
MS06-048 - Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
MS06-051 - Vulnerability in Windows Kernel Could Result in Remote Code Execution
Moderate
MS06-045 - Vulnerability in Windows Explorer Could Allow Remote Code Execution
MS06-049 - Vulnerability in Windows Kernel Could Result in Elevation of Privilege
MS06-050 - Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution

Mozilla Releases Firefox Update

2006-07-31T23:37:00.000-07:00

On July 26, Mozilla released an update for its Firefox web browser, Firefox 1.5.0.5, to remedy a dozen flaws, seven of which are rated "critical." Mozilla has issued advisories for each of the vulnerabilities. The critical flaws include crashes with evidence of memory corruption, a privilege escalation flaw, JavaScript engine vulnerabilities and a memory corruption flaw in the way simultaneous XPCOM events are handled.

Zero-Day PowerPoint Flaw Already Being Exploited

2006-07-27T01:35:00.000-07:00

Microsoft is investigating reports of a zero-day vulnerability in PowerPoint. Users' machines would become infected only if they are tricked into opening a maliciously crafted PowerPoint document. Attacks exploiting the flaw have already been detected; a PowerPoint attachment to spam has been found to contain the PPDDropper.b Trojan horse program, which places a backdoor called Bifrozse.e on infected computers.

State Dept. Acknowledges Attacks on Systems

2006-07-27T01:32:00.000-07:00

The US State Department says it is working with Carnegie Mellon University's Computer Emergency Response Team and the FBI on the investigation into cyber attacks that targeted US embassies in the East Asia-Pacific region and State Department headquarters in Washington DC.
The systems attacked were unclassified and an initial investigation indicates "no compromise of sensitive US government information." A department spokesperson said the attacks were not the result of problems with computer security policies.

Fake Google Web Site Hides Trojan Horse

2006-07-27T00:36:00.000-07:00

A fake Google Tool Bar can turn victims' machines into zombies if it is downloaded. E-mails direct users to the Web site that perfectly mimics the real Google download page where the victim is offered the fake tool.

Microsoft Security Bulletins for July 2006

2006-07-26T06:52:00.000-07:00

Vulnerability in Server Service Could Allow Remote Code Execution (917159)
This update resolves two vulnerabilities in the Server service, the most serious of which could allow remote code execution.

Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)
This update resolves a vulnerability in the DHCP Client service that could allow remote code execution.

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.

Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
This update resolves two vulnerabilities in Office, the most serious of which could allow remote code execution.

Buffer Overflow Flaw in Opera Browser

2006-06-28T00:01:00.000-07:00

A buffer overflow flaw that occurs when the Opera web browser processes JPEG mages could allow remote code execution. The problem is known to exist in Opera v.8.54 and possibly in earlier versions as well. Users are urged to upgrade to Opera 9.

Exploits for Microsoft Flaws Circulating

2006-06-18T23:33:00.000-07:00

Within a day after Microsoft's monthly security update, proof-of-concept exploits for at least five of the vulnerabilities addressed have been detected. Microsoft's June security release included twelve bulletins that addressed 21 vulnerabilities in Windows, Microsoft Office and Microsoft Exchange; eight of the bulletins received severity ratings of "critical." Some of the exploits are for flaws that had been disclosed prior to the security updates, but at least two are for flaws that were not known before the updates were released.

JS-Yamanner Worm Affects Yahoo! Mail Users

2006-06-13T23:48:00.000-07:00

The JS-Yamanner worm collects the addresses it finds on Yahoo! Mail contact lists to spread itself; it also sends the addresses back to a remote server. The "from" field is spoofed to make the email appear to come from av3@yahoo.com. It spreads when users open email sent by the worm. The vulnerability allows script embedded in HTML email to run within users' browsers.

Microsoft Windows, Internet Explorer, Media Player, Word, and PowerPoint Vulnerabilities

2006-06-13T23:39:00.000-07:00

Microsoft has provided an update to remedy these vulnerabilities. To obtain the update, visit the Microsoft Update web site. We also recommend enabling Automatic Updates or click here

Mozilla Products Contain Multiple Vulnerabilities

2006-06-04T23:57:00.000-07:00

The Firefox web browser and Thunderbird email application contain several vulnerabilities. By taking advantage of one or more of these vulnerabilities, an attacker may be able to take control of your computer.
Solution
Upgrade to the latest versions of Firefox and Thunberbird. Mozilla has released an updated version of Firefox and Thunberbird to corrrect these problems.

EU Court Overturns Passenger Data Agreement with US

2006-06-04T23:55:00.000-07:00

European Court of Justice said an EU/US agreement to transfer sensitive personal data about EU airline passengers did not have an "appropriate legal basis" and invalidated the agreement. "The court ruled that because the information contained in passenger records is collected by airlines for their own commercial use, the European Union could not legally agree to provide that data to US authorities ..." US authorities had wanted EU airlines to provide them with 34 pieces of data about each traveler on board planes headed for the US and threatened hefty fines and lengthy security checks if the request was not met. The European Court of Justice has given the EU until September 30 to develop an alternative solution.

Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability

2006-05-26T03:28:00.000-07:00

The Cisco VPN Client for Windows is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges.
A user needs to authenticate and start an interactive Windows session to be able to exploit this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.

Exploits Circulating for Zero Day Flaw in Microsoft Word

2006-05-23T03:50:00.000-07:00

This exploit code has been targeting individuals through email messages with a malicious Microsoft Word attachment. The messages appear to come from someone within the individual's own organization, and simply opening the Word file causes the system to be exploited.
Successful exploitation of this flaw would lead to the attacker gaining full rights in the context of the exploited user. As an example, if an exploited system was being run under Administrator privileges, then the attacker would gain Administrator privileges for that machine and be able to execute code, delete or edit files or change configuration settings.
It should be noted that these attacks are currently extremely targeted. Across various organizations only a small handful of systems have been attacked. These emails were at least somewhat hand-crafted for the people targeted for attack. Administrative privileges are required for the exploit code to operate properly, although administrative privileges are not required for the security vulnerability itself.

Google Fraud: Botnets Used to Steal Money From Google Advertisers

2006-05-22T00:29:00.000-07:00

The SANS Internet Storm Center (ISC) has released evidence showing botnets are being used to defraud advertisers using Google Adword, a pay-per-click advertising system. Advertisers pay Google for each click; Google in turn pays a substantial amount of that revenue to publishers who run banners for the advertisers. Unscrupulous publishers work with the botmasters to generate high volumes of clicks and ultimately revenue. The botmasters get a share of this as well. ISC uncovered evidence of a botnet with 115 bots, each of which was clicking on sites up to 15 times a day, keeping them under the detection system's radar.

Microsoft Releases Patches on Patch Tuesday

2006-05-10T02:12:00.000-07:00

On Tuesday, May 9, Microsoft released three security bulletins that address vulnerabilities in Microsoft Windows and Microsoft Exchange. At least two of the flaws have been given a "critical" rating;

Symantec Warns of Flaws in Scan Engine

2006-05-02T00:09:00.000-07:00

Symantec is encouraging its Scan Engine customers to upgrade from version 5.0 to version 5.1 following the disclosure of three vulnerabilities. The first vulnerability is due to the fact that Symantec Scan Engine does not properly authenticate web-based user logins; this flaw could be exploited to control the Scan Engine server.
The second flaw involves a static private DSA key for SSL communications and could be exploited by a man-in-the-middle attack. The third flaw allows unauthenticated remote users to download files located under the Scan Engine installation directory.

Cisco Issues Fixes for Multiple Flaws

2006-05-02T00:02:00.000-07:00

Cisco Systems has issued patches for several vulnerabilities in a number of its products, including CiscoWorks Wireless LAN Solution Engine (WLSE), Hosting Solution Engine, User Registration Tool, Ethernet Subscriber Solution Engine and CiscoWorks 2000 Service Management Solution. Cisco did not issue patches for the last two products as they have been discontinued and are no longer supported.
In addition, Cisco issued an advisory for a cross-site scripting flaw in WLSE running software earlier than version 2.13. Another advisory addresses a Multi Protocol Label Switching (MPLS)-related flaw on the Cisco IOS XR modular operating platform that could be exploited to cause a denial-of-service condition.

Oracle Products Contain Multiple Vulnerabilities

2006-04-20T00:40:00.000-07:00

Oracle has released Critical Patch Update - April 2006. This update addresses more than thirty vulnerabilities in different Oracle products and components.
The Critical Patch Update provides information about affected components, access and authorization required, and the impact of the vulnerabilities on data confidentiality, integrity, and availability.
According to Oracle, none of the vulnerabilities corrected in the Oracle Critical Patch Update affect Oracle Database Client-only installations.
The Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle Collaboration Suite, JD Edwards EnterpriseOne and OneWorld Tools, and PeopleSoft Enterprise Portal Applications patches in the Updates are cumulative; each successive. Critical Patch Update contains the fixes from the previous Critical Patch Updates.
Oracle E-Business Suite and Applications patches are not cumulative, so E-Business Suite and Applications customers should refer to previous Critical Patch Updates to identify previous fixes they wish to apply.

Mozilla Releases Firefox Updates

2006-04-19T00:36:00.000-07:00

Mozilla has released an updated version of its Firefox browser, Firefox 1.5.0.2, which includes support for Mac OS X running on Intel processors. Mozilla says the update is a "stability and security" release because it includes fixes for critical security flaws as well as other problems. Mozilla also released fixes for flaws in older versions of Firefox and in the Sea Monkey browser suite. Some of the Firefox flaws could be exploited by simply tricking users into viewing maliciously crafted web pages.

Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer.

2006-04-12T00:29:00.000-07:00

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Microsoft Extends Support for Older Version of MBSA

2006-04-05T00:15:00.000-07:00

In a bow to customer pressure, Microsoft has extended support for the Microsoft Baseline Security Analyzer (MBSA) version 1.2 indefinitely.
Microsoft initially said it would end support for the tool on March 31, 2006, but feedback from customers made it clear that to discontinue support "would create a gap in security update detection for Microsoft products." MBSA is a free tool that scans computers for vulnerabilities with available Microsoft patches. MBSA 2.0, released in July 2005, fails to detect the need for patches in certain Microsoft products.

Attackers Hone IE TextRange() Exploit

2006-04-04T23:40:00.000-07:00

A "new generation" of exploit code that takes advantage of the TextRange() vulnerability in Microsoft's Internet Explorer (IE) has been posted to the Internet. When the older exploits attempted to install keystroke loggers on vulnerable machines, they froze browsers for noticeable periods of time, allowing users to shut down their computers and avoid being infected with the malware. The new exploit is faster and employs techniques to evade antivirus signatures.

Zero-Day IE Flaw Exposes Holes in Microsoft's Security Patch Process

2006-04-04T23:32:00.000-07:00

Cyber criminals are now using spam in an attempt to spread malware that exploits an unpatched critical vulnerability in Microsoft's Internet Explorer (IE). The spam tries to lure people to maliciously crafted web sites; the sites download software that captures bank account log-in data onto victims' computers and transmits them to the thieves.
Microsoft encourages users to disable active scripting pending the availability of a legitimate patch. The emergence of zero-day vulnerabilities illuminates problems with Microsoft's monthly security releases. An executive with a company that released a third-party patch for the flaw says he understands Microsoft's need to test, but that Microsoft should also provide some sort of faster protection for the interim, perhaps a "beta" patch.

Web Sites Exploiting IE Flaw; Microsoft Working On Fix

2006-03-29T23:21:00.000-08:00

There are reports that web sites are already exploiting the Internet Explorer TextRange () flaw to install spyware on vulnerable computers.
As of Monday morning, more than 200 such sites have been detected. The flaw exists in IE 6 and IE 7 beta 2; this marks the third IE vulnerability disclosed in one week. Microsoft is developing a fix.
Users are advised to disable Active Scripting in IE.

Windows Media Player Patches Pose Problems

2006-03-14T23:55:00.000-08:00

Microsoft has issued an advisory warning that three previously released patches for Windows Media Player 10 can be problematic. WMP users who have installed the patches may experience trouble seeking, rewinding and fast-forwarding files. One of the patches was released in February in MS06-005 and was deemed a "critical" fix. The other two patches in question were released in October 2005. Microsoft suggests two workarounds.

Microsoft March Security Update Includes Critical Microsoft Office Fix

2006-03-14T23:54:00.000-08:00

In Microsoft's monthly security update two security bulletins will describe fixes; one addresses a "critical" flaw in Microsoft Office.
The second bulletin will address flaws in Windows and has an "important"
rating. Microsoft will release the bulletins on Tuesday, March 14 along with an updated version of Windows' malicious software removal tool and one non-security, high-priority update.

Citibank Acknowledges ATM Network Penetrated

2006-03-14T23:52:00.000-08:00

Citibank acknowledged last week that attackers infiltrated its ATM network in Canada, Russia and the United Kingdom, and stole a block of PINs (personal identification numbers). Sophisticated hackers use the PINs to create counterfeit cards and steal money.

DDoS Attackers Turn to High Profile Blogs

2006-03-07T05:54:00.000-08:00

High profile blogs have been targeted by distributed denial of service
(DDoS) attacks in recent weeks. Some speculate that the attackers are broadening their range of targets, which until now has included on line betting sites and online games to include profitable and politically focused blogs.

Apple Security Update Addresses 20 Flaws, Including Safari Hole

2006-03-07T05:53:00.000-08:00

Apple has released Security Update 2006-001, which fixes 20 flaws in Mac OS X, including vulnerabilities that could be exploited to install malware through the Safari web browser. Apple has issued updates for OS X v10.3.9, OS X Server v10.3.9, OS X v10.4.5 and OS X Server v10.4.5.

eDonkey Server Shut Down

2006-02-27T00:45:00.000-08:00

Police raids in Belgium and Switzerland have shut down Razorback2, believed to be one of the largest index servers on the eDonkey file sharing network. The servers held an index of an estimated 170 million pirated files, according to RIAA. The server's owner was arrested in Switzerland; equipment was seized in Belgium.

Apple Mac OS X Safari Command Execution Vulnerability

2006-02-23T00:11:00.000-08:00

Apple Safari is a web browser that comes with Apple Mac OS X. Safari contains a vulnerability that could allow an attacker to run malicious programs on your computer.
Solution
Turn off "Open safe files after downloading" feature
To turn off "Open safe files after downloading" feature in Safari, first choose "Preferences" from the Safari menu. Next, uncheck the option "Open 'safe' files after downloading."

Microsoft Decries iDefense's Offer of Cash for Critical Windows Holes

2006-02-22T01:16:00.000-08:00

Microsoft has spoken out against iDefense's offer to pay US$10,000 to people who find and reveal to them critical vulnerabilities in Windows.
According to a Microsoft spokesperson, the company "does not believe that offering compensation for vulnerability information is the best way [to] protect customers," and instead prefers that "researchers" ensure a fix is available from vendors before disclosing the details of a vulnerability. iDefense says it believes their offer "promotes the concept of responsible disclosure." iDefense Labs Michael Sutton said he finds it curious that Microsoft's Antivirus Reward Program offers US$250,000 for information leading to the arrest and conviction of malware writers, but is opposed to iDefense's program. Peter Mell, who manages the National Vulnerability Database (NVD) at the National Institute of Standards and Technology (NIST), says iDefense's program could skew bug hunters' attention to certain vendors rather than helping improve security in the industry.

Google Files Formal Rejection of Government Request for Search Data

2006-02-22T00:47:00.000-08:00

Google has filed court documents over the weekend with a federal judge in San Jose formally rejecting the US government's request for search data. The documents say Google believes providing that information to the government would violate users' privacy and expose the company's trade secrets. Google goes on to say that the information requested would not "accomplish what the government wanted." The requests were made by the Department of Justice (DoJ) to demonstrate that voluntary regulation is not preventing minors from accessing inappropriate web content and appeal the injunction against a law that would impose penalties on web site operators who allow minors to view inappropriate material. The American Civil Liberties Union (ACLU) has filed an amicus brief on behalf of Google.

Microsoft Patch Disclosure - February 2006

2006-02-17T05:53:00.000-08:00

Critical
MS06-004 - Cumulative Security Update for Internet Explorer
MS06-005 - Vulnerability in Windows Media Player Could Allow Remote Code Execution
Important
MS06-006 - Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution
MS06-007 - Vulnerability in TCP/IP Could Allow Denial of Service
MS06-008 - Vulnerability in Web Client Service Could Allow Remote Code Execution
MS06-009 - Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege
MS06-010 - Vulnerability in PowerPoint 2000 Could Allow Information Disclosure

http://www.microsoft.com/technet/security/bulletin/ms06-feb.mspx

Bluetooth Vulnerability Leaves Some Sony Ericsson Phones Susceptible

2006-02-17T05:51:00.000-08:00

A vulnerability in several models of Sony Ericsson mobile phones could be remotely exploited to cause denial-of-service on the devices. The flaw lies in an error in Bluetooth that does not properly handle malformed L2CAP (Logical Link Control and Adaptation Layer Protocols).
Malformed code could crash the phones; when they are restarted, they would have normal functionality. Users are advised to turn off the "discoverable mode" in their Bluetooth settings. The flaw affects Sony Ericsson models K600i, V600i, W800i and T68i.

Microsoft Fixes Flaw that Misidentified Symantec Programs as Spyware

2006-02-17T05:49:00.000-08:00

Microsoft has fixed a problem with a signature update to its Windows AntiSpyware program that erroneously identified two Symantec antivirus programs as spyware and recommended their removal. The flaw lies in a signature update for Windows AntiSpyware Beta 1. The program prompts users to remove registry keys and subkeys essential to the Symantec products. The update that contains the problem is signature set 5805; the problem is fixed in a newly issued signature set, 5807.

Sun Addresses Privilege Escalation Vulnerability in JRE

2006-02-17T05:42:00.000-08:00

Sun Microsystems has released updated versions of its Java Runtime Environment (JRE) to address seven critical security flaws. The flaws lie in problems with the "reflection" APIs and could be exploited with maliciously crafted applets to read and write files on hard drives of vulnerable systems and to execute programs. Affected versions include JRE 1.3.1_16 and earlier, JRE 1.4.2_09 and earlier and JRE 5.0 Update 4 and earlier.

Multiple Vulnerabilities in Mozilla Products

2006-02-08T00:15:00.000-08:00

Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
Several vulnerabilities have been reported in the Mozilla web browser and derived products.
The most severe impact of these vulnerabilities could allow a remote attacker to execute arbitrary code with the privileges of the user running the affected application. Other impacts include a denial of service or local information disclosure.
Solution
Upgrade to Mozilla Firefox 1.5.0.1 or SeaMonkey 1.0.
For Mozilla-based products that have no updates available, users are strongly encouraged to disable JavaScript.

Mobile Phone Tapping Affected Greek PM and Other Government Officials

2006-02-08T00:05:00.000-08:00

The Greek government has acknowledged that several of the country's top officials, including Prime Minister Costas Karamanlis, "have had their mobile phones tapped for more than a year." The scheme involved installing spy software on the Vodaphone central system that diverted calls to hard to trace pay-as-you-go mobile phones. An investigation is underway, but authorities have not determined who is conducting the surveillance. A total of approximately 100 phones belonging to Greek politicians are believed to be involved. The taps reportedly started before the 2004 Athens Olympics and continued through March 2005, when the scheme was discovered.

Flaws Found in IE 7 Beta 2

2006-02-06T01:08:00.000-08:00

Within hours of Microsoft's release of the beta 2 preview of Internet Explorer (IE) 7, a flaw was found in the code that could crash the browser. The flaw could potentially be exploited to execute arbitrary code on vulnerable machines, according to the person who discovered the flaw, though a posting on Microsoft's IE development blog refutes that claim. Microsoft says that they are already developing a fix for the flaw. There have also been reports of installation trouble related to certain anti-spyware and antivirus tools.

Mozilla Releases Firefox 1.5.0.1

2006-02-06T00:41:00.000-08:00

Mozilla is urging Firefox users to upgrade to Firefox version 1.5.0.1.
The updated version of the browser addresses a number of security flaws including a denial-of-service vulnerability and several "stability"
fixes that are aimed at repairing issues of the browser hindering system performance. Firefox 1.5.0.1 is being pushed out as an automatic update; this is the first time Mozilla has used the automatic update feature for Firefox.

ChoicePoint Settlement Imposes UD$15 Million Fine

2006-02-03T04:13:00.000-08:00

The Federal Trade Commission (FTC) has unanimously approved a settlement with ChoicePoint which the identity verification service must pay fines of US$15 million, the largest civil penalty in US history. US$10 million is an FTC fine, the additional US$5 million is designated for customer compensation. Under the terms of the settlement, ChoicePoint must also undergo independent security audits every two years until 2026. The FTC charged that ChoicePoint's "security processes and data handling violated privacy rights and federal laws." The settlement also requires that ChoicePoint create "a comprehensive security program, and implement new procedures to ensure that only legitimate businesses obtain consumer reports." ChoicePoint sold data to customers who lied about their credentials, according to FTC charges. The US Securities and Exchange Commission (SEC) is looking into share trades made by ChoicePoint CEO Derek V. Smith and COO Doug Curling both of whom allegedly made considerable profits in the months following their knowledge of the security breach but before it became public.

Winamp Playlist Buffer Overflow

2006-02-03T04:07:00.000-08:00

Winamp 5.13 resolves a buffer overflow vulnerability in how playlist files are handled.
Winamp fails to properly handle playlists with long computer names
Winamp contains a buffer overflow vulnerability when processing a playlist that specifies a long computer name. This may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.
By convincing a user to open a specially crafted playlist file, a remote unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Winamp may open a playlist file without any user interaction as the result of viewing a web page or other HTML document.
The solution is to upgrade to Winamp 5.13.

Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack

2006-01-26T23:57:00.000-08:00

The Cisco VPN 3000 series concentrators are a family of purpose-built, remote access Virtual Private Network (VPN) platforms for data encryption and authentication.
A malicious user may be able to send a crafted HTTP (Hypertext Transfer Protocol) packet to the concentrators which may cause the device to reload and drop user connections.
Repeated exploitation of this vulnerability will create a sustained DoS (denial of service).
Cisco has made free software available to address this vulnerability for affected customers.This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20060126-vpn.shtml

Eight Arrested in Connection with Phishing Ring

2006-01-25T00:40:00.000-08:00

Eight people have been arrested in Bulgaria on charges they are involved with a group responsible for sending a phishing email. The group allegedly operated a number of phony Microsoft web sites; the phony email was sent with addresses spoofed to appear they came from Microsoft billing account management. Recipients were asked to divulge credit card information that ring members allegedly used to buy goods and make wire transfers.

Google Refusing to Comply with Government Request for Search Data

2006-01-24T23:34:00.000-08:00

Google is resisting government requests for data on its search engine usage. The two requests the government has made are for a random sample of 1 million web site addresses in its search engine index and for the text of all queries made on the search engine during a specific week.
The government maintains it needs the records from Google to prepare its defense in a lawsuit brought by the American Civil Liberties Union. The lawsuit challenges the Child Online Protection Act (COPA) on the grounds that it violates the First Amendment. The government wants the information to help support its claim that COPA is stronger than Internet content filtering in efforts to prevent minors from accessing pornographic Internet content.
Google believes the government's demand for information is overreaching. Other search engine operators, including Microsoft's MSN and Yahoo, have complied with the government's request for search data. Both say no personal information was revealed.

Windows XP SP3 Due Out in Second Half of 2007

2006-01-22T23:44:00.000-08:00

Microsoft has set a tentative release date of the second half of 2007 for Windows XP Service Pack 3 (SP3) the professional and home editions.
Windows XP SP2 was released in 2004. Microsoft reportedly pushed back the release date for XP SP3 to allow them to concentrate resources on Windows Vista, which is scheduled to be released later this year.

F-Secure Has Fixes Available for DoS and Code Execution Flaws

2006-01-22T23:40:00.000-08:00

F-Secure has warned of several vulnerabilities in its products that could be exploited to cause denial-of-service or execute malicious code.
One of the flaws is a boundary error in .zip archive handling that could allow the execution of arbitrary code; a problem with .rar and .zip archive processing scanning functionality could allow malware to escape detection. Attackers could exploit the vulnerabilities with specially crafted archives. The company has fixes available for the flaws.

Oracle Products Contain Multiple Vulnerabilities

2006-01-18T23:53:00.000-08:00

Various Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

Oracle has released Critical Patch Update - January 2006. This update addresses more than eighty vulnerabilities in different Oracle products and components.
The Critical Patch Update provides information about affected components, access and authorization required, and the impact of the vulnerabilities on data confidentiality, integrity, and availability.
According to Oracle, three of the vulnerabilities corrected un the Oracle Critical Patch Update for January 2006 affect Oracle Database Client-only installations.

The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components are likely to be available to attackers via remote networks and with limited or no prior authorization. An attacker who compromises an Oracle database may be able to gain access to sensitive information.

IOS Stack Group Bidding Protocol Crafted Packet DoS

2006-01-18T23:50:00.000-08:00

The Cisco IOS Stack Group Bidding Protocol (SGBP) feature in certain versions of Cisco IOS software is vulnerable to a remotely-exploitable denial of service condition. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.

Cisco Call Manager Denial of Service

2006-01-18T23:48:00.000-08:00

Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting.

Windows Wi-Fi Vulnerability

2006-01-18T06:35:00.000-08:00

A flaw in a Windows XP and 2000 feature that automatically searches for Wi-Fi connections could be exploited to put vulnerable computers in peer-to-peer networks, potentially exposing the contents of their hard drives. When computers running these operating systems are turned on, they automatically search for a Wi-Fi connection; if none is found, they create an ad hoc connection to a local address using the SSID from the last successful connection and broadcast the SSID in an attempt to search for other computers to connect to. If an attacker is listening for this type of broadcast, he can create a network connection with the same SSID that would allow the machines to associate and give the attacker access to files on the user's PC. Users with firewalls are protected; users running Windows XP SP2 are not at risk. Users can protect their computers by disabling Wi-Fi when they are not using it.
In addition, system administrators should block ports 135, 137, 138 and
139 from accepting NetBIOS connections.