34 minutes ago
Tuesday, January 6, 2009
Around The Horn: the daily security roundup. Volume One, Number One
Alerts
MS08-054 – Critical: Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Windows Media Player that could allow remote code execution when a specially crafted audio file is streamed from a Windows Media server. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Jan 5, 2009 (20 hours ago)
MS08-055 – Critical: Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow remote code execution if a user clicks a specially crafted OneNote URL. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Jan 5, 2009 (20 hours ago)
MS08-056 - Moderate: Vulnerability in Microsoft Office Could Allow Information Disclosure (957699)
from Microsoft Security Bulletins
Bulletin Severity Rating:Moderate - This security update resolves a privately reported vulnerability in Microsoft Office. The vulnerability could allow information disclosure if a user clicks a specially crafted CDO URL. An attacker who successfully exploited this vulnerability could inject a client side script in the user's browser that could spoof content, disclose information, or take any action that the user could take on the affected Web site.
Jan 5, 2009 (20 hours ago)
MS08-057 – Critical: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (956416)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
MS08-058 - Critical: Cumulative Security Update for Internet Explorer (956390)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerabilities could allow information disclosure or remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Jan 5, 2009 (20 hours ago)
MS08-059 – Critical: Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution (956695)
from Microsoft Security Bulletins
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Host Integration Server. The vulnerability could allow remote code execution if an attacker sent a specially crafted Remote Procedure Call (RPC) request to an affected system. Customers who follow best practices and configure the SNA RPC service account to have fewer user rights on the system could be less impacted than customers who configure the SNA RPC service account to have administrative user rights.
Jan 3, 2009 (3 days ago)
Gaza<->Israel Defacements/Hacks, (Sat, Jan 3rd)
from SANS Internet Storm Center, InfoCON: green
Emails have been trickling into the ISC with information about the ongoing Cyberwar accompanying the ...(more)...
Jan 4, 2009 (2 days ago)
Twitter/Facebook Phishing Attempt, (Sun, Jan 4th)
from SANS Internet Storm Center, InfoCON: green
Several readers have sent us information about a phishing attempt based on Twitter and possibly Face ...(more)...
Jan 3, 2009 (3 days ago)
RAID != Backup, (Sat, Jan 3rd)
from SANS Internet Storm Center, InfoCON: green
Reader Tomasz sent in a message discussing the demise of JournalSpace. JournalSpace was a rela ...(more)...
UK Police planning to hack citizens' PCs, (Mon, Jan 5th)
from SANS Internet Storm Center, InfoCON: green
An interesting article from the TimesOnline - http://www.timesonline ...(more)...
Jan 5, 2009 (14 hours ago)
OSSEC HIDS being detected as malware, (Mon, Jan 5th)
from SANS Internet Storm Center, InfoCON: green
Daniel from OSSEC has reported that a couple Antivirus products are currently detecting the Windows ...(more)...
Security News
Dec 30, 2008 11:17 AM
CURRENT ISSUES IN DNS
from SANS Information Security Reading Room
Category: DNS Issues
Paper Added: December 30, 2008
Dec 30, 2008 11:17 AM
Transparent (Layer 2) Firewalls: A look at 2 Vendor Offerings: Juniper and Cisco
from SANS Information Security Reading Room
Category: Firewalls & Perimeter Protection
Paper Added: December 12, 2008
Mining for Malware - There's Gold in Them Thar Proxy Logs!
from SANS Information Security Reading Room
Category: Malicious Code
Paper Added: November 17, 2008
Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
from Microsoft Security Content: Comprehensive Edition
Revision Note: December 15, 2008: Updated the workaround, Disable the WordPad Text Converter for Word 97.Summary: Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 Service Pack 4, Windows XP Service Pack 2, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows XP Service Pack 3, Windows Vista, and Windows Server 2008 are not affected as these operating systems do not contain the vulnerable code.
6:12 AM (2 hours ago)
Microsoft Security Advisory (961040): Vulnerability in SQL Server Could Allow Remote Code Execution
from Microsoft Security Content: Comprehensive Edition
Revision Note: Advisory publishedSummary: Microsoft is investigating new public reports of a vulnerability that could allow remote code execution on systems with supported editions of Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2005 Express Edition, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), and Windows Internal Database (WYukon). Systems with Microsoft SQL Server 7.0 Service Pack 4 and Microsoft SQL Server 2008 are not affected by this issue.
Dec 31, 2008 (6 days ago)
MS08-067 Worm on the Loose
from CGISecurity - Website and Application Security News by Robert
Dshield has published a report of a new MS08-067 worm spreading."It does various things to install and hide itself on the infected computer. It removes any System Restore points that the user has set and disables the Windows Update Service. It looks for ADMIN$ shares on the local network and tries
Jan 4, 2009 (2 days ago)
Security: The Number One Technology Failure of All Time
from CGISecurity - Website and Application Security News by Robert
"I was reading through an article last night about the 25 greatest blunders in technology history and was happily strolling through memory lane (what are Palm Pilots, PS/2s and Apple Newtons anyways? :p) and then got quite a surprise at the very end of the article. The number one technology failure
Twitter Security Collapses; Obama, Fox and Britney Accounts Hacked
from CGISecurity - Website and Application Security News by Robert
"Days after a wave of phishing attacks fooled thousands of Twitter users, it appears that another security hole has been found by...someone. Obama's account, unused since election day, sent out an affiliate link to a survey with a gas card prize, Fox News said that "Bill O'Reily is gay" (not that...
Jan 5, 2009 (17 hours ago)
Inside The Malicious Traffic Business
from McAfee Avert Labs by Micha Pekrul
The Web’s classical social-engineering trick of the “missing video codec” tries to lure people into clicking on links or download and install an executable which pretends to be the missing application which is needed in order to watch the movie. The animated picture below is such an example: at first glance, it looks like a typically embedded video which is unable to load. The “picture” states that you’d have to click on it in order to see the movie. And here the lure begins - in this blog entry, we’ll follow it down and outline what kind of traffic management backbones are deployed for malware campaigns nowadays -- AuroraReport notes that this involves Streaming Media...
Jan 5, 2009 (17 hours ago)
One Hacker May Conceal Another
from McAfee Avert Labs by Francois Paget
The current crisis in Gaza between Palestinians and Israelis marks a renewal of web defacement activities. Various Morocco hacker groups have been pointed out by the press; the best known is “Team-Evil,” which just hacked the Ynet Israeli news site.
Jan 5, 2009 (16 hours ago)
25C3: Nothing to Hide
from McAfee Avert Labs by Toralv Dirro
The last major event of the year has just ended: The 25th Chaos Communication Congress’ Closing Ceremony just took place. Now in its 25th year, making it one of the oldest annual IT security conferences on the planet, more than 4,000 visitors crowded the BCC in Berlin, making it difficult to get into the talks, much like at Defcon some years ago.
8:18 AM (31 minutes ago)
Browsers fail password protection tests
from The Register - Security
Toxic soup of potential vulnerabilities
A beta version of Google Chrome has tied with Safari for last place in tests of how the browsers dealt with password security.…
Boffin brings 'write once, run anywhere' to Cisco hijacks
from The Register - Security
Curse of the ROMmon
A researcher has discovered a way to reliably exploit a known security vulnerability in a wide class of Cisco System routers, a finding that for the first time allows attackers to hijack millions of devices with a single piece of code.…
Israel hacks Arab TV station
from The Register - Security
Cyberspace becomes battleground in Gaza conflict
Israeli military forces have reportedly hacked into a Hamas-run TV station to broadcast propaganda.…
4:46 AM (4 hours ago)
Bruce Schneier: More on the Broad View of Security
from Network World on Security
Bruce Schneier's evolution of interests is well documented, moving from encryption to broader and broader perspectives on security. (Hence his recent appearance on 60 Minutes, commenting on TSA's airport screening procedures.) To bring wider perspectives to bear on security issues, Schneier (Chief Security Technology Officer at BT) held in 2008 the first Workshop in Security and Human Behavior, with participants from a broad swath of disciplines including economics, psychology and more.
4:46 AM (4 hours ago)
Encryption top IT security initiative in 2009
from Network World on Security by Ellen Messmer
Encryption seen as biggest IT security initiative in 2009, according to a Forrester Research survey.
Dec 25, 2008 4:49 AM
Secure Your Vista PC in 10 Easy Steps
from Network World on Security
While Windows Vista may be Microsoft's most secure operating system ever, it's far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall, or for some nefarious bot to tweak your browser settings without your knowing. But by making a few judicious changes using the security tools within Windows Vista--and in some cases by adding a few pieces of free software--you can lock down your operating system like a pro.
Dec 30, 2008 12:48 PM
The security imperative
from Network World on Security
Leslie Lambert, vice president and chief information security officer at Sun Microsystems Inc., returned from a three-week business trip to India with a few souvenirs and a whole new set of IT security priorities for 2009.
Dec 31, 2008 (6 days ago)
Securing DNS should trump budget-cutting for enterprise IT, experts say
from Network World on Security by Denise Dubie
With economic concerns weighing heavy on enterprise IT executives' minds in 2009, revamping DNS systems might not seem like a top priority. Infoblox offers reasons why DNS should stay top-of-mind in 2009.
4:46 AM (4 hours ago)
Is your data center ready for tomorrow's applications?
from Network World on Security
Click here to see what Gartner, Network World and other experts say about the new data center.
6:31 AM (2 hours ago)
WITOOL v0.1 - GUI Based SQL Injection Tool in .NET
from Darknet - The Darkside by Darknet
WITOOL is an graphical based SQL Injection Tool written in dotNET. - For SQL Server, Oracle - Error Base and Union Base Interface Features Retrieve schema : DB/TableSpace, Table, Column, other object Retrieve data : retrive paging, dump xml file Log : View the raw data HTTP log Environment OS: Windows 2000/XP/VISTA Requirement: Microsoft...
Jan 5, 2009 (18 hours ago)
Tim Callan: MD5 Hack Interesting, But Not Threatening
from SecurityFocus News
MD5 Hack Interesting, But Not Threatening
Jan 5, 2009 (20 hours ago)
Brief: Survey: One in seven SSL certificates are weak
from SecurityFocus News
Survey: One in seven SSL certificates are weak
Dec 30, 2008 10:31 AM
News: Group attacks flaw in browser crypto security
from SecurityFocus News
Group attacks flaw in browser crypto security
Sound Practice in Intrusion Detection & Prevention using NitroSecurity
from SANS Technology Institute - Security Laboratory
This paper investigates sound practices in intrusion detection and prevention, from IDS and IPS deployment considerations, to pushing the boundaries of IPS (with examples of advanced prevention techniques, specifically blocking the Kaminsky DNS cache poisoning exploit), and business applications.
--Aurora Report says that's all folks. Hopefully in going around the horn we touched all the bases, this has been the gala issue, so you might have noticed it is rather larger than a normal days worth of morning reading. Look forward to tomorrow and number two which will hopefully be a more palatable, quick, and informative read.
Subscribe to:
Post Comments (Atom)
My Blog List
-
Confused by All of Google's AI Tools? We Break Down 13 of Them - CNET - Google unveiled a bunch of AI tools at Google I/O, so here's a rundown of what they are.
-
Google Ups Its AI Game With Project Astra, AI Overviews and Gemini Updates - CNET - As Google Gemini matures, it's infiltrating search and turning AI assistants into AI agents. Here's what got talked up at Google I/O.
2 hours ago -
-
Cybersec chiefs team up with insurers to say 'no' to ransomware bullies - Guidebook aims to undermine the criminal business model The latest effort to reduce the number of ransom payments sent to cybercriminals in the UK involve...4 hours ago
-
How Did Authorities Identify the Alleged Lockbit Boss? - Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the ...1 day ago
-
Anybody knows that this URL is about? Maybe Balena API request?, (Wed, Feb 7th) - Yesterday, I noticed a new URL in our honeypots: /v5/device/heartbeat. But I have no idea what this URL may be associated with. Based on some googleing, I ...3 months ago
-
Best EDR Of The Market (BEOTM) – Endpoint Detection and Response Testing Tool - BestEDROfTheMarket is a naive user-mode EDR (Endpoint Detection and Response) tool designed to serve as a testing ground4 months ago
-
My Last Email with W. Richard Stevens - In the fall of 1998 I joined the AFCERT. I became acquainted with the amazing book *TCP/IP Illustrated, Volume 1: The Protocols* by W. Richard Stevens...
10 months ago -
Comic for March 12, 2023 - Dilbert readers - Please visit Dilbert.com to read this feature. Due to changes with our feeds, we are now making this RSS feed a link to Dilbert.com.1 year ago
-
87% of Container Images in Production Have Critical or High-Severity Vulnerabilities - At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.1 year ago
-
Vulnerability Summary for the Week of November 29, 2021 - Original release date: December 6, 2021 High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info abb -- rtu50...2 years ago
-
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus - Original release date: December 2, 2021 Summary *This joint Cybersecurity Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (AT...2 years ago
-
20 years of CGISecurity: What appsec looked like in the year 2000 - Just realized that 20 years have passed since I started this site to learn more about web security threats. What 'appsec' looked like in 2000 OWASP didn't ...3 years ago
-
Ransomware: Why one city chose to the pay the ransom after falling victim - Posted by InfoSec News on Aug 12 https://www.zdnet.com/article/ransomware-why-one-city-chose-to-the-pay-the-ransom-after-falling-victim/ By Danny Palmer Z...3 years ago
-
What the newly released Checkra1n jailbreak means for iDevice security - There are reasons to embrace it. There are reasons to be wary of it. Here's the breakdown.4 years ago
-
Privacy and Mobile Device Apps - Original release date: July 9, 2019 | Last revised: November 15, 2019 What are the risks associated with mobile device apps? Applications (apps) on your sm...4 years ago
-
44CON 2018 - 12th-14th September, London (UK) - Posted by Steve on Feb 28 44CON 2018 is the UK's best annual Security Conference and Training event. The conference spans 2.5 days with training on the 1...6 years ago
-
Cryptopp Crypto++ 5.6.4 octets Remote Code Execution Vulnerability - Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the leng...6 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
vTech – ignorance is no defence (and neither are weasel words) - This morning, Troy Hunt published a blog post alerting to a recent change in the Terms & Conditions published by children’s toy manufacturer vTech. The cha...8 years ago
-
DOJ probing claims U.S. drug agency 'collaborated' with NSA on intelligence - The U.S. Justice Dept. said it was "looking into the issues" raised by an Reuters story, that one of its law enforcement agencies collaborated with the NSA...10 years ago
-
-
-
-
-
-
-
-
-
Posts
No comments:
Post a Comment