Saturday, April 18, 2009

Around The Horn vol.1,84

Microsoft Security Advisory (969136): Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution

Revision Note: Advisory publishedSummary: Microsoft is investigating new reports of a vulnerability in Microsoft Office PowerPoint that could allow remote code execution if a user opens a specially crafted PowerPoint file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

MS09-016 - Important: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability and a publicly disclosed vulnerability in Microsoft Internet Security and Acceleration (ISA) Server and Microsoft Forefront Threat Management Gateway (TMG), Medium Business Edition (MBE).

MS09-015 – Moderate: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Bulletin Severity Rating:Moderate - This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances.

MS09-014 - Critical: Cumulative Security Update for Internet Explorer (963027)

Bulletin Severity Rating:Critical - This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-013 - Critical: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Bulletin Severity Rating:Critical - This security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities in Microsoft Windows HTTP Services (WinHTTP). The most severe vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-012 - Important: Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Bulletin Severity Rating:Important - This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker is allowed to log on to the system and then run a specially crafted application. The attacker must be able to run code on the local machine in order to exploit this vulnerability. An attacker who successfully exploited any of these vulnerabilities could take complete control over the affected system.

MS09-011 – Critical: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft DirectX. The vulnerability could allow remote code execution if user opened a specially crafted MJPEG file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS09-010 - Critical: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)

Bulletin Severity Rating:Critical - This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Office Word. Do not open Microsoft Office, RTF, Write, or WordPerfect files from untrusted sources using affected versions of WordPad or Microsoft Office Word.

MS09-009 - Critical: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)

Bulletin Severity Rating:Critical - This security update resolves a privately reported and a publicly disclosed vulnerability. The vulnerabilities could allow remote code execution if the user opens a specially crafted Excel file. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

April 2009 Security Bulletin Webcast Video

By MSRCTEAM on video

Hello again,

This is Jerry Bryant letting you know that we have published the security bulletin webcast video. As you know, on Tuesday, we published a quick overview of the 8 bulletins we released on that day. Yesterday we conducted a live, public webcast, where we went in to more detail on each bulletin. The recording from that webcast is embedded below. Usually we include the questions and answers portion along with this but this month we will point you to the transcript which should be published here by tomorrow.

More viewing options:

As always, we encourage you to register for and attend our monthly bulletin webcasts by going to http://www.microsoft.com/technet/security/current.aspx where you will find the registration links and other valuable security update information.

Thanks!

Jerry Bryant…

Windows Passwords: Making them Secure (Part 1)

By (Derek Melber)

What you can do to increase security for your passwords.

Critical Patch Update - April 2009

Oracle Security Update

Alert #68, Rev 3, 27 December 2004. Patches are available on MetaLink.

Buffer Overflow in iSQL*Plus (Oracle9i Database Server)

Alert #46, Rev 3, 11 November 2002. Patches are available on MetaLink.

Security Vulnerabilities in Oracle9i Application Server

Alert #47, Rev 3, 23 July 2003. Follow the workarounds as specified in the Alert.

Load Balancing Visibility with vSphere and Alarms

By vmtn@vmware.com (VMTN) on VMTN Blogs

As you probably all know by now, virtualization is about to take another giant leap. With the upcoming announcements more and more details of vSphere are starting to pop up in the blogosphere. There are two items, which deserve some...

Mike Yaffe, Director of Product Marketing, Core Security Technologies.

Most of the interviews that we have done in this series have been focused on technical people, but we believe Mike Yaffe is a game changer.

Snort 3.0 Beta 3 for Analysts

Category: Intrusion Detection

Paper Added: April 15, 2009

Internet Storm Center Podcast Episode Number Fourteen, (Fri, Apr 17th)

Hey everyone, sorry it has taken so long to get around to recording another podcast episode! E ...(more)...

Guess what? SSH again!, (Fri, Apr 17th)

Our DShield data shows that password guessing attacks against SSH keep going strong. As if this alon ...(more)...

Strange Windows Event Log entry, (Thu, Apr 16th)

Checking our Bigbrother monitor we noticed some Security Event Log entries that seemed to indicate s ...(more)...

Some conficker lessons learned, (Thu, Apr 16th)

These are the lessons learned from a conficker outbreak at an academic campus. Thanks for writing in ...(more)...

Incident Response vs. Incident Handling, (Thu, Apr 16th)

One of the things that comes ups frequently in discussion is the difference between incident respons ...(more)...

2009 Data Breach Investigation Report, (Wed, Apr 15th)

UPDATE One of our readers pointed out that there is a mystery phrase at the bottom of page 48 in t ...(more)...

Keeping your (digital) archive , (Tue, Apr 14th)

Steve posted a link to a story about NASA's effort to read a bunch of tapes from the 60s: http://ww ...(more)...

Bugtraq: ERNW Security Advisory 01-2009: XSS in Blackberries Mobile Data Service Connection Service (SecurityFocus Vulnerabilities)

Brief: Swedish courts find The Pirate Bay guilty (SecurityFocus News)

NHS in move to stem data breaches (NetworkWorld Security)

Twitter worm author gets security job (The Register)

09.16.10 Microsoft WinHTTP Integer Underflow Memory Corruption Remote Code Execution (SANS @Risk)

New Frontiers in Biometrics (Schneier blog)

Rogues besmirch F-Secure with dodgy ad campaign (The Register)

Vuln: TYPO3 pmkrssnewsexport and cmrdfexport Extensions Unspecified SQL Injection Vulnerability (SecurityFocus Vulnerabilities)

Microsoft: The Internet needs more trust to grow (NetworkWorld Security)

CVE-2009-1285 (phpmyadmin) (Natl. Vulnerability Database)

Guess what? SSH again!, (Fri, Apr 17th) (InternetStormCenter)

CVE-2009-1119 (replistor) (Natl. Vulnerability Database)

Vuln: Opencosmo VisualSentinel User Agent HTML Injection Vulnerability (SecurityFocus Vulnerabilities)

3 Smartphone Security Considerations for Enterprises (E-Week Security)

Phishers get more wily as cybercrime grows (Reuters) (Yahoo Security)

Brief: Organized crime focuses on the big score (SecurityFocus News)

Creating a Public Nuisance with Insecure Web Sites (SecurityFix Blog)

MagicISO CCD/Cue Local Heap Overflow Exploit PoC (milw0rm)

Vuln: Jamroom 't' Parameter Local File Include Vulnerability (SecurityFocus Vulnerabilities)

NetHoteles 3.0 (ficha.php) SQL Injection Vulnerability (milw0rm)

Researchers dissect world's first Mac botnet (The Register)

Mac Trojan Builds Botnet, Symantec Researchers Say (E-Week Security)

Hackers Test Limits of Credit Card Security Standards (SecurityFix Blog)

Strange Windows Event Log entry, (Thu, Apr 16th) (InternetStormCenter)

Encrypt more data with latest SecuriKey version (NetworkWorld Security)

Mebroot: The Stealthiest Rootkit in the Wild? (E-Week Security)

CVE-2009-1006 (jrockit) (Natl. Vulnerability Database)

Bugtraq: Secunia Research: Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow (SecurityFocus Vulnerabilities)

Excel bulletin stars in Microsoft patch batch (The Register)

Stealthy Rootkit Slides Further Under the Radar (PC World) (Yahoo Security)

Data Breaches Continue to Soar (E-Week Security)

TA09-105A: Oracle Updates for Multiple Vulnerabilities (US-CERT Techalerts)

Amazon.co.uk opts out of Phorm deep packet tracking (NetworkWorld Security)

Zervit Webserver 0.02 Remote Buffer Overflow PoC (milw0rm)

With Budgets Tight, US Companies Still Plan to Spend on IT Security (April 13, 2009) (SANS Newsbites)

Scammers use Ford to drive users to scareware sites (The Register)

Job2C 4.2 (profile) Remote Shell Upload Vulnerability (milw0rm)

Microsoft Fixes 23 Software Security Flaws (SecurityFix Blog)

Snort 3.0 Beta 3 for Analysts (SANS Reading Room)

What Are Microsoft's Intentions Vis-a-Vis the Old Office File Formats? (E-Week Security)

2009 Data Breach Investigation Report, (Wed, Apr 15th) (InternetStormCenter)

How to Write a Scary Cyberterrorism Story (Schneier blog)

April Shower of Critical Microsoft Fixes (NetworkWorld Security)

UC security: When the shoe doesn't fit -- compress the foot (NetworkWorld Virus/Worms)

Spam e-mails killing the environment, McAfee report says (NetworkWorld Security)

Computer Attackers Target Popular Sites In Quest For Profit (Investor's Business Daily) (Yahoo Security)

CVE-2009-1268 (wireshark) (Natl. Vulnerability Database)

Vuln: Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability (SecurityFocus Vulnerabilities)

Student sentenced for F#$%ed up grade hack (The Register)

ISC StormCast for Friday, April 17th 2009

ISC StormCast for Thursday, April 16th 2009

ISC Podcast Episode 14

IG Report: Customs and Border Patrol Did Not Provide Sufficient Data For Review (April 13, 2009)

According to a report from US Department of Homeland Security (DHS) Inspector General (IG) Richard L.......

NIST Publishes Draft eVoting Machines Guidelines (April 13, 2009)

The National Institute of Standards and Technology (NIST) has released a draft of voluntary standards for electronic voting machines.......

With Budgets Tight, US Companies Still Plan to Spend on IT Security (April 13, 2009)

The results of a survey from Robert Half Technology indicate that a majority of companies plan to invest in IT security projects despite the tough economy.......

Missing Laptop Holds Sensitive Ministry of Defence Information (April 12 & 13, 2009)

The UK Ministry of Defence (MoD) has admitted that a laptop computer containing sensitive SAS (Special Air Service) information is missing.......

NZ Privacy Commissioner Expresses Concern About Job Applicant Data Retention (April 12, 2009)

New Zealand's Privacy Commissioner has warned that employers and companies that conduct background checks on potential employees may be violating the country's Privacy Act.......

NC Hospital Patient Data on Computer Stolen in Georgia (April 13, 2009)

Officials at Moses Cone Health System in Greensboro, NC have begun notifying more than 14,000 patients that their personal information was on a laptop computer stolen while in the possession of consulting firm VHA.......

Borrego Springs (CA) Bank Warns Customers of Account Data Compromise (April 10 & 11, 2009)

Borrego Springs Bank in California has sent letters to all its customers, warning them that their bank account information was compromised when seven laptop computers were stolen from the Laguna Hills office of Vavrinek, Trine, Day and Co.......

Gexa Informs Customers of Year-Old Data Breach (April 1, 10, & 11)

Gexa Energy is just now informing its customers that their personally identifiable information may have been compromised in a data security breach last spring.......

Conficker Infects Computers at University of Utah (April 10 & 12, 2009)

More than 700 computers at the University of Utah are known to be infected with the Conficker worm.......

NY Teen Says He Created Twitter Worm (April 12, 2009)

A New York teenager has claimed responsibility for a Twitter worm that began spreading over the weekend.......

Chemical Facility Anti-Terrorism Standards Good Model for Compliance (April 9, 2009)

Safety and security practices established at US chemical facilities in response to DHS's Chemical Facility Anti-Terrorism Standards (CFATS) could translate well to other industries.......

Mikeyy, a dish best served cold?

By Rik Ferguson on Twitter

It looks like a hackers collective calling themselves /bin/sh have hacked into a server hosting a domian registered to the same Mikeyy who claimed responsibility for the StalkDaily worm that recently caused so much trouble for Twitter users.    image credit: www.wevebeenframed.com   The hacking group have posted their ill-gotten gains on the Full Disclosure list, and accoring to a coincidental interview [...]

UK Government Fear Hacker Thief

By Rik Ferguson on snooping

According to an article published today by PR Week, The Parliamentary Labour Party in the UK are increasingly worried that an email account belonging to Derek Draper has been compromised.   According to the article there have recently been “three or four” stories made public which could only have resulted from an unknown party having access to [...]

Microsoft Partners With Network Security Vendors For 'Stirling'

Microsoft releases new Stirling beta, announces first Forefront security service

Open Source Metrics On Tap For Security Patch Management

New metrics model will help organizations measure the efficiency and cost of their patch management processes

Study: Despite Increased Security Spending, Severity Of Breaches Is On The Increase

CompTIA study says severity of breaches is increasing despite increased investment in tools, training

Attack Sneaks Rootkits Into Linux Kernel

Black Hat Europe researcher to demonstrate stealthier method of hacking Linux

Charles Web Debugging Proxy - HTTP Monitor & Reverse Proxy

By Darknet on web-security

Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information). Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you to...

Multiple Bugs In Anti-Virus Software Revealed

By Darknet on symantec

A spate of bugs have popped up recently in quite a few of the major anti-virus brands, some are old bugs which have just been made public and some are apparently new bugs - just discovered. Nothing too serious it seems (no remote takeover vulnerabilities) mostly just crashes and annoyances. Included are Symantec’s Norton Anti-virus,...

Lynis 1.2.6 Released - UNIX System & Security Auditing Tool

By Darknet on unix security

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability...

Hacking internet backbones - its easier than you think

Posted by InfoSec News on Apr 17

http://www.theregister.co.uk/2009/04/16/internet_backbone_hacking/

By Dan Goodin in San Francisco
The Register
16th April 2009

Network backbone technologies used to route traffic over large corporate
networks are vulnerable to large-scale hijacking attacks, according to
two researchers...

10 easy steps to writing the scariest cyberwarfare article ever

Posted by InfoSec News on Apr 17

http://neteffect.foreignpolicy.com/posts/2009/04/11/writing_the_scariest_article_about_cyberwarfare_in_10_easy_steps

By Evgeny Morozov
Foreign Policy
04/11/2009

1. You need a catchy title. It pays to cannibalize on some recent tragic event
from the real world; adding "cyber" to its...

Documents: FBI Spyware Has Been Snaring Extortionists and Hackers for Years

Posted by InfoSec News on Apr 17

http://blog.wired.com/27bstroke6/2009/04/fbi-spyware-pro.html

By Kevin Poulsen
Threat Level
Wired.com
April 16, 2009

A sophisticated FBI-produced spyware program has played a crucial
behind-the-scenes role in federal investigations into extortion plots,
terrorist threats and hacker...

Oracle issues quarterly set of patches

Posted by InfoSec News on Apr 17

http://gcn.com/articles/2009/04/16/oracle-vulnerabilities.aspx

By Joab Jackson
GCN.com
April 16, 2009

Oracle has released the latest quarterly round of critical patches for
its products.

Among the software products being patched are Oracle Database versions
9i, 10g, and 11G, the Oracle...

Researcher finds possible bug in Apples iPhone

Posted by InfoSec News on Apr 17

http://www.networkworld.com/news/2009/041609-researcher-finds-possible-bug-in.html?hpg1=bn

By Jeremy Kirk
IDG News Service
04/16/2009

Famed Mac hacker Charlie Miller has found another possible security
vulnerability in Apple's iPhone.

Miller, a principal security analyst at Independent...

Secunia Weekly Summary - Issue: 2009-16

Posted by InfoSec News on Apr 17

========================================================================

                  The Secunia Weekly Advisory Summary
...

Evidence suggests first zombie Mac botnet is active

Posted by InfoSec News on Apr 17

http://arstechnica.com/apple/news/2009/04/evidence-suggests-first-zombie-mac-botnet-is-active.ars

By Chris Foresman
Ars Technica
April 16, 2009

If you let yourself get tempted into installing the pirated versions of
iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year,...

Programmers accused of hacking 2.3 million IDs

Posted by InfoSec News on Apr 16

http://joongangdaily.joins.com/article/view.asp?aid=2903657

By Park Yu-mi, Kim Mi-ju
JoongAng Daily
April 16, 2009

Two computer programmers were indicted yesterday on charges of hacking
into Web sites and obtaining personal data of 2.3 million persons and
using part of that information to...

Attention Symantec: theres a bug crawling on your website

Posted by InfoSec News on Apr 16

http://www.theregister.co.uk/2009/04/15/symantec_xss_bugs/

By Dan Goodin in San Francisco
The Register
15th April 2009

Symantec has been outed for hosting gaping security holes on its website
that could allow miscreants to remotely execute malicious code on the
computers of people who...

Re: New Attack Sneaks Rootkits Into Linux Kernel

Posted by InfoSec News on Apr 16

Forwarded from: Kristian Erik Hermansen <kristian.hermansen (at) gmail.com>

I met Anthony and saw this same talk previewed at the Southern
California Linux Expo (SCALE), where I was also speaking.

Abstract:
http://scale7x.socallinuxexpo.org/conference-info/speakers/anthony-lineberry

...

How secure is the U.S. communications network?

Posted by InfoSec News on Apr 16

http://news.cnet.com/8301-1035_3-10217550-94.html

By Marguerite Reardon
Wireless
CNews News
April 13, 2009

A simple snip of a few fiber-optic communications cables left thousands
of people in Silicon Valley and throughout parts of the San Francisco
Bay Area without phone, Internet, or...

More Insecurity At Lawrence Livermore Lab

Posted by InfoSec News on Apr 16

http://voices.washingtonpost.com/government-inc/2009/04/more_insecurity_at_nuke_lab.html

By Robert O'Harrow
Government Inc.
The Washington Post
April 15, 2009

The Government Accountability Office is taking aim at continuing
problems with security at Lawrence Livermore National Laboratory,...

Journalists breached security to eavesdrop on G20 talks

Posted by InfoSec News on Apr 16

http://www.irishtimes.com/newspaper/world/2009/0415/1224244719670.html

By BERTRAND BENOIT in Berlin and ALEX BARKER in London
The Irish Times
April 15, 2009

THREE GERMAN journalists breached the tight security cordon around the
April 2nd G20 summit in London and managed to eavesdrop on the...

Microsofts April security patch

Posted by InfoSec News on Apr 16

http://gcn.com/articles/2009/04/15/microsoft-april-security-patch.aspx

By Jabulani Leffall
GCN.com
April 15, 2009

Microsoft has rolled out eight fixes in its monthly security release
that addressing 23 vulnerabilities. The volume of security bulletins in
the April patch marks this release...

PIN Crackers Nab Holy Grail of Bank Card Security

Posted by InfoSec News on Apr 15

http://blog.wired.com/27bstroke6/2009/04/pins.html

By Kim Zetter
Threat Level
Wired.com
April 14, 2009

Hackers have crossed into new frontiers by devising sophisticated ways
to steal large amounts of personal identification numbers, or PINs,
protecting credit and debit cards, says an...

New Attack Sneaks Rootkits Into Linux Kernel

Posted by InfoSec News on Apr 15

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=216500687

By Kelly Jackson Higgins
DarkReading
April 14, 2009

Kernel rootkits are tough enough to detect, but now a researcher has
demonstrated an even sneakier method of hacking Linux.

The attack attack...

Get Smart: Exxon Outfits CEO With âSecureâ Phone

Posted by InfoSec News on Apr 15

http://blogs.wsj.com/environmentalcapital/2009/04/13/get-smart-exxon-outfits-ceo-with-secure-phone/

By Keith Johnson
Environmental Capital
Wall Street Journal
April 13, 2009

The whole country is now worried about the specter of cyber attacks that
will bring down the electricity grid. Big...

CFP: 2009 ACM Cloud Computing Security Workshop (CCSW) at CCS

Posted by InfoSec News on Apr 15

Forwarded from: Radu Sion <sion (at) moon.crypto.cs.stonybrook.edu>

2009 ACM Cloud Computing Security Workshop (CCSW) at CCS
13 November 2009, Hyatt Regency Chicago
http://crypto.cs.stonybrook.edu/ccsw09

Notwithstanding the latest buzzword (grid, cloud, utility computing,
SaaS, etc.),...

Chinese National Arrested For Source Code Theft

Posted by InfoSec News on Apr 15

http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=216500695&subS

By Thomas Claburn
InformationWeek
April 14, 2009

A Chinese citizen on a work visa in the United States was arrested by
the FBI last week for allegedly revealing proprietary software code...

Brutish SSH attacks continue to bear fruit
Blame the noobs

The number of attacks against secure shells protecting Linux boxes, internet routers and other network devices has continued to climb over the past several years, an indication that they still bear fruit for the miscreants who mount them.…

Football lottery scam targets UK punters
Big Cup con

Fans of Chelsea, Arsenal and Manchester United are being targeted in a new email scam that attempts to trick recipients into sending premium rate text-messages in the hope of winning non-existent Champions League final ticket prizes.…

Conficker botnet wake up call only pinged zombie minority
Resident evil

The effective size of the Conficker botnet might be far smaller than previously thought.…

Twitter worm author gets security job
Teen causes chaos, employed, hacked

The self-confessed author of the recent Twitter worm has scored a potentially lucrative job doing security analysis and web development work.…

Dixon of Threadneedle Street plan threatens confusion
Hosing down cybercrims with alphabet soup

City of London police are to trial the use of specialist squads to tackle data theft and other crimes against business.…

Rogues besmirch F-Secure with dodgy ad campaign
Dirty deeds done dirt cheap

Miscreants have attempted to trick users interested in finding out more about Finnish security firm F-secure into buying a rogue utility.…

Hacking internet backbones - it's easier than you think
'Disastrous havoc' made easy

Network backbone technologies used to route traffic over large corporate networks are vulnerable to large-scale hijacking attacks, according to two researchers who released freely available software on Thursday to prove their point.…

Fake SMS snoop utility turns spies into zombies
Bite back

A new variant of the infamous Waledac botnet client doing the rounds poses as a utility that allows would-be snoops to view other other people's SMS messages online.…

Hackers develop 'memory-scraping malware' to steal PINs
They are probably watching you now and laughing

More personal data records were breached last year than the previous four years combined, thanks to increased hacker activity rather than insider threats.…

Researchers dissect world's first Mac botnet
When zombie Macs attack

Fresh research has shed new light on the world's first Mac OS X botnet, which causes infected machines to mount denial of service attacks.…

Mac and Linux Bastilles assaulted by new attacks
No one here gets out alive

A set of recently discovered security holes in Mac and Linux platforms reminds those over-confident in their superior protection that no one is immune to vulnerabilities.…

Microsoft supplies Interpol with DIY forensics tool
Cofee to the rescue

Interpol plans to distribute a Microsoft DIY computer forensics tool to its 187 member countries under an agreement announced Wednesday.…

Microsoft Office for Mac fix falls at first hurdle
If at first you can't install, re-install

Updated Microsoft on Tuesday released an Office 2008 for Mac 12.1.7 update. By Wednesday, some fundamental problems with its installing had surfaced.…

Attention Symantec: there's a bug crawling on your website
XSS strikes again

Symantec has been outed for hosting gaping security holes on its website that could allow miscreants to remotely execute malicious code on the computers of people who visit it.…

McAfee: Save the planet - use a spam filter
Junk mail makes monster carbon emissions? Oh noes!

Spam is more than a nuisance - it's damaging to the environment, according to net security firm McAfee.…

Scammers use Ford to drive users to scareware sites
Mondeo man offered malware by black-hat SEO fiends

Scareware scammers are trying to game search engines into promoting crudware sites when a surfer searches for information on Ford cars.…

Excel bulletin stars in Microsoft patch batch
8 fixes, but no PowerPoint prob plug

Microsoft released eight patches, five critical, on Tuesday as part of its regular Patch Tuesday update cycle.…

Student sentenced for F-#$%ed up grade hack
Act of God clods

A university student in Florida on Tuesday was sentenced to 22 months in prison for his role in a bungled scheme to hack into his school's computer system and make hundreds of grade changes.…

Open Source SSL Acceleration

By Robert A. on Tools

"SSL acceleration is a technique that off-loads the processor intensive public key encryption algorithms used in SSL transactions to a hardware accelerator. These solutions often involve a considerable up front investment as the specialized equipment is rather costly. This article though looks at using off the shelf server hardware and open...

Microsoft April patch tuesday addresses 8 security issues

By Robert A. on Vulns

"MS09-010 Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) This security update resolves two publicly disclosed vulnerabilities and two privately reported vulnerabilities in Microsoft WordPad and Microsoft Office text converters. The vulnerabilities could allow remote code execution if a specially crafted file is opened in WordPad...

Mac Malware In The News

By David Marcus on Malware Research

There has been a bit of chatter today about the first ever Mac-based botnet. This piece of malware actually appeared back in January of this year. Quite frankly there is not any functionality in this “bot” (some would simply call it a remote access trojan but let’s not split hairs OK!!) that we have not seen [...]

The Carbon Footprint of Spam

By David Marcus on Spam and Phishing

Today McAfee has released The Carbon Footprint of Email Spam Report. The study looks at the global energy expended to create, store, view, and filter spam across 11 countries: Australia, Brazil, Canada, China, France, Germany, India, Mexico, Spain, the United States, and the United Kingdom. The report correlates the electricity spent on spam with its [...]

Brief: Swedish courts find The Pirate Bay guilty

Swedish courts find The Pirate Bay guilty

Brief: Organized crime focuses on the big score

Organized crime focuses on the big score

Brief: Microsoft patches a passel of flaws

Microsoft patches a passel of flaws

Conficker worm much smaller than feared

By Robert Westervelt

Kaspersky Lab researchers found a small number of unique IP addresses on the peer-to-peer network, suggesting the worm isn't as large as previously thought.

Security budget issues to resonate at RSA Conference

By Robert Westervelt

Increasing pressure to cut costs coupled with new compliance demands could have CISOs looking for answers at the 2009 RSA Conference.

Cloud computing group to face challenges ahead

By Eric Ogren

The Cloud Security Alliance will need to sharpen its focus if it expects to contribute useful information and foster a discussion around security in the cloud.

Attackers cash in on fundamental data handling mistakes, Verizon finds

By Neil Roiter

Large data breaches are the result of sophisticated, targeted external attacks that exploit basic errors, according to the latest data breach investigation report from Verizon.

Oracle issues 43 updates, fixes serious database flaws

By Robert Westervelt

Oracle's quarterly Critical Patch Update contained patches for 16 database flaws and dozens of others correcting errors in Oracle Application Server and its BEA product line.

Bejtlich to Keynote at SANS Forensics and Incident Response 2009

By Richard Bejtlich

I am pleased to announce that I will return to SANS in 2009 to provide another keynote at the second SANS WhatWorks Summit in Forensics and Incident Response. I published Thoughts on 2008 SANS Forensics and IR Summit last year. Rob Lee did a great job organizing the 2008 event and I expect the 2009 event to be excellent as well. This 2-day summit will be held at The Fairmont in Washington, D.C. on 6-7 July.

Microsoft: The Internet needs more trust to grow

The Internet needs to be more trustworthy if it wants to grow, according to Microsoft's senior security executive, Scott Charney.

College student fights warrant seizing his computer

Boston College is finding itself in the middle of a controversy over its handling of a case involving a student who allegedly sent an e-mail claiming that a fellow student was gay and used a college computer network to change grades.

Study: Mistakes, Not Insiders, to Blame for Most Breaches

2008 was a banner year for security breaches, according to new research from Verizon. And while many security vendors have been banging the drum about the threat of malicious insiders, this report indicates organizations should be more wary of outside attacks.

Black Hat 'supertalk' halted due to vendor concerns

The Black Hat security conference is full of drama again in Amsterdam, with the last-minute cancellation of a presentation by a group of researchers scheduled to reveal a dangerous software vulnerability.

Queensland trains go wireless

The Queensland government will rollout A$4 million (US$2.9 million) worth of state-wide wireless Internet access for the CityTrain network to unify management of its 6000 security cameras.

Is Spam Really Threatening Earth? I Don't Believe It

Just when we thought the world was facing about as many threats as any one planet should have to contend with comes word that spam could be a source of global warming.

Researcher finds possible bug in Apple's iPhone

Famed Mac hacker Charlie Miller has found another possible security vulnerability in Apple's iPhone.

Cybercriminals target ISPs in developing APJ countries

Recent research by information security vendor Symantec has shown that Internet service providers (ISP) in developing countries in the Asia Pacific and Japan region are at risk of being targeted by cyber criminals.

The state of spam 2009, Part 3

Cloudmark CTO Jamie de Guerre continues his response to the question of what has changed in the battle against spam in the last year, discussing free content-hosting services, compromised accounts at Webmail providers and new-media spam.

Can a cloud be more secure than a corporate data center?

The Jericho Forum next week plans to release its spin on the security of cloud computing with the perhaps surprising belief that using a cloud can actually be more secure than running applications and databases out of corporate data centers.

Microsoft targets public safety

In remarks addressed to a public safety conference on Wednesday, Microsoft's chief operating officer defended the company's increased investment in research and development.

Encrypt more data with latest SecuriKey version

When last we heard from the folks at GT SecuriKey, the makers of the hardware-software combo for securing laptops had just come out with a bundle aimed at mobile Mac users who also ran Windows on their portables via Boot Camp. Now the cross-platform data security company is updating all of its Mac offerings, with enhanced data encryption features in the latest version of SecuriKey.

Amazon.co.uk opts out of Phorm deep packet tracking

Amazon.co.uk has opted out of the Webwise deep packet inspection system being used by British telecommunications operator BT to target online advertising, the on-line store said Wednesday.

Deleted Data Drives New Data Breaches

According to a new report on data breaches from Verizon Business, cyber criminals are no longer attacking where the credit card files are, but where they once were.

Oracle delivers major security patch update

Oracle released 43 security fixes on Tuesday for a range of applications, including its flagship database, Oracle Application Server, E-Business Suite, PeopleSoft Enterprise and WebLogic Server.

Botnets: Reasons It's Getting Harder to Find and Fight Them

The perpetual proliferation of botnets is hardly surprising when one considers just how easy it is for the bad guys to hijack computers without tipping off the users.

CDT: Privacy, transparency needed in cybersecurity policy

U.S. President Barack Obama's administration and Congress will have to address major civil liberties and transparency concerns as they create new policies to tackle ongoing cybersecurity vulnerabilties in the government and private industry, a digital rights group said.

The dangerous Web

Worldwide malicious code activity reached alarming figures last year, said information security vendor Symantec.

Spam e-mails killing the environment, McAfee report says

If annoying users and wasting their time wasn't bad enough, spam e-mails are also responsible for clogging our atmosphere with carbon dioxide, a gas that shoulders much of the blame for global warming, according to a report commissioned by antivirus vendor McAfee.

Pimp my directory

A reference came in just after I'd written last month's lament about the lack of new endeavors in the realm of directory services. I put it aside, but it's worth taking a look at now.

Microsoft patches 'insane' number of bugs

Microsoft Corp. Tuesday issued eight security updates that patch 23 vulnerabilities in Windows, Internet Explorer (IE), Excel and other parts of its software portfolio, a collection of fixes one researcher called "insane."

ForeScout doubles NAC management reach

A software upgrade for ForeScout’s CounterACT NAC platform will enable it to manage 400,000 endpoints, double the number of previous software releases.

Privacy rules slow adoption of electronic medical records

In a study that is unlikely to find favor among privacy advocates, researchers from two academic institutions warned that increased privacy protections around health data will hamper the adoption of electronic medical records systems.

Conficker group says worm 4.6 million strong

Security experts say that the Conficker worm has infected an awful lot of computers, making it the largest "botnet" of hacked computers on the planet. The thing they can't seem to agree on, however, is exactly how many people have been hit.

April Shower of Critical Microsoft Fixes

Microsoft Tuesday released patches for a variety of critical holes in Excel, Internet Explorer, WordPad and other Windows operating system and application components. Some of the flaws are already under active attack.

Crossbeam Systems to Present at Fifth Annual America's Growth Capital Information Security Conference

Ampex Data Systems Selected to Supply High-Definition Video Recorder System for ISR Project Liberty

Virginia Man Pleads Guilty to Selling Counterfeit Software

Will Kutcher Butcher Twitter?

So Twitter hit a milestone, with one user racking up 1 million followers. Does this mean it's no fun anymore?

Researcher Offers Tool to Hide Malware in .Net

.Net-sploit can hide rootkits in a framework untouched by security software, where they can affect many applications

The Pirate Bay Four Found Guilty

The court has sentenced them to a year in prison and ordered them to pay damages of 30 million Swedish kronor.

Microsoft: The Internet Needs More Trust to Grow

Software vendor will update its End-to-End Trust vision at RSA next week.

Cellcrypt Secure VoIP Heading to BlackBerry

The U.K. company has opened a Silicon Valley office and plans a RIM application this quarter

Samsung, Dell Provide Data Encryption for SSDs

Dell said it would offer the self-encrypting Samsung SSDs with its Latitude line of laptops in the upcoming months

Undercover Can Track Down Your Lost or Stolen IPhone, Kinda

Orbicule, longtime purveyor of theft-tracking software for the Mac, now wants to help keep an eye on your iPhone or iPod...

Web Content Management Staying Strong in Recession

But many companies aren't satisfied with their implementations, according to a Forrester report

DOJ: US Government Exceeded Surveillance Authority

A statement from the department follows a Wednesday New York Times report on the issue

Microsoft Improves, Rebrands Managed Security Offering

The new Stirling beta is due this week and the company is also spending $75 million on partner programs'Through the Looking Glass' Game Resurrected for IPhone

The Macintosh's first game was called "Through the Looking Glass." Sometimes referred to as "Alice," It featured pieces that...

Black Hat 'supertalk' Halted Due to Vendor Concerns

Conference organizers say it's too soon to reveal information on a software problem

Is Spam Really Threatening Planet Earth? I Don't Believe It

McAfee claims spam has a significant effect on global warming, but the report leaves major questions unanswered.

If Spam Equals Tons of CO2 What's the Carbon Footprint of Cyber Porn?

Why stop at spam when it comes to estimating our digital carbon footprint. I propose researchers go further.

Researcher Finds Possible Bug in Apple's IPhone

Attacker would need a working exploit first, but then could remotely read text messages and other data

Is Firefox the World's Most Vulnerable Browser?

Report says Mozilla's browser is far more vulnerable that Opera, Safari, and IE.

Verizon: Organized Crime Caused Spike in Data Breaches

A new study from Verizon Business claims that organized crime is responsible for a large increase in the number of breached corporate electronic records.

VMware Fusion Bug Breaches the Guest-host OS Wall

One of the benefits of using a virtualization program such as VMware Fusion or Parallels Desktop to run Windows on your Mac is...

11 Percent of PCs Still Unpatched Against Conficker

Security experts say PC users should smarten up and patch their PCs against threats such as conficker.

Encrypt More Data With Latest SecuriKey Version

When last we heard from the folks at GT SecuriKey, the makers of the hardware-software combo for securing laptops had just...

Stealthy Rootkit Slides Further Under the Radar

A known Master Boot Record rootkit gets an upgrade that makes it difficult to detect

CDT: Privacy, Transparency Needed in Cybersecurity Policy

An Obama administration review of cybersecurity policy is due soon

Oracle Delivers Major Security Patch Update

Release includes 43 fixes, including 16 for the company's database

Amazon.co.uk Opts out of Phorm Deep Packet Tracking

Customer demands his purchasing history is kept out of the BT-run system

Deleted Data Drives New Data Breaches

Cyber-criminals are using data forensics to dig up sensitive user data.

Spam E-mails Killing the Environment, McAfee Report Says

McAfee report claims spam e-mails create as much carbon dioxide as 3.1 million cars.

Conficker Group Says Worm 4.6 Million Strong

The total number of infected PCs could be higher, however

Amazon's Gay Book 'Glitch': What Really Happened

The truth comes out (so to speak) about the zapping of sales ranks for LGBT books on Amazon.

Safari Charlie finds possible iPhone OS vulnerability

By chris.foresman@arstechnica.com (Chris Foresman) on shellcode

companion photo for Safari Charlie finds possible iPhone OS vulnerability

Security researcher Charlie Miller has discovered a bug in the iPhone OS that could be a potential security vulnerability. Though the iPhone is generally considered unable to run shell code in its default configuration, Miller says that he has found a method that enables execution of arbitrary shell code.

While well known for his quick exploits of Safari in recent Pwn2Own contests, Miller is also credited for discovering the first known iPhone exploit. Though he has discovered no successful iPhone exploit recently, he does note that enabling an iPhone to run shell code works on a standard, out of the box iPhone. If an exploit were found that would let an attacker enable shell code execution, the bug could go from "potential vulnerability" to "serious problem" in no time at all. If a hacker could run shell code on your phone, he could do essentially whatever he wanted, including stealing passwords, contact info, and other data.

Miller contends that the latest version of the iPhone OS is pretty secure, and even hesitates to call his discovery a vulnerability per se. But now that the knowledge is out there, you can be sure someone will be trying to find a way to take advantage of it. Apple patched his previously discovered exploit rather quickly, so we feel confident Apple will make sure this won't be a problem for iPhone users going forward.

Evidence suggests first zombie Mac botnet is active

By chris.foresman@arstechnica.com (Chris Foresman) on trojan

If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.

Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the 'Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs.

Report: 2008 a "great year for data thieves"

By jacqui@arstechnica.com (Jacqui Cheng) on Verizon

2008 was a "great year for data thieves," according to a new report (PDF) from Verizon Business RISK Team. After analyzing the details of thousands of data breach investigations—many of which were never reported to the public—Verizon concluded that more than 285 million records were compromised last year, which amounts to more than the four previous years combined. From this data, Verizon was able to spot trends within these data breaches in order to provide recommendations on how to avoid them.

According to Verizon's data, more than 99 percent of all compromised records were from servers and applications (presumably as opposed to lost laptops and the like). 87 percent were considered avoidable through simple or intermediate controls, and 81 percent of organizations that were exploited were not Payment Card Industry compliant. Even worse, the majority of data breaches weren't even discovered by the organizations themselves—Verizon says that 69 percent were discovered by a third party.

PIN-grabbing malware compromises bank networks

By nate@arstechnica.com (Nate Anderson) on security

As if we didn't have enough to worry about on the identity theft front, what with skimmers and scammers and 419ers and guys diving into dumpsters in search of our digits, Wired now reports that thieves have found a sophisticated way to get at PIN numbers, too.

Grabbing a PIN number can be far more lucrative than stealing credit card information, since ATM PINs can be help thieves get direct access to cash. They can also be more difficult for consumers to challenge.

Conficker launches antivirus scam as malware hits Twitter

By jtimmer@arstechnica.com (John Timmer) on Twitter

April first was supposed to be the day that Conficker wreaked widespread havoc, but the absence of said havoc doesn't mean that we've seen the end of the problems. Last week, antivirus companies detected that an updated version of the software was being distributed. Over the course of the weekend, the new software got to work, as infected machines began to send out spam and run fake antivirus software which attempts to convince users to pay for its "services." Meanwhile, a teenager in Brooklyn, New York, has been playing cat and mouse with the folks behind the Twitter service, using its handling of malformed URLs and a bit of Javascript to send a mix of spam and taunting messages from random users' accounts.

First, Conficker. According to researchers at Kaspersky Lab, the code that was distributed to the Conficker.c variant performed significant updates to the software that resides on compromised machines. From here on out, until the latest version expires in early May, Conficker will be able to spread as a worm. It's also bringing aboard a new bit of malware, termed Waledac, which can both send spam and harvest personal information. One machine tracked by Kaspersky quickly sent out over 40,000 spam messages in a 12 hour period. If all infected machines were as efficient as this one, the full network is estimated to be able to send out 400 billion spam e-mails in a single day.

Conficker self-updates, launches false infection alert

By jhruska@arstechnica.com (Joel Hruska) on Waledec

April 1 may not have turned into the D-day that some feared Conficker might create, but the newest version of the worm (Conficker.C) is still out in the wild with mischief on its mind. The malware's creators released a new patch on April 7; the group obviously intends to continue its active war against security researchers. Such tenacity has been a trait of Conficker since the parasite first appeared on the 'Net near the end of 2008. Each version of Conficker has delivered new "features" or tricks intended to bypass security patches; the April 7 update is no exception.

Microsoft Patch Tuesday for April 2009: eight bulletins

By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday

According to the Microsoft Security Response Center, Microsoft will issue eight Security Bulletins on Tuesday, and it will host a webcast to address customer questions on these bulletins the following day (April 15 at 11:00 AM PST, if you're interested). Five of the vulnerabilities are rated "Critical," two are marked "Important," and one is considered "Moderate." The first five earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least six of the patches will require a restart.

The list of affected operating systems includes Windows 2000, Windows XP (x86 and x64), Windows Server 2003 (x86 and x64), Windows Vista (x86 and x64), and Windows Server 2008 (x86 and x64). Furthermore, there are also vulnerabilities in Microsoft Excel, Internet Explorer, and Microsoft ISA Server that will be patched. The Excel vulnerability that is being patched was reported in February.

Report: cyberwarriors probing US electrical grid

By jhruska@arstechnica.com (Joel Hruska) on US

It sounds like something straight out of

Hollywood. Current and former US security officials have reported that foreign nations have penetrated the cybersecurity barriers surrounding the US electrical grid, water system, and even financial networks. Although no known attempts have been made to activate the booby traps said black hats left behind, such sleeper cells could activate suddenly during a war or crisis, plunging the nation into a disaster only Bruce Willis and that Mac dude could avert.

Microsoft: 3% of e-mail is stuff we want; the rest is spam

By jacqui@arstechnica.com (Jacqui Cheng) on Symantec

Spam makes up close to 100 percent of all e-mail traffic on the Internet, according to Microsoft. In a new security report, Microsoft said that 97 percent of e-mails sent were destined for the junk folder, though most never made it to their destinations thanks to server-side filtering.

As usual, the latest waves of spam are rife with advertisements for pharmaceutical products (48.6 percent of the total). Microsoft noted that a larger percentage of spam was blocked by its own Exchange Hosted Filtering (EHF) services in the second half of 2008 for most categories, with some 40 percent of "non-sexual" pharmacy spam being blocked (apparently, sexual pharmacy spam figured out how to get around EHF filters during that time—Microsoft recorded a drop in blocked e-mails from this category).

OS diversity protects cell phones from virus outbreaks

By jtimmer@arstechnica.com (John Timmer) on virus

Events like the spread of the Conficker worm illustrate the risks posed by the combination of a sophisticated operating system and an always-on Internet connection. With the expanding popularity of smartphones, which come with multitasking operating systems and convenient software development kits, the same risk may definitely apply. But, despite the fact that exploit code has been around for several years, nothing on the scale of Conficker has ever struck the cellphone world. A study that will be released online in Science Express looks into why this might be the case, and concludes that a major contributor is the lack of an operating system monoculture in the cellphone world.

The authors say that the customized combinations of hardware and software that characterized early cellphones left little for a virus writer to target, but the rise of smartphones is changing matters rapidly. Since 2004, there have apparently been over 400 phone-specific viruses, and the authors say that many of these show a level of sophistication that indicates their authors have been following developments in the PC world (or, potentially, the authors are one and the same). Some of these viruses were even able to spread by both Bluetooth and MMS services.

TA09-105A: Oracle Updates for Multiple Vulnerabilities

Oracle Updates for Multiple Vulnerabilities

Conficker

By snopes@snopes.com

Is the Conficker worm going to unleash an apocalyptic cyber-event on April 1?

No comments:

Post a Comment

My Blog List