Microsoft warns of Video ActiveX flaw; Vista unaffected
By emil.protalinski@arstechnica.com (Emil Protalinski) on Internet Explorer
Microsoft has posted Security Advisory
972890 to warn its users that it is responding to a privately reported vulnerability in the Microsoft Video ActiveX Control that hackers are actively attempting to exploit. The vulnerability could allow for an attacker to gain the same user rights as the local user if the victim is running Windows Server 2003 or Windows XP. The software giant emphasized that Windows 2000, Windows Vista, and Windows Server 2008 are not vulnerable. Furthermore, when using Internet Explorer, code execution is remote and may not require any user intervention. The company also noted that it is currently working on a security update for Windows to address the flaw and will release it broadly once it has reached an appropriate level of quality.
UK ISP drops Phorm behavioral ad tech—for now
By jacqui@arstechnica.com (Jacqui Cheng) on targeted advertising
BT, the UK-based ISP that has been testing the behavioral advertising system Phorm, has announced that it no longer plans to deploy the technology after more than a year of controversy. The company did not offer many details as to why it decided to drop the project except to say that it wanted to rearrange resources "devoted to other opportunities."
The idea behind Phorm was hatched in early 2008 when the company said it had inked deals with a number of large ISPs in the UK to collect clickstream data from users and sell it to advertisers. This would enable advertisers to create highly-targeted ad campaigns based on users' own browsing history. One of the UK's largest ISPs, BT, was Phorm's headliner, conducting secret tests with the technology.
Report: Social Security numbers can be predicted
By Elinor Mills
It is possible to use publicly available data on state and date of birth to predict someone's Social Security number, particularly if they were born after 1988 and in smaller states, according to an article published Monday in The Proceedings of the National Academy of Sciences.
The ability to ...
Microsoft warns of hole in Video ActiveX control
By Elinor Mills
Microsoft on Monday warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site.
There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on ...
Shock, as social network reveals personal information!!!
By Rik Ferguson on web
In what in many ways appears to be a case of tabloid sensationalism the Mail on Sunday yesterday “revealed” that the wife of the incoming head of MI6 Sir John Sawers, who is due to take over as chief of the Secret Inteligence Service in November, has had a Facebook profile. The content of the profile that [...]
Eircom DNS Servers Compromised?
By Rik Ferguson on web
So far there are very few details on the nature of the problem over at Eircom, but it is certainly clear that many Eircom subscribers are being redirected to bogus websites and rumours abound that Eircom’s DNS has been compromised. Typing the address for Facebook will get you this young lady If you’re a Twitter user, you’ll [...]
Military Communications Hacking – Script Kiddy Style
By Darknet on war hacking
Ah now this is interesting..and scary in a way. Script Kiddies with guns! Script kiddies going to war, or is it turning soldiers into script kiddies. Who knows. Anyway, the US military has decided to make their soldiers walking hackers, with an all-in-one super hacking device that can penetrate satellite signals, VoIP networks and normal information systems. As [...]
Insider Arrested For Stealing Critical Proprietary Code From Financial Services Company
Insider arrested for allegedly stealing key code to financial services' firm's high-speed trading platform
New Tool And Managed Service 'Penetration-Test' End Users
New User Attack Framework (UAF) could eventually work with Metasploit tool, researchers say
Telefonica Adds Authenware's Biometric Authentication Technology
Telco's login portals will be armed with the Authentest software, granting access to valid users by analyzing keystroke patterns and typing behaviors
Waledac Takes Its Seasonal Turn
In YouTube
Waledac seems to rear its head primarily for the holidays, including a recent appearance for the 4th of July.
Former Goldman Sachs Employee Accused of Stealing Code
In Infrastructure security
In another example of insider threats, the FBI nabbed a former software designer for Goldman Sachs and is accusing him of downloading proprietary software and sending the data to a Web server in Germany.
Recommendations for reducing government secrecy roll in
The Public Interest Declassification Board continues to gather suggestions from the public on how the Obama administration can improve government policy for classifying data.
Fate of Registered Traveler data up in air after vendor quits program
TSA appears to be distancing itself from the handling of personal data for a Registered Traveler program that suddenly shut down.
An Artemis View Of 0-Day Attacks
By Haowei Ren on Zero-Day
In our blog from yesterday, we’ve described how Exploit-MSDirectShow.b has widely been deployed on hijacked websites in China, targeting Internet Explorer users. When the victim browse upon one of these sites, a malware is downloaded to his computer. To better understand the impact of these attacks to this time and date, we have been monitoring the prevelance [...]
McAfee Coverage of the DirectShow Exploit
By Geok Meng Ong on Web and Internet Safety
Since we reported about the new attacks against Internet Explorer exploiting a vulnerability in a DirectShow ActiveX object, we have released DATs/coverage updates for many of our products and technologies. Current status for each of the content areas: Malware - Coverage is provided for exploit code in the 5668 DATs, released on July 6. HIPS - Generic buffer [...]
July Spam Report Appears
By David Marcus on Spam and Phishing
Today McAfee released its July 2009 Spam Report, which reveals the Top 15 spam subject lines by domain, among other highlights. So what was the one subject line that was most popular in six continents this quarter? Viagra. For the .COM domain, “hi” and “hello” hit the most in-boxes, while Viagra and “Salute, man!” subject lines [...]
New Attacks Against Internet Explorer
By Haowei Ren, Geok Meng Ong on Web and Internet Safety
If you have read Geok Meng and Xiaobo’s blog published in December last year, this would almost seem like a movie sequel. Over the July 4th weekend, an exploit targeting a 0-day vulnerability in the Microsoft Microsoft DirectShow ActiveX object was widely discovered on many Chinese websites. At the time of research, over a hundred hijacked sites were [...]
Microsoft confirms attacks against IE6, IE7
Microsoft today confirmed that hackers are exploiting an unpatched bug in DirectX, this time by attacking Internet Explorer.
Singapore No. 2 'black hat' target
Singapore has been highlighted as one of the world's leading targets for black hat Web security attacks, in a new research by network security provider Fortinet.
App Demystifies Windows 7 Built-In Firewall
Want fine-grained control over the firewall built into Windows 7 and Windows Vista--especially the way it blocks outbound connections? Good luck. Even if you manage to unearth the controls buried deep in Windows menus and applications, you'll be baffled. Windows 7 Firewall Control Free solves the problem
Symantec releases disaster recovery statistics
Symantec Corp. has released the results of its fifth annual Global IT Disaster Recovery survey.
Hackers exploit second DirectShow zero-day using thousands of hijacked sites
Thousands of legitimate Web sites hacked over the weekend are launching drive-by attacks using an exploit of a second critical unpatched vulnerability in Windows' DirectShow component, a Danish security company said today.
Create stronger passwords
An attacker who wants to break into one of your accounts manually might first try likely passwords such as your pet's name, your anniversary, or other terms that are significant to you. If that doesn't produce results quickly, a hacker might turn to a program that rapidly tries each of the thousands or even millions of words in a big list--a procedure known as a dictionary attack. Some dictionary attacks are quite clever, checking not only common English terms but also foreign words, common misspellings, words in which letters have been replaced by numbers or symbols (such as @ppl3 for Apple), and easy-to-type sequences of characters, such as poiuytre.
Symantec desktop security software boasts reputation analysis
Symantec is readying the 2010 editions of Norton Internet Security and Norton AntiVirus, adding to its flagship consumer software a type of malware defense based on what's called reputation analysis.
How to Stop Fraud
Bernard Madoff, Allen Stanford and California money manager Danny Pang may be the latest examples of outrageous fraud. But what about the little guys? The administrator, middle manager or call-center rep?
Complex firewalls cost money says new report
Most organisations are getting a poor return on their investments in firewalls due to the complex issues in managing them. This is despite the fact that enterprises are facing on average 300 network attacks every year.
Apple Learning Interchange security compromised
DigMo!, a non-commercial educational technology site, written by teachers and educators has reported that some aspects of the Apple Learning Interchange site may have been compromised.
BT chills relationship with Phorm
BT has reportedly halted plans to deploy the hugely controversial Webwise ad tracking system from UK outfit Phorm.
Malware authors hit by recession too
The recession might be having at least one positive effect - it has started cutting the volume of malware.
Daily Mail picks fight with government for McKinnon
The Daily Mail has stated its support for NASA hacker Gary McKinnon, vowing to fight his extradition.
July 4 celebrations hijacked by Waledac botnet
The Waledac spam/botnet may be dwindling, but that didn't stop its disseminators utilising this weekend's 4th of July celebrations to spread malicious executables, according to Symantec.
Metropolitan Police inks identity management deal
The Metropolitan Police Authority has signed a five-year deal with BT for identity and access management.
Sharapova, Serena Williams used to spread malware
Hackers are praying on surfers searching the web for news about how top tennis players are performing at Wimbeldon, in a bid to spread malware to steal sensitive personel data, says McAfee.
Michael Jackson X-file scam steals passwords
Security vendors have been reporting a wave of Michael Jackson spam emails designed to disseminate a Zbot banking password variant.
CSIRT Management: Lessons from Other Group Postmortems (Part 2)
In Week 9 of the 11-week course on Computer Security Incident Response Team Management that I taught in summer 2008, one of the weekly discussion questions was as follows:
The 10 dumbest mistakes network managers make
When you look at the worst corporate security breaches, it's clear that network managers keep making the same mistakes over and over again, and that many of these mistakes are easy to avoid.
Boffins guess social security numbers via public data
Success rate as high as 90%
Predicting a person's social security number is a lot easier than previously thought, according to new scientific research that has important implications for identity theft.…
Programmer charged with stealing Wall Street-ware
Code worth 'many millions'
A former Goldman Sachs software designer has been arrested and charged with stealing proprietary software used for the firm's high-speed trading platform.…
Microsoft takes Gazelle secure browser on road trip
About that performance...
Microsoft will next month present its browser-as-operating-system project to an international symposium of computer and security experts.…
Windows users ambushed by attack on fresh IE flaw
More DirectShow danger
Thousands of websites have been hit by fast-moving exploit code that installs a cocktail of nasty malware on visitors' computers by targeting a previously unknown vulnerability in some versions of Internet Explorer.…
IE 0day exploit domains (constantly updated), (Mon, Jul 6th)
This diary entry contains a list of domains that are exploiting the new IE-0day as well as secondary ...(more)...
0-day in Microsoft DirectShow (msvidctl.dll) used in drive-by attacks, (Mon, Jul 6th)
A 0-day exploit within the msVidCtl component of Microsoft DirectShow is actively being exploited th ...(more)...
New attack code targets Microsoft ActiveX zero-day vulnerability
By Robert Westervelt
UPDATED: A new drive-by exploit has surfaced targeting an ActiveX zero-day vulnerability for streaming video.
Adobe ColdFusion websites being compromised
By SearchSecurity.com Staff
Popular websites run by Simon & Schuster, Crayola, FAO Schwarz and others could be at risk. A flaw in the ColdFusion rich text editor is being actively exploited, Adobe says.
New attack code targets Microsoft DirectShow zero-day vulnerability
By Robert Westervelt
A new drive-by exploit has surfaced targeting a zero-day vulnerability in Microsoft's video streaming software, DirectShow.
CamlImages Heap Overflow Arbitrary Code Execution
…
HP-UX Running NFS/ONCplus DoS
…
Joomla! HTTP Header Multiple XSS Vulnerabilities
.,,
Sourcefire 3D Sensor and DC Privilege Escalation Vulnerability
…
HP-UX Running Apache Web Server Suite DoS and Code Execution
Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine.
Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
Artofdefence Hyperguard Web Application Firewall DoS
…
MIT Kerberos DoS and Arbitrary Code Vulnerability
…
radware AppWall Web Application Firewall Source Code Disclosure
…
osTicket Admin Login Blind SQL Injection
…
SonicOS Format String Vulnerability
…
Symantec Pushes Reputation Technology in Norton Beta
Symantec unveils reputation-based technology code-named Quorum in the latest versions of Norton Internet Security and Norton AntiVirus. Now available as a free beta, the products represent Symantec's hybrid approach to security, mixing traditional signatures with application whitelisting.
- Symantec July 6 pulled the covers off of free beta versions of Norton Internet Security 2010 and Norton AntiVirus 2010 with new reputation-based technologies code-named Quorum.' Quorum will be introduced into the market in fall 2009. Symantec's 2010 products use application reputation in respons...
Microsoft Vulnerability Targeted in New Drive-by Attack
Hackers are launching attacks against an unpatched vulnerability in the Microsoft Video ActiveX Control that could allow an attacker to take full control over the system. When using Internet Explorer, code execution is remote and requires no user interaction, Microsoft says.
- Microsoft is investigating attacks targeting a vulnerability in Microsoft Video ActiveX Control that could allow a hacker to gain complete control of a system. Not much has been said about the exact nature of the Microsoft Video ActiveX Control vulnerability, which is so far reported to affect...
McAfee Update Brings Headache for Enterprises with Old Software
McAfee customers around the world running old, unsupported versions of its security software fell victim to false positives July 3 that disrupted operations for some. McAfee officials say users running the most current version of McAfee VirusScan Enterprise were not impacted.
- McAfee has resolved a glitch affecting its security software that crashed computers around the globe last week. On July 3, McAfee users running old versions of the VirusScan engine found themselves facing false positives after downloading a DAT file that labeled legitimate programs as malware....
Microsoft: Attacks on Unpatched Windows Flaw
In Latest Warnings
Microsoft warned today that hackers are targeting a previously unknown security hole in Windows XP and Windows Server 2003 systems to break into vulnerable PCs. Today's advisory includes instructions on how to mitigate the threat from this flaw. In a security alert posted today, Microsoft said the vulnerability could be used to install viruses or other software on a victim's PC if the user merely browsed a hacked or booby trapped Web site designed to exploit the security hole. Redmond says at this time it is aware of "limited, active attacks that exploit this vulnerability." Microsoft doesn't define "limited, active" attacks in the context of this vulnerability, but the SANS Internet Storm Center is reporting that thousands of newly compromised Web sites have been seeded with code that exploits this vulnerability. SANS also says instructions for exploiting the vulnerability have been posted to a number of Chinese Web sites. According
Brief: Zero-day Windows flaw fuels IE attacks
Zero-day Windows flaw fuels IE attacks
Microsoft sounds computer security alarm (AFP)
In technology
AFP - Microsoft has warned of a flawed software in Internet Explorer that hackers can exploit to take over some computers.
Microsoft warns of serious computer security hole (AP)
In technology
AP - Microsoft Corp. has taken the rare step of warning about a serious computer security vulnerability it hasn't fixed yet.
Opera CEO Defends Unite Against Security Concerns (PC World)
In technology
PC World - Opera Software's CEO defended the Unite feature of the forthcoming Opera 10 browser against charges that it will increase the risk that hackers can break into people's PCs.
SB09-187: Vulnerability Summary for the Week of June 29, 2009
Vulnerability Summary for the Week of June 29, 2009
TA09-187A: Microsoft Video ActiveX Control Vulnerability
Microsoft Video ActiveX Control Vulnerability
MS03-011 - Version:2.0
Severity Rating: Critical - Revision Note: V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: Flaw in Microsoft VM Could Enable System Compromise (816093)
MS02-069 - Version:2.0
Severity Rating: Critical - Revision Note: V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: Flaw in Microsoft VM Could Enable System Compromise (810030)
MS02-052 - Version:2.0
Severity Rating: Critical - Revision Note: V2.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: Flaw in Microsoft VM JDBC Classes Could Allow Code Execution
MS02-013 - Version:3.0
Severity Rating: Critical - Revision Note: V3.0 (July 1, 2009): Removed download information because Microsoft Java Virtual Machine is no longer available for distribution from Microsoft. For more information, see Patch availability.Summary: 04 March 2002 Cumulative VM Update
Microsoft Security Advisory 972890 Released
By MSRCTEAM
I wanted to let you know that we have just posted Microsoft Security Advisory 972890 that discusses new, limited attacks against a Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003.
Specifically, we’re aware of a code execution vulnerability within this control that can enable an attacker to run code as the logged-on user if they browse to a malicious site.
We have an investigation into this issue under way as part of our Software Security Incident Response Process (SSIRP) and are working to develop a security update to address the issue.
In the meantime, our investigation has shown that there are no by-design uses for this ActiveX Control within Internet Explorer. Therefore, we’re recommending that all customers go ahead and implement the workaround outlined in the Security Advisory: setting all killbits associated with this particular control. While Windows Vista and Windows Server 2008 customers are not affected by this vulnerability, we are recommending that they also set these killbits as a defense-in-depth measure. Once that killbit is set, any attempt by malicious websites to exploit the vulnerability would not succeed.
As we did with Microsoft Security Advisory 971778, we are providing a way to automatically implement the workaround. Once again, go to the KB article for the advisory and follow the instructions under “Fix It For Me”.
My colleagues have posted some more details in the Security Research and Defense blog as well.
We are also actively working with partners in the Microsoft Active Protections Program (MAPP) and the Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.
As always, we’ll provide more information as we have it through our advisory, the MSRC weblog or both.
Twitter Gets One-Two Punch over Holiday Weekend
Analysis: Of the two big Twitter news stories this weekend, it's hard to decide which is more troubling.
Netbooks Offered Virtually Free With Mobile Contracts
Best Buy and RadioShack are offering netbooks virtually free with two-year mobile contracts.
Canto Brings Back Single User Digital Asset Management App
Canto has announced the release of Canto Single User, the return of a single-user version of the company's Cumulus 8 digital asset management (DAM) application...
Zero-day ActiveX Hole in Windows XP Under Attack
Apply the workaround from Microsoft for Windows XP and Server 2003 to protect against drive-by-download assaults.
FBI: Russian Programmer Stole Stock-Trading Secret Code
By Kim Zetter
A Goldman Sachs programmer is arrested for stealing the company's proprietary code responsible for making high-speed, high-value stock trades.
No comments:
Post a Comment