 Virus and Bug Patch Alert
Network World's Virus and Bug Patch Alert Newsletter, 06/28/07 Flaws found in MIT Kerberos 5, related applications By Jason Meserve Today's bug patches and security alerts: Flaws found in MIT Kerberos 5
US-CERT is warning that the MIT Kerberos 5 implementation (and products that utilize it) contains multiple vulnerabilities. The most severe flaw, according to US-CERT, may be exploited to run malicious code on an unpatched system.
MIT advisories:
kadmind vulnerable to buffer overflow
kadmind affected by multiple RPC library vulnerabilities Vendor advisories:
Ubuntu
rPath
Mandriva | Network World Security Buyers Guide
Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyers Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyers Guide now. | | ********** rPath, Ubuntu release LibExif updates
A buffer overflow in the LibExif code could be exploited by an attacker to run malicious commands or applications on an affected system. Both rPath and Ubuntu have recently released updates for this vulnerability.
********** Mandriva patches Evolution flaw
A flaw in the way Evolution processes IMAP server messages could be used to run malicious code on an affected machine with elevated privileges. Mandriva has released a fix for this vulnerability. ********** OpenPKG releases Wordpress fix
A input-filtering vulnerability has been found in OpenPKG's implementation of the popular Wordpress content management system. In order to exploit the flaw, user authentication must be turned on and the attack has to be authenticated. ********** Today's malware news: Hey, You Put Your Trojan in my Spam!
A Trojan in my spam? True. The most recent version of malicious code that we are seeing being delivered by spam is a Trojan in greeting card spam. Malicious code in spam has been around off and on for some time. Symantec Security Response blog, 06/27/07. DOJ warns U.S. citizens of phishing attack
The U.S. Department of Justice (DOJ) is alerting e-mail users about a possible phishing attack using messages that claim to be from the DOJ. IDG News Service, 06/28/07. Fake Windows patch e-mail leads to Trojan horse attack
Messages insisting that users install a just-released Microsoft Corp. security update are bogus and actually lead to a site that plants malicious code on PCs, several security companies warned today. The spam, which touts "Microsoft Security Bulletin MS07-0065 -- Critical Update" as its subject and appears to come from "update@microsoft.com," claims users should download a June 18 security patch and provides a link to a URL that looks legit. Computerworld, 06/27/07. Beware of LZH
Though the discovery of Microsoft Office zero-day exploits has dropped dramatically in the last six months, new file format exploits are still being discovered (and exploited) regularly. After .zip and .rar file exploits, the latest archive format vulnerability affects the Lhaca archiver and its LZH compression support. While not very well known in the US and Europe, Lhaca appears to be a popular archive tool in Japan, as is the compression format LZH. Symantec Security Response blog, 06/25/07. ********** From the interesting reading department: Can cell phones be hacked? Security experts say yes, but it's not that easy
IBM, McAfee and Symantec say cell phones can be broken into but sophisticated hacker would be needed. NetworkWorld.com, 06/25/07. Podcast: Blackjacking: Don't gamble with mobile security Black Hat paper on breaking Trusted Platform Module withdrawn
This is the abstract for a paper that was scheduled to be presented at Black Hat USA 2007 security conference next month. It was removed without explanation from the conference Web site this week, and promised to circumvent security afforded by Trusted Platform Module chips: "TPMkit: Breaking the Legend of Trusted Computing (TC [TPM]) and Vista (BitLocker)". Network World, Network World, 06/27/07. iPhone security: Nightmare for IT or no big deal?
With Apple offering little information about iPhone security, experts disagree on whether companies should ban its use or figure out how to make it work safely with corporate networks. Computerworld, 06/25/07. Microsoft security group makes 'worst jobs' list
What do whale-feces researchers, hazmat divers and employees of Microsoft's Security Response Center have in common? They all made Popular Science magazine's 2007 list of the absolute worst jobs in science. IDG News Service, 06/26/07. How to be a digital detective
It's possible at some point there will be an incident at your company that will require the IT department to conduct a formal investigation tracking the digital trail of an employee. Will you know what to do? Network World, 06/26/07. Security vendors question antivirus tests
Antivirus software is frequently tested for performance, so picking a top product should be straightforward: Select the number-one vendor whose software kills off all of the evil things circulating on the Internet. You're good to go then, right? Not necessarily. IDG News Service, 06/26/07. Mobile phone virus author arrested in Spain
Spanish police have arrested a 28-year-old man on charges that he created variants of the CommWarrior and Cabir mobile phone viruses, according to published reports. IDG News Service, 06/25/07.
| 
No comments:
Post a Comment