21 patch salute from Cisco

Security: Threat Alert This newsletter is sponsored by Fluke Networks Security From the Inside Experts say 75% of security threats come from inside your organization. Watch the latest Network World Editorial Perspectives Webcast today and learn which technologies and processes best protect your intellectual property and assets inside the perimeter, how to assess your insider risk level and much more. Network World's Security: Threat Alert Newsletter, 08/13/07 21 patch salute from Cisco By Jason Meserve Today's bug patches and security alerts: Cisco issued 21 patches hours before site blacked out A Web site blackout yesterday prevented Cisco customers from retrieving 21 critical patches for about three hours yesterday, shortly after the fixes were posted by the network hardware maker. The 21 patches, deployed in four updates, were posted three hours before the blackout, and would repair IOS against a swath of vulnerabilities, some of which could result in attackers injecting their own code into vulnerable Cisco hardware. Three of the four IOS updates, according to Cisco's advisories, plug holes that attackers can, or might be able to, exploit with remote code. Network World Security Buyer's Guide Find the right security products for your enterprise - fast. From anti-spam to wireless LAN security, our Buyer's Guides have detailed information on hundreds of products in more than 20 categories. With the side-by-side comparison tool you can evaluate product features to make the best decision for your enterprise. Click here to go to the Security Buyer's Guide now. Cisco advisories: Cisco IOS Secure Copy Authorization Bypass Vulnerability Cisco Unified MeetingPlace XSS Vulnerability ********** Microsoft plans 9 security updates for this week Microsoft will release nine sets of security patches next week, including six critical updates for Windows, Office, Internet Explorer and its Visual Basic development software. Microsoft advanced advisory ********** Apple patches Mac Pro, iMac software Apple has shipped software updates for its newly-introduced iMac and for its pro-grade desktop, the Mac Pro. The company has furnished limited detail as to the substance of this software update, saying only that it, "provides important bug fixes and is recommended for 20-inch and 24-inch iMac models with 2.0, 2.4, or 2.8GHz processors." ********** Symantec patches critical Norton flaw A bug in the way Norton Antivirus software uses the ActiveX programming language could cause serious problems for users of Symantec's products. On Thursday, Symantec patched the flaw warning that a bug in two ActiveX controls used by Symantec's client software could allow an attacker to run unauthorized software on a victim's computer. Security vendor Secunia rates the problem as "highly critical." IDG News Service, 08/09/07. Symantec advisory Secunia advisory ********** Trustix releases 'multi' update A new patch rollout from Trustix fixes flaws in file, gd and mutt. The most serious of the flaws could be exploited by triggering a buffer overflow, allowing attackers to run malicious code on an affected system. ********** Today's malware news: Yo! There is a Complaint Against You Lodged with the FTC/FBI/IRS Ok, you can substitute whatever agency name you want, but the story is nearly always the same. A little while ago I blogged about Advanced TDS, another Mpack-type clone and mentioned how professional some of the malware creators are becoming. Symantec Security Response Weblob, 08/06/07. ********** From the interesting reading department: Why virtual honeypots are sweet A honeypot is simply a "closely monitored computing resource that we want to be probed, attacked or compromised," Niels Provos and Thorsten Holz tell us in their new book, Virtual Honeypots. Network World, 08/10/07. Bug bounty program answers critics The man who launched both of the security industry's major bug bounty programs Thursday defended the idea of paying for vulnerabilities, but also said he has responded to critics by putting a tighter lid on bug details to make sure they don't fall into the wrong hands. Computerworld, 08/09/07. Using Darknets to See the Light Firewalls, intrusion detection and prevention systems, antivirus -- they're all old tricks of the trade that IT has traditionally deployed to maintain the security of large and complex networks. But are they enough? Threat volume is rising, propagation speed is increasing, and attacks are becoming more advanced and elusive. Luckily, there are innovative new ways to complement the traditional approach. And security's bright side may be on the 'dark' side. Symantec Security Response Weblog, 08/09/07. Security firm automates generating attack code Security firm Immunity has released a tool aimed at largely automating the process of putting together security exploits, a move some believe will lead to a dramatic rise in the number of "zero-day" exploits making the rounds. TechWorld, 08/09/07. VoIP hacker talks: Service provider nets easy pickings The technical brains behind the theft of $1 million worth of VoIP minutes from service providers used common, simple attacks to gain illicit access. Network World, 08/10/07.   What do you think? Post a comment on this newsletter

TODAY'S MOST-READ STORIES: 1. Nude publisher Perfect 10 sues Microsoft 2. Vista prevents users from playing high-def content 3. Symantec patches critical Norton flaw 4. Vonage nearly done deploying patent workarounds 5. Google mistakes own blog for spam, deletes it 6. Storm Worm's virulence may change tactics 7. Kittens could solve spam 8. 802.11n WLAN tests show 'unbelievable' results 9. Cisco founder unveils the Next Big Thing? 10. Phishing researcher 'targets' the unsuspecting MOST-DOWNLOADED PODCAST: Twisted Pair: Philadelphia Wi-Fi freedom

Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by Fluke Networks Security From the Inside Experts say 75% of security threats come from inside your organization. Watch the latest Network World Editorial Perspectives Webcast today and learn which technologies and processes best protect your intellectual property and assets inside the perimeter, how to assess your insider risk level and much more. ARCHIVE Archive of the Security: Threat Alert Newsletter. BONUS FEATURE IT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE You've got the technology snapshot of your choice delivered to your inbox each day. Extend your knowledge with a print subscription to the Network World newsweekly, Apply here today. International subscribers, click here. SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007