Security: Threat AlertThis newsletter is sponsored by AltirisNetwork World's Security: Threat Alert Newsletter, 08/30/07Cisco patches CallManager/Unified Communications ManagerBy Jason MeserveToday's bug patches and security alerts: Cisco patches CallManager/Unified Communications Manager According to the Cisco advisory, "Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database." A free update is available.
********** Apple updates AirPort Extreme Base Station A flaw in the way Apple's AirPort Extreme Base Station wireless router handles certain IPv6 packets has been fixed in a new update from the company. Older versions of the software could be exploited to limit bandwidth on an affected network. Users should upgrade to firmware Version 7.2.1. ********** Four new patches from Ubuntu: Vim (input sanitization, code execution) ********** Five new updates from Debian: postfix-policyd (buffer overflow, code execution) rsync (buffer overflow, code execution) ********** Two new fixes from Mandriva: ********** Today's malware news: Old worm Slammer threatens again An old worm known as Slammer, which originated back in January 2003, is still going strong according to Gunter Ollmann, director of security strategy at IBM's Internet Security Systems. TechWorld, 08/24/07. UN serves keylogger, Trojan after online attack The United Nations (UN) is the latest victim in a string of hacking attacks aimed at identity and credit card theft, and building botnet hordes. The attack on the UN Asia Pacific Web site is believed to originate from the same group responsible for attacks on the U.S.-based Biotechnology Information Organization and the prominent Indian Syndicate Bank. Computerworld, 08/28/07. Having reached its peak volume on Aug. 7 at nearly 30 % of all spam messages sent, PDF spam today is hardly registering on e-mail security vendors’ spamometers. Network World, 08/29/07. In the month of August to date, there have been 38 malicious-code attacks on instant-messaging networks, double the number experienced in July. Network World, 08/29/07. 'Storm' Trojan horse taps into YouTube fever Hackers bent on spreading the Storm Trojan horse have changed tactics again and are now trying to dupe users into clicking on links posing as YouTube videos, security vendors warn. Computerworld, 08/27/07. Deja vu: Sony uses rootkits, charges F-Secure A line of USB drives sold by Sony Electronics installs files in a hidden folder that can be accessed and used by hackers, a Finnish security company charged Monday, raising the specter of a replay of the fiasco that hit Sony's music arm two years ago when researchers discovered that its copy protection software used rootkit-like technologies. Computerworld, 08/27/07. [F-Secure: Sony's USB Rootkit vs Sony's Music Rootkit] IRS warns of new phishing scam The Internal Revenue Service today warned taxpayers of a new phishing scam where an e-mail purporting to come from the IRS advises taxpayers they can receive $80 by filling out an online customer satisfaction survey. Network World, 08/28/07. ********** From the interesting reading department: Canonical downplays Ubuntu hacks Canonical Ltd., the commercial sponsor of the Ubuntu Linux, said that recent compromises of most of its local community servers do not reflect on the distribution's security or corporate-readiness. TechWorld, 08/28/07. The last thing you need when you're unemployed is a bank account that's suddenly emptied. But that's exactly what some unwary users of employment search site Monster.com faced after identity thieves made off with the personal information of more than a million people looking for jobs. Computerworld, 08/28/07. Monster outlines antifraud measures One week after hackers stole personal information from millions of people who had posted their resumes to the job-searching site Monster.com, the company has warned its users to be vigilant about online fraud because the breach was not an isolated incident. IDG News Service, 08/29/07. You don't want to hear it: 10 pieces of lousy security advice Sometimes a few words from a software vendor, potential partner or consulting security expert tell you everything you need to know about whose advice is worthwhile -- when it's best to smile and nod, or whether you need to interrupt and challenge someone who's seriously off the rails. Here are 10 telltale phrases that signal troublesome advice. Computerworld, 08/27/07.
|
Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by AltirisARCHIVEArchive of the Security: Threat Alert Newsletter. BONUS FEATUREIT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE International subscribers, click here. SUBSCRIPTION SERVICESTo subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007 |
No comments:
Post a Comment