Security: Threat AlertThis newsletter is sponsored by SonicWALLNetwork World's Security: Threat Alert Newsletter, 08/27/07Trend Micro ServerProtect Contains Multiple VulnerabilitiesBy Jason MeserveToday's bug patches and security alerts: US-CERT: Trend Micro ServerProtect Contains Multiple Vulnerabilities According to the US-CERT advisory, "Multiple buffer overflow vulnerabilities and an integer overflow vulnerability have been discovered in the RPC interfaces used by various components in Trend Micro's ServerProtect software package. These vulnerabilities could be exploited by a remote attacker with the ability to supply a specially crafted RPC request to the system running the affected software."
********** Yahoo patches Messenger video bug Yahoo updated its Messenger instant messaging software to flush a bug that hackers could exploit by sending video chat invitations to unwary users. The vulnerability, which surfaced last week in a posting to a Chinese security forum, could be exploited by duping a user into accepting a malicious webcam invitation, McAfee Inc. confirmed Aug. 15. Computerworld, 08/23/05. ********** Four new updates from rPath: ********** Two new fixes from Gentoo: ********** Two new patches from Ubuntu ********** Today's malware news: The latest twist with the Storm Worm / Zhelatin e-mails is that the e-mails now contain fake links to YouTube. F-Secure Antivirus Research Weblog, 08/26/07. Video: The Zhelatin/Storm Gang has been very busy lately ********** From the interesting reading department: How to neutralize today's worst Web attacks Symantec recently posted details about a new version of MPack, a for-sale Web attack kit that loads up a site with exploits against Windows, QuickTime, and WinZip. The $400 kit was used in the June Italian Job online assault that hijacked tens of thousands of Web sites, most of them in Italy. Crooks can buy MPack and a host of other nefarious programs on a thriving online black market. PC World, 08/22/07 Attackers probing for vulnerable Windows servers Attackers are probing for Windows servers running Trend Micro's ServerProtect antivirus software, researchers warned. On Thursday, Symantec's DeepSight threat network monitored a major spike in traffic over TCP port 5168, which is related to the remote procedure call service in ServerProtect. Computerworld, 08/23/07. Web site auctions software vulnerabilities to highest bidder There are many ways vulnerability information can get out to the industry but a controversial new site, auctioning such information to the highest bidder, may be the wave of the future. Network World, 08/23/07. Mobile workforce leaves networks vulnerable, survey says A majority of IT managers believe the mobile workforce makes their enterprise networks more susceptible to malware and other threats, according to a new survey. Network World, 08/24/07. Spam fighters hit criminals' weak spot Is the fight against spam horribly misguided? For years, spam haters have relied on junk-mail filters and Internet blacklists, but lately, some are saying it's time for a change in tactics. Their answer: follow the money. And that means going after the Web sites where spammers sell their pharmaceuticals and watches and male enhancement products. IDG News Service, 08/23/07. Cogent: Cable was attacked with saw and gun Guns, saws, and some very dim-witted thieves were all apparently involved in a network blackout that affected Internet users, primarily in the Northeastern U.S., earlier this week. IDG News Service, 08/23/07.
|
Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" This newsletter is sponsored by SonicWALLARCHIVEArchive of the Security: Threat Alert Newsletter. BONUS FEATUREIT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE International subscribers, click here. SUBSCRIPTION SERVICESTo subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007 |
No comments:
Post a Comment