Security: Threat AlertNetwork World's Security: Threat Alert Newsletter, 09/27/07Tivoli data hole fixedBy Jason MeserveToday's bug patches and security alerts: Security holes expose data stored in Tivoli system IBM has issued a warning to customers that security fixes should be installed for two vulnerabilities in the IBM Tivoli Storage Manager (TSM) backup software client. The security holes could allow a buffer overrun attack or enable unauthorized access to stored data, IBM said. Computerworld, 09/24/07.
IBM advisory AOL's Instant Messenger is vulnerable to remotely executable code and it won't be officially fixed until the company issues AIM 6.5.3.12 in a few weeks. The company says that in the meantime, a beta version of AIM 6.5.3.12 is available on its beta.aol.com Web site, and it addresses the problem. Download the beta Gmail zero-day flaw allows attackers to steal messages Accounts on Google's Gmail can be easily hacked, allowing any past -- and future e-mail messages -- to be forwarded to the attacker's own inbox, a vulnerability researcher said Tuesday. Dubbed a "cross-site request forgery" (CSRF), the Gmail bug was disclosed Tuesday by Petko Petkov, a U.K.-based Web vulnerability penetration tester who has made a name for himself of late. Computerworld, 09/26/07. Critical vulnerability found in Ask.com toolbar A vulnerability in Ask.com's toolbar for Internet Explorer could allow an attacker to take control of a person's computer, according to security advisories. 09/25/07. Secunia advisory Service Pack 3 Available for Office 2003 Users Microsoft has released its third service pack for Office 2003 users. The company says the 117-megabyte bundle of security updates and program tweaks "represents a major evolution in security for Office 2003" and that it "further hardens the Office suite against potential attacks and other security threats." Security Fix blog, 09/26/07. Today's malware news: New Prime Minister, New Trojan Today, a new Prime Minister took over office in Japan. As usual, malware authors are taking full advantage of this big occasion, launching targeted attacks that play upon the event. Symantec Security Response has received an archive file today with the file name mofa.zip, which contains an executable called mofa.exe. This file is detected as Backdoor.Darkmoon.E. Symantec Security Response blog, 09/25/07. Cards, Cards, Cards, Baked Beans, Cards, Cards... There are a high number of reports for Trojan-Downloader.Win32.Banload.DRS today. It's very similar to August 16th's run of Agent.BRK. This time the bad guys have once again returned to the attachment name of card.exe. F-Secure blog, 09/24/07. From the interesting reading department: Can you spot a phish? Play Carnegie Mellon’s game and see Scientists at Carnegie Mellon University have developed an online game designed to teach Internet users about the dangers of phishing. Network World, 09/25/07. eBay denies security breach led to posting of user data EBay rejects notion that yesterday’s posting of eBay user information and credit card data is link to a system break-in. Network World, 09/26/07. Security experts pitch 'culture of data' The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain. InfoWorld, 09/26/07. After criticism, Sun changes Java updates Sun is taking a page from Microsoft's security group and changing the way it updates Java for the desktop. Computerworld, 09/26/07.
|
Contact the author: Jason Meserve is Network World's Multimedia Editor and writes about streaming media, search engines and IP Multicast. Check out his Multimedia Exchange Weblog. Check out Jason Meserve and Keith Shaw's weekly podcast "Twisted Pair" ARCHIVEArchive of the Security: Threat Alert Newsletter. BONUS FEATUREIT PRODUCT RESEARCH AT YOUR FINGERTIPS Get detailed information on thousands of products, conduct side-by-side comparisons and read product test and review results with Network World’s IT Buyer’s Guides. Find the best solution faster than ever with over 100 distinct categories across the security, storage, management, wireless, infrastructure and convergence markets. Click here for details. PRINT SUBSCRIPTIONS AVAILABLE International subscribers, click here. SUBSCRIPTION SERVICESTo subscribe or unsubscribe to any Network World newsletter, change your e-mail address or contact us, click here. This message was sent to: security.world@gmail.com. Please use this address when modifying your subscription. Advertising information: Write to Associate Publisher Online Susan Cardoza Network World, Inc., 118 Turnpike Road, Southborough, MA 01772 Copyright Network World, Inc., 2007 |
No comments:
Post a Comment