RU Security News

General IPS News

MS-ISAC Advisory #2008-017 (Updated): Novell GroupWise Buffer Overflow Vulnerability — last modified 2008-05-11 21:20

A vulnerability in the Novell GroupWise System (Novell's Email system) has been identified. Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code in the context of the application. This can result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. This could lead to complete control of the compromised system. UPDATED OVERVIEW: Novell has confirmed that this vulnerability only affects GroupWise 7.0.0. GroupWise 7.0.0 SP1 and later are not vulnerable.

Trend Micro Newsletter, May 2008 — last modified 2008-05-09 08:16

Phishing, Spear Phishing and Whaling--"Phishing" is a term used to describe the act of tricking people into providing confidential information and is most commonly associated with Internet fraud whereby cyber criminals attempt to steal valuable information such as credit card numbers, Social Security numbers, user IDs, and passwords. Phishers target many groups, mostly for criminal purposes. Learn about different types of phishing, such as spear phishing and whaling, and why phishing is growing more dangerous and more prevalent.

OUCH! May, 2008 — last modified 2008-05-02 10:06

Eight Surefire Ways to Become an Identity Theft Victim; Microsoft and Apple updates; latest scams and malware

Benefits and Risks of Free Email Services — last modified 2008-04-30 14:25

Although free email services are convenient for sending personal correspondence, you should not use them to send messages containing sensitive information.

MS-ISAC ADVISORY NUMBER: 2008-017 Novell GroupWise Buffer Overflow Vulnerability — last modified 2008-04-30 13:46

OVERVIEW: A vulnerability in the Novell GroupWise System (Novell's Email system) has been identified. Successful exploitation of this vulnerability will allow an attacker to execute arbitrary code in the context of the application. This can result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. This could lead to complete control of the compromised system.

Trend Micro Newsletter April 25, 2008 — last modified 2008-04-25 07:43

Threat Landscape; Best Practices; Threats in Depth

Social Engineering-Are You At Risk: Cyber Tips Newsletter, April 2008 — last modified 2008-04-22 07:42

Most users are familiar with email phishing scams (a form of social engineering) and have been taught not to open attachments from unknown or untrusted sources or to visit untrusted web sites. There are other ways that a perpetrator may prey on the trusting human nature to gain access to information or systems.

Trend Micro Newsletter April 2008 — last modified 2008-04-11 05:49

Check it out for free tools, and articles like "Personal Information You Should-and-Shouldn't Give Away", "5 Ways to Protect Your Personal Information on Public Computers", and "IRS Tax Season Scams"

Experts hack power grid in no time — last modified 2008-04-10 19:22

SAN FRANCISCO -- Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.

Microsoft Security Newsletter, April 2008 — last modified 2008-04-10 05:39

Security news, guidance, updates, tools and community resources for users directly from Microsoft.

Vulnerability in Microsoft Graphics Device Interface (GDI) Could Allow for Remote Code Execution (MS-ISAC Advisory Number 2008-016) — last modified 2008-04-09 13:36

A vulnerability has been discovered in the way Microsoft Windows processes certain image files. This vulnerability can be exploited if a user views a malicious web page or opens an email attachment containing an image file specially designed to exploit this vulnerability. This vulnerability may be exploited through other software applications which use the vulnerable Microsoft component. A successful exploit may result in the attacker taking complete control of the affected system.

Security Update of ActiveX Kill Bits (MS-ISAC Advisory Number 2008-015) — last modified 2008-04-09 13:34

Microsoft has released a security update which addresses a vulnerability discovered in one Microsoft ActiveX control. ActiveX controls are small programs or animations that are downloaded or embedded in Web pages which will typically enhance functionality and user experience. Many web design and development tools have built ActiveX support into their products, allowing developers to both create and make use of ActiveX controls in their programs. There are more than 1,000 existing ActiveX controls available for use today. When vulnerabilities are discovered in ActiveX controls, attackers may use specially crafted web pages to exploit these vulnerabilities. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker will have complete control of the affected system; install programs, view, change, or delete data, or create new accounts with full privileges.

A Vulnerability in Adobe Flash Player Allows for Remote Code Execution (MS-ISAC Advisory Number 2008-014) — last modified 2008-04-09 13:32

Adobe Flash Player is a widely distributed multimedia and application player. It is used to enhance the user experience when visiting web pages or reading email messages. Adobe has released a Flash Player update that addresses multiple vulnerabilities. The most important of these vulnerabilities pertains to the way Flash files are handled and can result in the execution of attacker supplied code. This particular vulnerability can be exploited if a user visits a webpage or opens email with an embedded malicious file. A successful exploit may result in the execution of malicious code with the same system level privileges as the logged in user. This may allow the attacker to take complete control of the affected system. We are unaware of any publically available exploits for this vulnerability

Cumulative Internet Explorer Update Addresses Critical Data Stream Handling Vulnerability (MS-ISAC Advisory Number 2008-013) — last modified 2008-04-09 13:19

A vulnerability in Microsoft Internet Explorer could allow an attacker to take complete control of an affected system. The vulnerability may be exploited if a user visits a specifically crafted web page or receives an email with specifically crafted content. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. Failed exploit attempts will result in a denial-of-service condition.

HP USB Keys Shipped with Malware for your Proliant Server — last modified 2008-04-09 12:50

Given stories of USB devices shipping with malware pre-installed, it is now an attack vector that we need to be concerned about. Here are some steps to protect yourself against USB-based (and Fireware, which isn't immune from these stunts) malware.

Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution — last modified 2008-04-09 12:16

To enhance the user experience when visiting web sites, web pages may use applications developed with a programming language called VBScript or JScript. A vulnerability exists in the way VBScript and JScript render web pages which, if exploited, could allow a remote attacker to take complete control of an affected system. This vulnerability can be exploited if a user visits a specifically crafted web page or e-mail that contains a specially crafted script. Successful exploitation will result in an attacker gaining the same user privileges as the logged on user. If the user is logged in with administrator privileges, the attacker could then install programs, view, change, or delete data, or create new accounts with full privileges.

Spammers, crammers, fraudsters and Identity Stealers: The FTC's Top 2008 Cases — last modified 2008-04-09 12:06

This week the FTC issued a report saying it was working to prevent Internet fraud by using its new powers under the U.S. SAFE WEB Act to coordinate and cooperate more closely with foreign consumer protection officials. The report states that the FTC will work to protect the privacy and security of consumer information in this new information environment by aggressively enforcing its special statutes related to privacy as well as Section 5 of the FTC Act, by encouraging the development and implementation of self-regulatory standards related to new technologies that raise privacy and security concerns.

HP admits to selling infected flash-floppy drives — last modified 2008-04-09 12:53

April 7, 2008 (Computerworld) Hewlett-Packard Co. has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company said last week in a security bulletin. [Ed. Note: This could happen with any vendor.]

Internet Crime Complaint Center 2007 IC3 Annual Report — last modified 2008-04-04 08:09

The 2007 Internet Crime Report is the seventh annual compilation of information on complaints received and referred by the Internet Crime Complaint Center (IC3) to law enforcement or regulatory agencies for appropriate investigative action.

OUCH! April — last modified 2008-04-03 11:31

Antivirus is necessary but it can't do the whole job;Groups sympathetic to anti-Chinese protesters in Tibet are under assault by cyber attackers who are embedding malware in email that appears to come from trusted colleagues;An unpatched bug in RealPlayer leaves the media player open to drive-by-download attacks;The same tried-and-true social engineering tactics traditionally wielded against Windows users to frighten people into buying bogus security software are now being used to target Mac users...and more!

IRS warns of new online tax scams; protect yourself — last modified 2008-03-31 10:25

Scam artists exploiting tax season have devised a range of new online cons: fake tax documents that contain malicious surprises; mass distribution of keyloggers aimed at snatching the identity of PC-based tax filers; and e-mail messages containing links to Web sites that promise new tax code information but instead push malware onto your PC.

The ultimate identity theft: house stealing — last modified 2008-03-26 05:16

Not quite worried enough that identity thieves might empty your bank account or ruin your credit rating with a shopping spree in your name? The FBI says those concerns are small spuds compared to what might happen when crooks parlay identity theft and mortgage fraud into "a totally new kind of crime: house stealing."

Even seemingly reliable e-mail vulnerable to hackers — last modified 2008-03-19 04:48

You can no longer trust Office or QuickTime files that arrive in e-mail, even from organizations and people you deal with regularly.

Microsoft Security Updates — last modified 2008-03-13 05:22

Recognize and avoid fraudulent e-mail to Microsoft customers:

OUCH! March 2008 — last modified 2008-03-07 06:46

Identity theft quiz; Trojan targets PDA's and handheld computers running Windows CE - disables Windows Mobile application installation; Malicious email disguised as a Microsoft Windows update advisory; Pay Up or I'll Kill You Scam...and more!

Annual Spring Computer Maintenance-Cyber Security Tips Newsletter-March 2008 — last modified 2008-03-07 06:41

Perform Annual Maintenance in Conjunction With Daylight Savings Time Change In addition to your routine security and maintenance processes, you should perform an annual PC “tune up” or maintenance to be sure that your computer is operating efficiently, that appropriate software updates and settings have been applied and to minimize the risk of losing your data. Performing your annual check up with the switch to Daylight Savings Time is a great way to develop an annual schedule. One important step to take before performing maintenance is to back up all your data, in case anything goes wrong during your maintenance.

Social Networking: The New Face of Recruiting — last modified 2008-03-06 10:29

A Q&A on new methods for reaching prospective students.

Study: The Year's Top-10 Web Application Vulnerabilities — last modified 2008-04-04 07:52

Web applications, by far, dominate the list of application security vulnerabilities facing IT organizations. While 29 percent of vulnerabilities are attributable to network and infrastructure weaknesses, a full 71 percent are attributable to both open source and commercial Web applications...

Attention E-Filers — last modified 2008-03-03 05:47

Look Out for Online Tax Scams, Phishing, and Identity Thieves

Trend Micro-First Line of Defense-February — last modified 2008-02-29 10:13

Identity Theft—The Scary Truth About Data Leaks

Study: Consumers Don't Use Anti-Phishing Defenses — last modified 2008-02-29 08:28

Much-ballyhooed 'green bar' is lost on most end consumers. More information on the 'green browser bar' which identifies legitimate links to prevent phishing.

Critical VMware Security Alert for Windows-Hosted VMware Workstation — last modified 2008-04-04 07:52

On Windows hosts, if you have configured a VMware host-to-guest shared folder, it is possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations.

Trend Micro: First Line of Defense — last modified 2008-02-15 10:55

Spam giving you a problem...find out why. Spammers have made considerable investments in creating and maintaining spam delivery mechanisms that maximize the amount of spam sent.

How Sticky Is Membership on Facebook? Just Try Breaking Free — last modified 2008-02-12 09:44

While the Web site offers users the option to deactivate their accounts, Facebook servers keep copies of the information in those accounts indefinitely. Indeed, many users who have contacted Facebook to request that their accounts be deleted have not succeeded in erasing their records from the network.