|
Network Services
April 1, 2009
Conficker is a worm that exploits a vulnerability in Microsoft Windows in order to download and execute malicious code. Fortunately for BDS clients, you have nothing to worry about since you are all protected with the latest protection and security updates. For home users there is software we recommend if you don’t already have an anti-virus program installed, we also recommend doing a Windows Update.
THREAT INFO: Conficker hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day – which security researchers and ICANN simply bought and/or disabled – but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can’t be tracked and disabled by hand.
PREVENTION: Windows Update and update your anti-virus software as well. Make sure your anti-virus software is actually running too, as Conficker may have disabled it.
April 14, 2009
Zero Day Excel Vulnerability: Hackers are targeting a zero-day vulnerability affecting all current versions of Microsoft Office Excel. Microsoft has publicized workarounds for enterprises as they await a security patch. If exploited, the Excel vulnerability could allow hackers to execute code on a vulnerable system.
THREAT INFO: According to Microsoft, the vulnerability is currently being exploited in “limited and targeted attacks.” The advisory addresses Microsoft Office 2000, 2002, 2003, 2007, Office 2004 & 2008 for Mac.
Remain wary of unsolicited Excel Documents (.xls) arriving via email. If you don’t absolutely need the document, or if you don’t trust the entity it came from you should avoid opening it until Microsoft releases a patch.
This vulnerability effects: All current versions of Microsoft Excel for Windows and Mac computers, and Excel Viewer and Office Compatibility Packs.
How an attacker exploits it: By enticing your users into opening maliciously crafted Excel spreadsheets.
Impact: An attacker can execute code on your computer, potentially gaining control of it.
What to do: If you feel that you have been a victim of this alert, please contact BDS to schedule time to implement proper steps and install patches.
Conficker Variant: It appears that this may be the activity that was supposed to happen on April 1st. This new variant only affects those PCs that have been previously infected with WORM_DOWNAD.KK
TrendLabs has discovered a new Conficker variant (detected as WORM_DOWNAD.E). It appears that this may be the activity that was supposed to happen on April 1st, 2009. This new variant only affects those PCs that have been previously infected with WORM_DOWNAD.KK
What to do: Trend Micro and Symantec products have been patched and you are running the latest engines and pattern files, you are protected from this variant.
• Take caution when searching online for DOWNAD and Conficker information. There are reports of rouge anti-virus packages that are taking advantage of the situation. They will tell you that you are infected and ask you to pay money to download their application, which in many cases turns out to be malware.
• Customers should immediately install patches/updates for MS08067 and other vulnerabilities as soon as vendors release these patches.
• If your computer behaves abnormally, contact BDS immediately to ensure that you are protected.
June 18, 2009
ADOBE SECURITY BULLETIN: Adobe describes issues that affect versions of Adobe Reader and Acrobat, by convincing a user to visit a website and opening a malicious PDF file in the user’s browser. An attacker could then execute code or cause a computer to crash. Please note that some web browsers are configures to open PDF files automatically.
What to do: Do not access PDF documents from un-trusted sources. If you feel you have opened something by mistake, please contact BDS for support.
June 23, 2009
Mozilla Multiple Products Multiple Vulnerabilities
Mozilla foundation has released Firefox 3.0.11 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, mislead users, or obtain sensitive information. The Mozilla Foundation Security Advisories also indicated that many of these vulnerabilities also affect Thunderbird and SeaMonkey; however, updated versions of those packages are not currently available.
What to do: Users are encouraged to apply any necessary updates or workaround to help mitigate the risks.
Relevant URL:
Apple iPhone Multiple Vulnerabilities
Apple has released iPhone OS 3.0 to address multiple vulnerabilities across many packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, bypass security restrictions, or conduct cross-site scripting attacks.
What to do: Users are encouraged to review Apple article HT3639 and upgrade iPhone OS 3.0 to help mitigate the risks.
Relevant URL: < http://support.apple.com/kb/HT3639>
Apple Mac OS X Java Pointer Dereference Remote Code Execution Vulnerability
Apple has released Java for Mac OS X 1.4 Release 9 and Java for Mac OS X 10.5 Update 4 to address multiple vulnerabilities in Java. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code.
What to do: Users and administrators are encouraged to review Apple articles HT3632 and HT3633 and apply any necessary updates to help mitigate attacks.
Relevant URLs:
;< http://support.apple.com/kb/HT3633>
June 29, 2009
NINE BALL is a recent multi-layered Web browser attack that has already infected approximately 40,000 sites. Nine Ball targets legitimate websites to redirect users to malicious sites owned by the attacker and infects PCs through a number of exploits, including Adobe Reader and Quick Time. It then tries to download Trojans and keylogger code without the user’s consent or knowledge. Once infected, anything the victim types can be monitored and used to commit identity theft, such as credit card numbers, passwords and much more.
A new spammed malware attack is impersonating messages from Twitter. Researchers at Symantec say that the attack attempts to pose as an invitation for the target to join the Twitter site with the message ‘your friend has invited you to Twitter’
What to do: As always, contact BDS for support if you feel that you have been a target of this threat.
July 1, 2009
Foxit Reader Contains Multiple Vulnerabilities
Foxit Reader has released updates for multiple vulnerabilities by convincing a user to open a malicious PDF File, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
What to do: Users are encouraged to review the Foxit Security Bulletin and apply any required updates. The most recent version is 2.0.2009.616.
Relevant URLs:
;
Adobe Update for Shockwave Player
Adobe has released Shockwave Player 11.5.0.600 to address a vulnerability. Exploitation of this vulnerability may allow a remove attacker to take control of an affected system
What to do: Users are encouraged to update to Shockwave Player 11.5.0.600 to help mitigate the risks.
Relevant URL:
July 15, 2009
Vulnerability in Embedded OpenType Font Engine A Microsoft windows component, the Embedded OpenType (EOT) Font Engine could allow remote execution. An attacker will try to force users to go to their specially crafted website through email or instant messenger with a disguised link. They could then take complete control of an affected system, and could view, change, or delete data. This vulnerability affects the following Operating Systems: Windows 2000, XP, XP Pro, Windows Server 2000, 2003, Vista, and Windows Server 2008.
What to do: Download the appropriate security updates. Security updates are now available from the Microsoft website for this threat. Visit www.updates.microsoft.com
Vulnerability in Microsoft Office Publisher A remote code execution exists in the way that Microsoft Office Publisher opens, imports, and converts files created in versions older than Microsoft Office Publisher 2007. An attacker could exploit the vulnerability b y creating a specially crafted Publisher File that could be included as an email attachment, or hosted on a specially crafted website.
What to do: Users are encouraged to download the appropriate MS Office security updates. Security updates are now available from the Microsoft website for this threat. Visit www.updates.microsoft.com
July 22, 2009
Mozilla Firefox Multiple Vulnerabilities
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks or compromising a user’s system. This threat affects any systems running Mozilla Firefox 3.5
What to do: Users should update to the latest version of Mozilla Firefox 3.5.1
CNN/MSNBC Alert
The CNN News Alert Mailings are new lures for an existing virus. The mailings which began in August 2008, typically arrive with the subject line such as “CNN.com Daily Top 10” or “My CNN Alert” or “CNN Alerts: Breaking News, offer what appear to be links to news stories from the CNN website. However, clicking through on the links takes the user not to CNN website. However, clicking through on the links takes the user not to CNN website, but to a site that will initiate the download of a malicious executable onto the user’s PC.
What to do: Do not respond to unsolicited email. Be skeptical of individuals representing themselves as officials soliciting personal information via email. Do not click on links contained within an unsolicited email. Only open attachments from known senders. DO not provide personal information to anyone who solicits information.
Google Chrome JavaScript Memory Corruption
The vulnerability is caused due to an error when processing regular expression in JavaScript and can be exploited to corrupt memory and potentially cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code.
July 29, 2009
Twitter Hacked, Confidential Files Made Public
For the third time this year, the San Francisco-based company was the victim of a security breach stemming from a simple end-run around its defenses. In the latest case, a hacker got the password for an employee’s personal e-mail account – possibly by guessing, or by correctly answering a security question – and worked from there to steal confidential company documents.
What to do: The lesson from Twitter’s latest security troubles in an old one – “USE STRONG PASSWORDS, which include some combination of letters and numbers, and for companies, be careful about how many accounts are linked to the same username and password combination.
Internet Explorer 8 Critical patch available
Two separate security bulletins were searched for release today, both updates are designed to resolve a single, overall security problem. The move comes as a necessity to ensure that customers benefit from the broadest protection possible. As far as Internet Explorer is concerned, the patch is rated Critical and will affect IE6, IE7, and IE8 including the releases on top of Windows Vista SP2 and Windows XP SP3. Microsoft made no reference to IE8 on Windows 7, although it is probable for the browser component on the latest iteration of Windows to also be affected.
What to do: Users should expect patches to be made available via Microsoft Update, Windows Update and Windows Server Update Services.
|
