Old Alerts

[AplusWebMaster]

FYI...

iTunes accounts hacked...
- http://isc.sans.edu/diary.html?storyid=9136
Last Updated: 2010-07-05 19:31:16 UTC - "... iTunes accounts have been hacked to make mass purchases of one developer's app. As a safety measure, I recommend to change your ITunes password ASAP and, if you feel paranoid like me, delete your credit card info from the account until this issue is clarified. More information at: http://www.alexbrie.com/archives/205 , http://thenextweb.com/apple/2010/07/04/app-store-hacked ..."

- http://www.theregister.co.uk/2010/07..._manipulation/
5 July 2010 11:29 GMT

- http://blog.trendmicro.com/cybercrim...-of-app-store/
July 6, 2010 - "... cybercrime groups have now found a working business model in monetizing phished user accounts in Apple’s App Store. They’ve circumvented Apple’s “strict” app review process by submitting nonmalicious apps (doesn’t matter if the app is worthless) then used phished iTunes accounts to buy (and make money from) the worthless apps... by targeting user accounts, cybercriminals attacked the weakest link in the system (the user), only using Apple’s App Store as platform and the worthless apps as means to cash in on phished accounts. May this incident serve as a glaring reminder on the importance of our online accounts, especially if our credit and/or debit cards are tied to them."

[AplusWebMaster]

FYI...

1H 2010 - Security bug count up - 3rd party apps ...
- http://www.theregister.co.uk/2010/07...threat_report/
12 July 2010 - "The number of vulnerabilities in the first half of 2010 was close to the number recorded in the whole of 2009, security notification firm Secunia reports*... Secunia reckons the security threat landscape is shifting from operating system vulnerabilities to bugs in third-party applications. Secunia reckons a typical end-user PC with 50 programs installed will be faced with 3.5 times more security bugs in the 24 third party programs running on their systems than in the 26 Microsoft programs installed. Secunia expects this ratio to increase to 4.4 in 2010. Patching to defend against these vulnerabilities is further complicated by the 13 different software update mechanisms running on each PC... study can be found here*."
* http://secunia.com/gfx/pdf/Secunia_H...eport_2010.pdf
"... The overall conclusion is that despite considerable security investments, the software industry at large still proves unable to produce software with substantially less vulnerabilities, highlighting the continued need for Vulnerability Intelligence and Patch Management... the report shows an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business..."

- http://www.pcmag.com/article2/0,2817,2366015,00.asp
07.02.2010

- http://isc.sans.edu/diary.html?storyid=9172
Last Updated: 2010-07-14 14:36:45 UTC

- http://www.bitdefender.com/files/New...ape_Report.pdf
"... During the last six months, China has been the most active country in terms of malware propagation, followed by the Russian Federation. Both countries are known for their lax legislation regarding cybercrime, as well as for the plethora of “bulletproof hosting” companies – such as the officially dead Russian Business Network (but extremely active in practice), Troyak (taken down in March 2010) or PROXIEZ-NET (gone as of May 2010). If both the Russian Federation and China are the main hosters for Zeus C & C panels / exploit packs, and medicine spam mass-mailers, Brazil – ranked third – has an industry of its own: the highly dangerous banker Trojans... "

[AplusWebMaster]

FYI...

Oracle Critical Patch Update Advisory - July 2010
- http://www.oracle.com/technology/dep...pujul2010.html
2010-July-13 - "... Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 59 new security fixes..."
(More details at the URL above.)

- http://www.us-cert.gov/current/#orac...patch_update13
"... security fixes:
• 6 for Oracle Database Server
• 2 for TimesTen In-Memory Database
• 5 for Oracle Secure Backup
• 7 for Oracle Fusion Middleware
• 1 for Oracle Enterprise Manager
• 7 for Oracle E-Business Suite
• 2 for Oracle Supply Chain Products Suite
• 8 for Oracle PeopleSoft and JDEdwards Suite
• 21 for Oracle Sun Products Suite ..."

- http://www.securitytracker.com/archi...mary/9000.html
2010-07-13 // 2010-07-14 - Oracle...
- http://www.securityfocus.com/
2010-07-13 // 2010-07-14 - Oracle...

[AplusWebMaster]

FYI...

Winamp v5.58 released
- http://secunia.com/advisories/40534/
Release Date: 2010-07-13
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 5.58 or later.
Original Advisory:
http://www.winamp.com/help/Version_H...1_.28Latest.29

- http://www.winamp.com/media-player/en

- http://securitytracker.com/alerts/2010/Jul/1024207.html
Jul 14 2010

[AplusWebMaster]

FYI...

iTunes v9.2.1 released
- http://secunia.com/advisories/40660/
Release Date: 2010-07-20
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
...The vulnerability is reported in versions prior to 9.2.1.
Solution: Update to version 9.2.1.
Original Advisory: Apple:
http://support.apple.com/kb/HT4263

- http://securitytracker.com/alerts/2010/Jul/1024220.html

- http://support.apple.com/downloads/

[AplusWebMaster]

FYI...

vBulletin vuln - update available
- http://secunia.com/advisories/40675/
Last Update: 2010-07-23
Criticality level: Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: vBulletin 3.x
... The vulnerability is reported in version 3.8.6. Prior versions may also be affected.
Solution: Apply patch 3.8.6 PL1...
Original Advisory: vBulletin:
http://www.vbulletin.com/forum/showt...ease-3.8.6-PL1 ...
vbfans.com:
http://vbfans.com/wtn-official-produ...3-8-6-faq-php/

[AplusWebMaster]

FYI...

- http://www.safer-networking.org/en/u...ory/index.html
2010-07-28 - "... Total: 4,158,967 fingerprints in 1,278,273 rules for 5,686 products..."

[AplusWebMaster]

FYI...

* http://securityblog.verizonbusiness....dbir-released/

- http://preview.tinyurl.com/37d8rea
"... Key findings of the 2010 report:
• Most data breaches (69%) caused by external sources
• Many breaches (48%) involved privilege misuse
• Nearly all data is breached from servers and online applications
• Most breaches (85%) were not difficult to carry out
• Most victims (87%) missed evidence of security breaches in their log files
• Recommendations for enterprises:
- Restrict and monitor privileged users
- Watch for minor policy violations
- Implement measures to stop the use of stolen credentials
- Focus on the size and volume of log files
- Share incident information with other organisations"

- http://krebsonsecurity.com/2010/07/h...vious-in-2009/
July 28, 2010

[AplusWebMaster]

FYI...

Foxit Reader v4.1.1.0805 available
- http://www.foxitsoftware.com/announc...010861227.html
Fixed in Foxit Reader 4.1.1
• Foxit Reader 4.1.1.0805 addresses vulnerability associated with the rendering of the PDF's embedded in the new iPhone/iPad jailbreak program.
CVE-2010-1797: http://www.f-secure.com/weblog/archives/00002004.html
August 6, 2010

Direct download - latest version
- http://www.foxitsoftware.com/downloa...er.php?tag=exe

Update now available through the "Check for Updates" function:
From an admin. account: > Help > Check for Updates now > FoxIt Reader 4.1.1.0805 Upgrade
8.6.2010

- http://www.foxitsoftware.com/pdf/rea..._bulletins.php

- http://securitytracker.com/alerts/2010/Aug/1024294.html
Aug 6 2010

- http://www.us-cert.gov/current/#foxi...foxit_reader_4

[AplusWebMaster]

FYI...

Google Chrome v5.0.375.126 released
- http://googlechromereleases.blogspot...able%20updates
August 10, 2010 - "Google Chrome 5.0.375.126 has been released to the Stable channel on Linux, Mac, and Windows. This version contains an updated version of the Flash plugin..."

- http://secunia.com/advisories/40917/
Release Date: 2010-08-11
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 5.0.375.126...