Old Alerts

[AplusWebMaster]

FYI...

Chrome v11.0.696.57 released
- http://googlechromereleases.blogspot...able%20updates
April 27, 2011

- http://chrome.blogspot.com/

- http://secunia.com/advisories/44375/
Release Date: 2011-04-28
Criticality level: Highly critical
Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-1303, CVE-2011-1304, CVE-2011-1305, CVE-2011-1434, CVE-2011-1435, CVE-2011-1436, CVE-2011-1437, CVE-2011-1438, CVE-2011-1439, CVE-2011-1440, CVE-2011-1441, CVE-2011-1442, CVE-2011-1443, CVE-2011-1444, CVE-2011-1445, CVE-2011-1446, CVE-2011-1447, CVE-2011-1448, CVE-2011-1449, CVE-2011-1450, CVE-2011-1451, CVE-2011-1452, CVE-2011-1454, CVE-2011-1455, CVE-2011-1456
Solution: Upgrade to version 11.0.696.57.
Original Advisory: Google Chrome:
http://googlechromereleases.blogspot...le-update.html

- http://www.securitytracker.com/id/1025453
Apr 28 2011

[AplusWebMaster]

FYI...

Sony hack "worse than previously thought"...
- https://www.computerworld.com/s/arti...ice_after_hack
May 2, 2011 - "The widely publicized hack of Sony's computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts... a second gaming network offline on Monday, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised. The Sony Online Entertainment network, used for massively multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online, has been suspended temporarily, Sony said Monday. Add this to the 77 million accounts that may have been compromised last week, and Sony is responsible for one of the largest recorded data breaches... In both cases, the stolen data includes customer names, e-mail addresses and hashed versions of their account passwords. That data could be used to spam customers or trick them with phishing e-mails..."
- http://www.databreaches.net/?p=18086
May 2, 2011

[AplusWebMaster]

FYI...

Facebook leaks access to user info ...
- http://www.symantec.com/connect/blog...-third-parties
May 10, 2011 - "Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information. Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue. Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day. Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties... Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile..."
(More detail and screenshots available at the URL above.)

- http://isc.sans.edu/diary.html?storyid=10864
Last Updated: 2011-05-10 22:50:45 UTC

- https://developers.facebook.com/blog/post/497
May 10, 2011

[AplusWebMaster]

FYI...

Chrome v11.0.696.68 released
- http://secunia.com/advisories/44591/
Release Date: 2011-05-13
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-0579, "Flash -before- 10.3.181.14..." Severity: 5.0 (MEDIUM)
CVE-2011-0618 -> CVE-2011-0627 "Flash -before- 10.3.181.14..." Severity: 9.3 (HIGH)
CVE-2011-1799 & CVE-2011-1800 "Chrome -before- 11.0.696.68..." Severity: 6.8 (MEDIUM)
- http://web.nvd.nist.gov/view/vuln/search
Solution: Update to version 11.0.696.68.

When clicking on the tool symbol and choosing the 'About Google Chrome' menu entry, the version check should show that Chrome is already on the current release – or offer to download and install the update.
___

- http://www.darkreading.com/taxonomy/...e/id/229403161
May 10, 2011 - "... exploit... using Chrome v11.0.696.65 on Win7SP1 (x64), with the user being lured to visit a malware-rigged Web page, also bypasses [ASLR, DEP], and works on all Windows systems, including Win7/SP1, Vista/SP2, and XP/SP3..."
___

- http://googleblog.blogspot.com/2011/...r-is-back.html
5/13/2011 10:33AM PST - "... sorry that you’ve been unable to publish to Blogger for the past 20.5 hours... what happened: during scheduled maintenance work Wednesday night, we experienced some data corruption..."
___

- http://googlechromereleases.blogspot...el-update.html
5/13/2011 10:51AM PST - "... updated to 11.0.696.68..."

[AplusWebMaster]

FYI...

NEW PSN hack hijacks user accounts
- http://www.theregister.co.uk/2011/05...unt_hijacking/
18 May 2011 - "Four days after the PlayStation Network reopened, Sony has taken down login and password recovery pages for the service following reports they contained a serious flaw that was actively exploited to hijack user accounts..."
___

Sony BMG Greece hacked (23 May 2011)
Hack on Sony-owned ISP steals $1,220 in virtual cash (21 May 2011)
Sony's Thai website pwned by phisher scoundrels (20 May 2011)

[AplusWebMaster]

FYI...

Chrome v11.0.696.71 released
- http://secunia.com/advisories/44678/
Release Date: 2011-05-25
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1801
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1804
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1806
- http://web.nvd.nist.gov/view/vuln/de...=CVE-2011-1807
Last revised: 05/26/2011
... vulnerabilities are reported in versions prior to 11.0.696.71.
Solution: Update to version 11.0.696.71.
Original Advisory:
http://googlechromereleases.blogspot...update_24.html

[AplusWebMaster]

FYI...

WordPress v3.1.3 released
- http://wordpress.org/download/
May 25, 2011 - "The latest stable release of WordPress (Version 3.1.3) is available..."

- http://www.securitytracker.com/id/1025571
May 26 2011 - "... prior to 3.1.3"

- http://secunia.com/advisories/44409/
Last Update: 2011-05-27
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of system information, System access
Where: From remote
Solution: Update to version 3.1.3...

- http://wordpress.org/news/2011/05/wordpress-3-1-3/
"WordPress 3.1.3 is available now and is a security update for all previous versions..."

- http://codex.wordpress.org/Version_3.1.3
"... To download WordPress 3.1.3, update automatically from the Dashboard > Updates menu in your site's admin area..."

- http://core.trac.wordpress.org/query...order=priority

[AplusWebMaster]

FYI...

Spear phishers target gov, military officials' Gmail accounts
- http://www.theregister.co.uk/2011/06...shing_exposed/
2 June 2011 - "Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists. The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks* on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn't share any evidence supporting that claim..."
* http://googleblog.blogspot.com/2011/...n-is-safe.html
6/01/2011 - "... we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings... Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities..."
___

- http://www.us-cert.gov/current/#gmail_phishing_attack
June 2, 2011

F.B.I. to investigate Gmail attacks...
- http://www.nytimes.com/2011/06/03/te...ogle.html?_r=1
June 2, 2011

China denounces Google's claims...
- http://www.theregister.co.uk/2011/06...ogle_response/
2 June 2011

- http://www.h-online.com/security/new...s-1254369.html
2 June 2011

[AplusWebMaster]

FYI...

Chrome v11.0.696.77 released
- http://googlechromereleases.blogspot...el-update.html
June 5, 2011 - "The Chrome Stable channel has been updated to 11.0.696.77 for all platforms. This release contains an updated version of Adobe Flash..."

- http://krebsonsecurity.com/2011/06/f...zero-day-flaw/
June 5th, 2011 - "Adobe released an emergency security update today to fix a vulnerability that the company warned is being actively exploited in targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message... The vulnerability — a cross-site scripting bug that could be used to take actions on a user’s behalf on any Web site or Webmail provider, exists in Flash Player version 10.3.181.16 and earlier. Google... pushed out an update that fixes this flaw in Chrome..."
___

- http://secunia.com/advisories/44847/
Impact: Cross Site Scripting
Where: From remote...
... The vulnerability is reported in versions prior to 11.0.696.77.
Solution: Update to version 11.0.696.77...

[AplusWebMaster]

FYI...

Chrome v12.0.742.91 released
- http://secunia.com/advisories/44829/
Release Date: 2011-06-08
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote...
CVE Reference(s): CVE-2011-1808, CVE-2011-1809, CVE-2011-1810, CVE-2011-1811, CVE-2011-1812, CVE-2011-1813, CVE-2011-1814, CVE-2011-1815, CVE-2011-1816, CVE-2011-1817, CVE-2011-1818, CVE-2011-1819, CVE-2011-2332, CVE-2011-2342
Solution: Upgrade to version 12.0.742.91.
Original Advisory:
http://googlechromereleases.blogspot...e-release.html