Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: 2006 Alerts - Q4

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Download Manager v2.2 released

    FYI...

    - http://www.adobe.com/support/securit...apsb06-19.html
    December 5, 2006
    "...Summary:
    A critical vulnerability has been identified in Adobe Download Manager 2.1 and earlier versions that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. It is recommended that users uninstall Adobe Download Manager 2.1 and earlier using the instructions provided*...
    Affected software versions: Adobe Download Manager 2.1 and earlier...
    Severity rating: Adobe categorizes this as a critical issue and recommends affected users uninstall any affected software..."
    * http://www.adobe.com/support/securit...l#instructions

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Angry Cyber Extortion via Web Mail

    FYI...

    - http://www.websense.com/securitylabs...hp?AlertID=714
    December 11, 2006
    "Websense® Security LabsTM has received reports of a new form of cyber-extortion. Unlike previously documented cases (where end-users were infected with malicious code, certain file types were encoded or encrypted, and a ransom message was left on the machine), this attack compromises users' online web mail accounts. When end-users logged into their web mail accounts (in this case Hotmail), they noticed that all their 'sent' and 'received' emails were deleted along with all their online contacts. The only message that remained was one from the attacker that requested they contact them for payment in order to receive the data back. In this case, the end-users had recently visited an Internet cafe where their credentials may have been compromised..."

    (Screenshots available at the URL above.)

    Previous Cyber Extortion (AKA Ransomware) alerts:
    http://www.websense.com/securitylabs...hp?AlertID=194
    http://www.websense.com/securitylabs...hp?AlertID=320

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Yahoo! Messenger ActiveX vuln - update available

    FYI...

    - http://secunia.com/advisories/23401/
    Release Date: 2006-12-15
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Yahoo! Messenger 5.x, 6.x, 7.x, 8.x
    ...The vulnerability is reported in versions obtained prior to Nov 2, 2006.
    Solution: Update to the latest version.
    http://messenger.yahoo.com/ ...
    Original Advisory: http://messenger.yahoo.com/security_....php?id=120806
    "...If you choose not to update and you have not updated via this page or Chat, the vulnerability will still exist."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Skype worm...

    FYI...

    - http://isc.sans.org/diary.php?storyid=1952
    Last Updated: 2006-12-18 23:54:28 UTC

    > http://www.symantec.com/enterprise/s...121910-5339-99
    Updated: December 19, 2006 10:20:42 AM GMT
    [See: "TECHNICAL DETAILS"...]
    W32.Chatosky - Risk Level 1: Very Low

    > http://www.symantec.com/enterprise/s...ets_skype.html
    December 18, 2006 09:52 PM

    > http://www.websense.com/securitylabs...php?BlogID=101
    Dec 18 2006 3:08PM

    NOTE: http://en.wikipedia.org/wiki/Skype
    "Skype is a proprietary peer-to-peer Voice over IP (VoIP) network founded by the entrepreneurs Niklas Zennstr├Âm and Janus Friis, also founders of the file sharing application Kazaa..."
    -----------------------------------------

    Malicious Code: Skype Trojan Horse
    - http://www.websense.com/securitylabs...hp?AlertID=716
    December 19, 2006
    "...After investigation we have discovered that this is -not- a self propagating worm and is actually a Trojan Horse. After discussions with the very helpful Skype security team, the behavior of this Trojan using the Skype API is as per the specifications of the API. The end-user who is running Skype does get notified that a program is attempting to access it and must acknowledge it.
    *there is -no- vulnerability in Skype at this time that has been uncovered*
    For more details on the Skype API see
    https://developer.skype.com/Docs/Api..._the_Skype_API ."
    ---------------------------------

    - http://www.informationweek.com/share...leID=196700896
    Dec 19, 2006 01:43 PM
    "..."The code isn't a worm," says Dan Hubbard (Websense)... "A user with Skype will get a message to download a program from a URL included in a chat message," says Hubbard. "If they click on that, a program runs in the background, then injects itself into the Explorer process. It looks like the Trojan is designed to grab forms and passwords from the browser"... The servers the attacker used to download malicious code to infected computers are now down, Hubbard confirmed..."

    Last edited by AplusWebMaster; 2006-12-19 at 22:10. Reason: Added Websense info...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Lightbulb Firefox v2.0.0.1, v1.5.0.9 released

    FYI...

    - http://www.mozilla.org/security/#Security_Alerts
    December 19, 2006
    "Security updates have been issued for Firefox and Thunderbird that fix critical security vulnerabilities. All users should install these udpates as soon as possible.
    Firefox 2.0.0.1 - http://www.mozilla.com/firefox/
    Firefox 1.5.0.9 - http://www.mozilla.com/en-US/firefox/all-older.html
    Thunderbird 1.5.0.9 - http://www.mozilla.com/thunderbird/
    Users should get an automatic update notification; users who have turned off update notification can use the "Check for Updates..." item on the Help menu..."

    Fixed in Firefox 2.0.0.1 & 1.5.0.9
    > http://www.mozilla.org/projects/secu...s.html#Firefox

    Fixed in Thunderbird 1.5.0.9
    > http://www.mozilla.org/projects/secu...ml#Thunderbird

    Last edited by AplusWebMaster; 2006-12-20 at 09:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •