Page 3 of 35 FirstFirst 123456713 ... LastLast
Results 21 to 30 of 350

Thread: Old Alerts

  1. #21
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IrfanView vuln - update available

    FYI...

    - http://secunia.com/advisories/26619/
    Release Date: 2007-10-16
    Critical: Moderately critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: IrfanView 3.x, IrfanView 4.x
    ...The vulnerability is confirmed in version 4.00. Other versions may also be affected.
    Solution: Update to version 4.10.
    http://www.irfanview.com/main_download_engl.htm

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #22
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Malicious Code: ...spammed in Latin America

    FYI...

    - http://www.websense.com/securitylabs...hp?AlertID=809
    October 17, 2007 - "Websense® Security Labs™ has discovered a new Trojan Horse being distributed via spam email in Latin America. The email message is written in Spanish, and includes the subject line: "Espero que te guste"
    The email acts as a lure, attempting to get users to click a link and download a greeting card. There are several versions of the spam message, but the main difference is the location where the malicious code is stored. In all versions discovered to date, the file name is always "mexico.exe", and the MD5 is "ce073c460ec25d7e40efe3f717f75c38". In all samples, the file has been stored on compromised websites. If users click on the link and run the code, a browser window to Univision.com opens as a means of hiding what is happening in the background. The malicious code also connects to one or more additional websites to download an additional binary file, "file56.gif". This file is actually a Windows executable. The "file56.gif" binary can come from any of five different compromised sites. The file is downloaded to the Windows system32 directory and given the name "html.txt". The "html.txt" file is then renamed "html.exe" and run. The payload of the code is written in Delphi and packed with RLpack. It disables Task Manager, deletes the host file, and changes some startup options and Start menu options. It also includes an information stealing component..."

    (Screenshot available at the URL above.)

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #23
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation RealPlayer 0-day exploit attacks in progress

    FYI...

    - http://preview.tinyurl.com/36awux
    October 19, 2007 (Computerworld) - "Attackers are exploiting a zero-day vulnerability in RealPlayer in order to infect Windows machines running Internet Explorer, Symantec Corp. said late Thursday. The security company issued an alert that rated the threat with its highest possible score. According to a warning issued to customers of its DeepSight threat network, Symantec said an ActiveX control installed by RealNetworks Inc.'s RealPlayer program is flawed. When combined with Microsoft Corp.'s Internet Explorer (IE) browser -- which relies on ActiveX controls to extend its functionality -- the bug can be exploited, and malicious code downloaded to any PC that wanders to a specially-crafted site. Only systems on which both RealPlayer and IE have been installed are vulnerable. Symantec ranked the attack as a "10" on its urgency scale because it has confirmed that attacks are being conducted in the wild; those attacks have resulted in malicious code downloaded to victimized PCs. The only bright spot: "We are not currently aware of widespread exploitation of this issue," the company's warning read... Symantec also referenced a blog* that had posted some information about the RealPlayer vulnerability Wednesday morning..."

    * http://www.infosecblog.org/2007/10/nasa-bans-ie.html
    October 18, 2007 - "I heard that NASA is telling employees and contractors not to use IE due to malware affecting Internet Explorer and Real Player..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #24
    Junior Member
    Join Date
    Oct 2007
    Posts
    1

    Default Alerts - 2007-Q4


  5. #25
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Reader/Acrobat v8.1 vuln

    FYI...

    - http://isc.sans.org/diary.html?storyid=3531
    Last Updated: 2007-10-22 20:58:04 UTC

    " http://www.adobe.com/support/securit...apsb07-18.html
    ...Update available for vulnerability in versions 8.1 and earlier of Adobe Reader and Acrobat
    Release date: October 22, 2007
    Vulnerability identifier: APSB07-18
    CVE number: CVE-2007-5020
    Platform: Windows XP (Vista users are not affected) with Internet Explorer 7 installed
    > Affected software versions: Adobe Reader 8.1 and earlier, Adobe Reader 7.0.9 and earlier
    > Adobe Acrobat Professional, 3D and Standard 8.1 and earlier versions, Adobe Acrobat Professional, Standard, 3D and Elements 7.0.9 and earlier"

    The acrobat patch is available here http://www.adobe.com/support/downloa...atform=Windows

    The reader patch is available here http://www.adobe.com/support/downloa...atform=Windows ..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #26
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation IBM Lotus Notes multiple vulns - update available

    FYI...

    - http://secunia.com/advisories/27279/
    Release Date: 2007-10-23
    Critical: Highly critical
    Impact: Exposure of sensitive information, System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: IBM Lotus Notes 6.x, IBM Lotus Notes 7.x ...
    Solution: Update to version 7.0.3 or 8.0.
    NOTE: Version 8.0 does not fix the vulnerability in wp6sr.dll.
    http://www-306.ibm.com/software/lotu...ral/index.html ...

    http://www-1.ibm.com/support/docview...id=swg21271111
    "...Fixed in Lotus Notes 7.0.3 / Proposed for 8.0.1..."

    .
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #27
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation PDF mailto exploit documents in the wild

    FYI...

    - http://isc.sans.org/diary.html?storyid=3537
    Last Updated: 2007-10-23 20:16:52 UTC - "The vulnerability initially reported here http://isc.sans.org/diary.html?storyid=3406 and confirmed here (with workaround) http://isc.sans.org/diary.html?storyid=3477 and patched here http://isc.sans.org/diary.html?storyid=3531 now appears to have been spotted in the wild. The proof of concept code had been released, and a number of people have reported receiving the PDFs which exploit the vulnerability. Obviously please patch, apply the workarounds, and/or ensure you can detect and block the exploit. File names seen so far are 'BILL.pdf' and 'INVOICE.pdf'."

    > http://forums.spybot.info/showpost.p...2&postcount=17

    -----------------------------------

    PDF Exploit Spam Used to Install Gozi Trojan in New Attack
    - http://www.secureworks.com/research/threats/gozipdf/
    October 23, 2007 - "...The attachment may instead be represented by an icon used to represent PDF files. These attachments use filenames such as BILL.pdf or INVOICE.pdf, but those filenames, as well as the sender and message content itself, may change. The attached exploit may be detected by some anti-malware vendors as Downloader.PDF, Pidief.A or similar names. The exploit downloads executes a first-stage downloader EXE file from an RBN (Russian Business Network) server via anonymous FTP and executes it. That downloader installs a variant of the Gozi Trojan which steals data as described in the Threat Analysis posted on the SecureWorks website:
    * http://www.secureworks.com/research/threats/gozi/
    The latest Gozi variant (Gozi.F) installed by this exploit was detected by 26% of 32 of the largest anti-malware vendors at the time of release..."

    Last edited by AplusWebMaster; 2007-10-26 at 16:00.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #28
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down Southern California Wildfire Scams

    FYI...

    - http://www.websense.com/securitylabs...php?BlogID=152
    Oct 25 2007 - "...Most of you have heard by now San Diego and some surrounding Los Angeles areas are suffering from devastating fires. Since our head quarters is in San Diego we have certainly been affected by the fires and several employees were evacuated and some have lost homes. One very amazing thing has been the outpouring of support both locally within the communities, state-wide, and internationally. We have received several offers for people to house folks who have had to relocate and several others offers for help.
    Unfortunately, as we saw with Katrina and several other emergencies, there are also criminals who attempt to take advantage of the supporters who are willing to help. Please make sure you are dealing with legitimate organizations and, if possible, contact them on your own. Be very careful of people reporting to be agencies such as the Red Cross asking for donations or requesting you to visit their websites. They may be fraudulent or hosting malicious code designed to steal information such as banking details. For example, many suspicious eBay auctions have appeared requesting donations..."

    (Screenshot available at the URL above.)
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #29
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation RealPlayer/RealOne/HelixPlayer multiple vulns - update available

    FYI...

    RealPlayer/RealOne/HelixPlayer multiple vulns - update available
    - http://secunia.com/advisories/27361/
    Release Date: 2007-10-26
    Critical: Highly critical
    Impact: System access
    Where: From remote
    Solution Status: Vendor Patch
    Software: Helix Player 1.x, RealOne Player 1.x, RealOne Player 2.x, RealPlayer 10.x, RealPlayer Enterprise 1.x ...
    Solution: Update to the latest versions. Please see the vendor's advisory for details.
    http://service.real.com/realplayer/s...007_player/en/ ..."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #30
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Default Alerts - 2007-Q4

    FYI...

    Malicious PDF files being spammed out in volume
    - http://www.f-secure.com/weblog/archives/00001303.html
    October 26, 2007 - " Malicious PDF file (report.pdf or debt.2007.pdf or overdraft.2007.10.26.pdf or so) has been massively spammed through email during last hour and the spam run is still continuing. The PDF is spiced with CVE-2007-5020 exploit that downloads ms32.exe that downloads more componets. At this point it's not clear yet what is the final payload of the malware, because of missing files in the download chain. We are investigating further... The subjects for the spam messages include:
    Your credit report
    Your credit points
    Your balance report
    Personal Financial Statement
    Personal Credit Points
    Personal Balance Report
    Your Credit File
    Balance Report
    More information in our full description*.
    More on the scope of the vulnerability from a ZDNet article**."

    * http://www.f-secure.com/v-descs/expl...reader_k.shtml

    ** http://blogs.zdnet.com/security/?p=614



    ------------------
    Adobe rdr patch info: >>> http://forums.spybot.info/showpost.p...2&postcount=17

    .
    Last edited by AplusWebMaster; 2007-10-26 at 20:55.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •