Old Alerts

Chrome v11.0.696.57 released

FYI...

Chrome v11.0.696.57 released
- http://googlechromereleases.blogspot.com/search/label/Stable updates
April 27, 2011

- http://chrome.blogspot.com/

- http://secunia.com/advisories/44375/
Release Date: 2011-04-28
Criticality level: Highly critical
Impact: Security Bypass, Spoofing, Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-1303, CVE-2011-1304, CVE-2011-1305, CVE-2011-1434, CVE-2011-1435, CVE-2011-1436, CVE-2011-1437, CVE-2011-1438, CVE-2011-1439, CVE-2011-1440, CVE-2011-1441, CVE-2011-1442, CVE-2011-1443, CVE-2011-1444, CVE-2011-1445, CVE-2011-1446, CVE-2011-1447, CVE-2011-1448, CVE-2011-1449, CVE-2011-1450, CVE-2011-1451, CVE-2011-1452, CVE-2011-1454, CVE-2011-1455, CVE-2011-1456
Solution: Upgrade to version 11.0.696.57.
Original Advisory: Google Chrome:
http://googlechromereleases.blogspot.com/2011/04/chrome-stable-update.html

- http://www.securitytracker.com/id/1025453
Apr 28 2011

:fear:
 
Last edited:
Sony hack "worse than previously thought" ...

FYI...

Sony hack "worse than previously thought"...
- https://www.computerworld.com/s/art..._Sony_Online_Entertainment_service_after_hack
May 2, 2011 - "The widely publicized hack of Sony's computer networks is worse than previously thought, also affecting 24.6 million Sony Online Entertainment network accounts... a second gaming network offline on Monday, saying it too appears to have been hacked. It said banking and credit card information belonging to more than 23,000 customers outside the U.S. may have been compromised. The Sony Online Entertainment network, used for massively multiplayer online games like EverQuest, Star Wars Galaxies and Matrix Online, has been suspended temporarily, Sony said Monday. Add this to the 77 million accounts that may have been compromised last week, and Sony is responsible for one of the largest recorded data breaches... In both cases, the stolen data includes customer names, e-mail addresses and hashed versions of their account passwords. That data could be used to spam customers or trick them with phishing e-mails..."
- http://www.databreaches.net/?p=18086
May 2, 2011

:fear::fear:
 
Last edited:
Facebook leaks access to user info...

FYI...

Facebook leaks access to user info ...
- http://www.symantec.com/connect/blo...ons-accidentally-leaking-access-third-parties
May 10, 2011 - "Third parties, in particular advertisers, have accidentally had access to Facebook users’ accounts including profiles, photographs, chat, and also had the ability to post messages and mine personal information. Fortunately, these third-parties may not have realized their ability to access this information. We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue. Facebook applications are Web applications that are integrated onto the Facebook platform. According to Facebook, 20 million Facebook applications are installed every day. Symantec has discovered that in certain cases, Facebook IFRAME applications inadvertently leaked access tokens to third parties like advertisers or analytic platforms. We estimate that as of April 2011, close to 100,000 applications were enabling this leakage. We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties... Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens. Changing the password invalidates these tokens and is equivalent to “changing the lock” on your Facebook profile..."
(More detail and screenshots available at the URL above.)

- http://isc.sans.edu/diary.html?storyid=10864
Last Updated: 2011-05-10 22:50:45 UTC

- https://developers.facebook.com/blog/post/497
May 10, 2011

:sad: :fear:
 
Last edited:
Chrome v11.0.696.68 released

FYI...

Chrome v11.0.696.68 released
- http://secunia.com/advisories/44591/
Release Date: 2011-05-13
Criticality level: Highly critical
Impact: Exposure of sensitive information, System access
Where: From remote
CVE Reference(s): CVE-2011-0579, "Flash -before- 10.3.181.14..." Severity: 5.0 (MEDIUM)
CVE-2011-0618 -> CVE-2011-0627 "Flash -before- 10.3.181.14..." Severity: 9.3 (HIGH)
CVE-2011-1799 & CVE-2011-1800 "Chrome -before- 11.0.696.68..." Severity: 6.8 (MEDIUM)
- http://web.nvd.nist.gov/view/vuln/search
Solution: Update to version 11.0.696.68.

When clicking on the tool symbol and choosing the 'About Google Chrome' menu entry, the version check should show that Chrome is already on the current release – or offer to download and install the update.
___

- http://www.darkreading.com/taxonomy/index/printarticle/id/229403161
May 10, 2011 - "... exploit... using Chrome v11.0.696.65 on Win7SP1 (x64), with the user being lured to visit a malware-rigged Web page, also bypasses [ASLR, DEP], and works on all Windows systems, including Win7/SP1, Vista/SP2, and XP/SP3..."
___

- http://googleblog.blogspot.com/2011/05/blogger-is-back.html
5/13/2011 10:33AM PST - "... sorry that you’ve been unable to publish to Blogger for the past 20.5 hours... what happened: during scheduled maintenance work Wednesday night, we experienced some data corruption..."
___

- http://googlechromereleases.blogspot.com/2011/05/stable-channel-update.html
5/13/2011 10:51AM PST - "... updated to 11.0.696.68..."

:fear::fear:
 
Last edited:
NEW PSN hack hijacks user accounts

FYI...

NEW PSN hack hijacks user accounts
- http://www.theregister.co.uk/2011/05/18/sony_playstation_account_hijacking/
18 May 2011 - "Four days after the PlayStation Network reopened, Sony has taken down login and password recovery pages for the service following reports they contained a serious flaw that was actively exploited to hijack user accounts..."
___

Sony BMG Greece hacked (23 May 2011)
Hack on Sony-owned ISP steals $1,220 in virtual cash (21 May 2011)
Sony's Thai website pwned by phisher scoundrels (20 May 2011)

:mad::sad:
 
Last edited:
Chrome v11.0.696.71 released

FYI...

Chrome v11.0.696.71 released
- http://secunia.com/advisories/44678/
Release Date: 2011-05-25
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
CVE Reference(s):
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1801
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1804
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1806
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1807
Last revised: 05/26/2011
... vulnerabilities are reported in versions prior to 11.0.696.71.
Solution: Update to version 11.0.696.71.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/05/stable-channel-update_24.html

:fear:
 
Last edited:
WordPress v3.1.3 released

FYI...

WordPress v3.1.3 released
- http://wordpress.org/download/
May 25, 2011 - "The latest stable release of WordPress (Version 3.1.3) is available..."

- http://www.securitytracker.com/id/1025571
May 26 2011 - "... prior to 3.1.3"

- http://secunia.com/advisories/44409/
Last Update: 2011-05-27
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of system information, System access
Where: From remote
Solution: Update to version 3.1.3...

- http://wordpress.org/news/2011/05/wordpress-3-1-3/
"WordPress 3.1.3 is available now and is a security update for all previous versions..."

- http://codex.wordpress.org/Version_3.1.3
"... To download WordPress 3.1.3, update automatically from the Dashboard > Updates menu in your site's admin area..."

- http://core.trac.wordpress.org/quer...lestone=3.1.3&group=resolution&order=priority

:fear::fear:
 
Last edited:
Spear phishing at Gmail ...

FYI...

Spear phishers target gov, military officials' Gmail accounts
- http://www.theregister.co.uk/2011/06/02/gmail_spear_phishing_exposed/
2 June 2011 - "Google has detected a targeted campaign to collect hundreds of personal Gmail passwords, many of them belonging to senior US government officials, Chinese political activists, military personnel, and journalists. The accounts may have been compromised using spear phishing techniques in which victims received highly personalized messages that contained links to counterfeit Gmail pages, according to a blog post published in February that Google cited when disclosing the attacks* on Wednesday. Google said the campaign “appears to originate from Jinan, China” but didn't share any evidence supporting that claim..."
* http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
6/01/2011 - "... we recently uncovered a campaign to collect user passwords, likely through phishing. This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists. The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings... Google detected and has disrupted this campaign to take users’ passwords and monitor their emails. We have notified victims and secured their accounts. In addition, we have notified relevant government authorities..."
___

- http://www.us-cert.gov/current/#gmail_phishing_attack
June 2, 2011

F.B.I. to investigate Gmail attacks...
- http://www.nytimes.com/2011/06/03/technology/03google.html?_r=1
June 2, 2011

China denounces Google's claims...
- http://www.theregister.co.uk/2011/06/02/china_google_response/
2 June 2011

- http://www.h-online.com/security/news/item/Attacks-target-high-profile-Gmail-accounts-1254369.html
2 June 2011

:mad::mad:
 
Last edited:
Chrome v11.0.696.77 released

FYI...

Chrome v11.0.696.77 released
- http://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html
June 5, 2011 - "The Chrome Stable channel has been updated to 11.0.696.77 for all platforms. This release contains an updated version of Adobe Flash..."

- http://krebsonsecurity.com/2011/06/flash-player-patch-fixes-zero-day-flaw/
June 5th, 2011 - "Adobe released an emergency security update today to fix a vulnerability that the company warned is being actively exploited in targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message... The vulnerability — a cross-site scripting bug that could be used to take actions on a user’s behalf on any Web site or Webmail provider, exists in Flash Player version 10.3.181.16 and earlier. Google... pushed out an update that fixes this flaw in Chrome..."
___

- http://secunia.com/advisories/44847/
Impact: Cross Site Scripting
Where: From remote...
... The vulnerability is reported in versions prior to 11.0.696.77.
Solution: Update to version 11.0.696.77...

:fear:
 
Last edited:
Chrome v12.0.742.91 released

FYI...

Chrome v12.0.742.91 released
- http://secunia.com/advisories/44829/
Release Date: 2011-06-08
Criticality level: Highly critical
Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access
Where: From remote...
CVE Reference(s): CVE-2011-1808, CVE-2011-1809, CVE-2011-1810, CVE-2011-1811, CVE-2011-1812, CVE-2011-1813, CVE-2011-1814, CVE-2011-1815, CVE-2011-1816, CVE-2011-1817, CVE-2011-1818, CVE-2011-1819, CVE-2011-2332, CVE-2011-2342
Solution: Upgrade to version 12.0.742.91.
Original Advisory:
http://googlechromereleases.blogspot.com/2011/06/chrome-stable-release.html

:fear:
 
Flash exploits on the loose...

FYI...

Flash exploits on the loose...
- http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617
17 June 2011 - "... earlier in the week Adobe issued multiple security updates, which included an update for Adobe Flash Player by way of APSB11-18. What you may not know is that the issue fixed by this update, CVE-2011-2110, is being exploited in the wild on a fairly large scale. In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs, aerospace companies, a Korean news site, an Indian Government website, and a Taiwanese University. The links are also being used in targeted spear phishing attacks designed to lure particular individuals into clicking the links with hopes of compromising their machines. In case there is any doubt at all, this is very bad. If you run a version of Adobe Flash that is -older- than 10.3.181.26 (or 10.3.181.24 for Android), then is is absolutely -critical- that you update your Flash Player. You can check your Flash version by clicking here*...
* http://kb2.adobe.com/cps/155/tn_15507.html
... exploit takes advantage of a vulnerability in the ActionScript Virtual Machine. It then uses heap information leakage in order to avoid spraying the heap and crashing the process. The exploit is also able to bypass Window's data execution prevention (DEP)... We are aware of several sites in the wild that are either compromised and pointing to exploits or are actually housing the exploits themselves. In some cases a single site may be both compromised and housing the malicious download. Right now we only have a limited set of exploit sites we can share due to various restrictions...
Note: Do not visit these URLs as they are malicious and should be considered dangerous..."
(More detail and list at the shadowserver URL above.)

>> http://forums.spybot.info/showpost.php?p=407334&postcount=41

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2110
Last revised: 06/17/2011
CVSS v2 Base Score: 10.0 (HIGH)
"... before 10.3.181.26... as exploited in the wild..."
___

MMPC Telemetry on CVE-2011-2110 Attack Attempts during June 17 – 30, 2011
- http://www.microsoft.com/security/portal/blog-images/CVE-2011-2110/BID593-004.png
1 Jul 2011
- http://blogs.technet.com/b/mmpc/arc...11-2110-adobe-flash-player-vulnerability.aspx
___

- http://www.malwaredomains.com/wordpress/?p=1872
June 17th, 2011 in 0day, Domain News - "... Several domains containing mailicious payloads are listed. We’ll be adding these domains on the next update, but you should add the domains and IP addresses to your domain and ip blocklist ASAP."

:fear::fear::mad:
 
Last edited:
Hacked and exposed...

Online -everything- hacked, or so it seems.

- http://www.reuters.com/article/2011/06/19/us-sega-hackers-idUSL3E7HJ01520110619
Jun 19, 2011 - "... Sega Corp said on Sunday that information belonging to 1.3 million customers has been stolen from its database, the latest in a rash of global cyber attacks against video game companies. Names, birth dates, e-mail addresses and encrypted passwords of users of Sega Pass online network members had been compromised, Sega said in a statement, though payment data such as credit card numbers was safe. Sega Pass had been shut down... The attack against Sega, a division of Sega Sammy Holdings that makes game software such as Sonic the Hedgehog as well as slot machines, follows other recent significant breaches including Citigroup, which said over 360,000 accounts were hit in May, and the International Monetary Fund... surrounding the recent round of video game breaches paled compared to what PlayStation maker Sony Corp experienced following two high-profile attacks that surfaced in April. Those breaches led to the theft of account data for more than 100 million customers, making it the largest ever hacking of data outside the financial services industry..."

- http://www.theregister.co.uk/2011/06/20/sega_onemillion_hacked/
20 June 2011 - "... if the same login information is used for other websites or services, they need to be changed immediately..."

- http://www.fortiguard.com/reports/roundup_06_17_2011.html
June 17 2011

:fear::fear::fear:
 
Thunderbird v3.1.11 released

FYI...

Thunderbird v3.1.11 released
- http://www.mozillamessaging.com/en-US/thunderbird/all.html
June 21st, 2011

Release Notes
- http://www.mozillamessaging.com/en-US/thunderbird/3.1.11/releasenotes/

- http://www.mozilla.org/security/announce/2011/mfsa2011-19.html

Bug fixes
- https://bugzilla.mozilla.org/buglis...8-fixed;type0-0-0=equals;value0-0-0=.11-fixed
22 bugs found

- http://www.securitytracker.com/id/1025686
Date: Jun 22 2011
CVE Reference: CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system. A remote user can obtain cookies from another domain in certain cases...
Version(s): prior to 3.1.11 ...
Solution: The vendor has issued a fix (3.1.11).

:fear:
 
DNS cache poisoning ...

FYI...

DNS cache poisoning...
- http://isc.sans.edu/diary.html?storyid=11107
Last Updated: 2011-06-27 19:19:08 UTC - "... teaching this week at (a) University... we were victims of a DNS cache poisoning attack. Since the network admin was not at his office because class was in the night, there was nothing I could do but wait for the DNS cache to expire.
How this attack works and How we can protect ourselves
The DNS process works as follows to resolve ip address from a fully qualified domain name (FQDN):
• Client sends a query to the internal DNS looking for an ip address for a machine name.
• Internal DNS server performs recursion and if it's not present in the cache looks for the IP address on the internet from the authoritative nameserver of the domain.
• The authoritative nameserver answers the IP address requested.
• The Internal DNS server answers the IP address to the client.
The attack works as follows:
• Attacker queries the target DNS server for a FQDN not present in the cache.
• Target DNS server performs recursion and looks for the IP address on the internet from the authoritative nameserver of the domain.
• Attacker floods the target DNS server with fake responses for the query.
• Target DNS server updates the cache and begins serving the fake ip address every time the FQDN is requested.
How do we protect ourselves from the attack?
• Use the last version of your DNS server (I really like BIND*) as it randomize the source port of your queries.
• Do not allow recursion from outside of your network. Allow it only from your corporate network computers.
• Use DNSSEC. The root servers support it since July 15 2010 and the protocol allows to authenticate valid records from domains zones.
...For those of you using a Windows DNS server, the source port randomization is built-in to Windows 2008 R2's DNS server and other versions that have 'Security Update MS08-037' applied."
- http://www.microsoft.com/technet/security/Bulletin/ms08-037.mspx

* http://www.isc.org/software/bind

Test My DNS
> https://www.dns-oarc.net/oarc/services/dnsentropy

:fear::fear:
 
2011 CWE/SANS Top 25 Most Dangerous Software Errors

FYI...

2011 CWE/SANS Top 25
- http://cwe.mitre.org/top25/
June 27, 2011 - "... list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all. The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped... The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors ( http://www.sans.org/top20/ ) and MITRE's Common Weakness Enumeration (CWE) ( http://cwe.mitre.org/ )..."

Listing of the Top 25
- http://cwe.mitre.org/top25/#Listing

Mitigations ...
- http://cwe.mitre.org/top25/mitigations.html

FAQs ...
- http://cwe.mitre.org/about/faq.html#Top_25

:fear:
 
Chrome v12.0.742.112 released

FYI...

Chrome v12.0.742.112 released
- http://googlechromereleases.blogspot.com/2011/06/stable-channel-update_28.html
June 28, 2011 - "The Chrome Stable channel has been updated to 12.0.742.112 for all platforms. This release contains an updated version of Adobe Flash*, along with the security fixes..."
* http://kb2.adobe.com/cps/901/cpsid_90194.html#main_10.3.181.34
___

- http://secunia.com/advisories/45097/
Release Date: 2011-06-29
Criticality level: Highly critical
Impact: Unknown, System access
Where: From remote
CVE Reference(s): CVE-2011-2345, CVE-2011-2346, CVE-2011-2347, CVE-2011-2348, CVE-2011-2349, CVE-2011-2350, CVE-2011-2351
Solution: Update to version 12.0.742.112.

- http://www.securitytracker.com/id/1025730
June 28 2011
CVE Reference: CVE-2011-2345, CVE-2011-2346, CVE-2011-2347, CVE-2011-2348, CVE-2011-2349, CVE-2011-2350, CVE-2011-2351
... prior to 12.0.742.112

:fear:
 
Last edited:
WordPress v3.1.4 released

FYI...

WordPress v3.1.4 released
- http://wordpress.org/download/
June 29, 2011 - "The latest stable release of WordPress (Version 3.1.4) is available..."

- http://wordpress.org/news/2011/06/wordpress-3-1-4/
June 29, 2011 - "WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site..."

- http://codex.wordpress.org/Version_3.1.4
___

- http://www.securitytracker.com/id/1025737
Jun 30 2011
... prior to 3.1.4...

:fear::fear:
 
Last edited:
Winamp v5.62 released ..

FYI...

Winamp v5.62 released
- http://www.winamp.com/media-player/en
30 June 2011

- http://forums.winamp.com/showthread.php?t=332010
Winamp 5.62, Build 3161 (5.6.2.3161) - 30 June 2011
- http://www.winamp.com/help/Version_History#Winamp_5.62
___

- http://secunia.com/advisories/45028/
Last Update: 2011-07-05
Criticality level: Highly critical
Impact: System access
Where: From remote...
... The vulnerability is confirmed in version 5.6. Other versions may also be affected.
Solution: Update to version 5.62.

- http://secunia.com/advisories/44600/
Solution: Update to version 5.62.

:fear::fear:
 
Last edited:
You must log in or register to reply here.
Back
Top