http://www.trustedsource.org/blog/265/An-Artemis-View-of-Zero-Day-Attacks
In our blog from yesterday, we described how Exploit-MSDirectShow.b has been widely deployed on hijacked websites in China, targeting Internet Explorer users. When a victim browses one of these sites, malware is downloaded to the computer. To better understand the current impact of these attacks, we have monitored the prevalence of its downloaded malware through Artemis.
Since yesterday, our Artemis technology has detected new malware installed by Exploit-MSDirectShow.b that was targeted to certain geographical regions of the world.
----------
"Shocking": Helen Thomas slams Obama over secrecy
rawstory.com — Veteran White House correspondent Helen Thomas said the Obama administration's way of handling questions from the press and pre-scripting of town hall questions is "shocking." She says in all her years in the White House she's never seen anything like it.
----------
Microsoft Security Advisory 973472 ReleasedPosted Monday, July 13, 2009 5:18 AM by MSRCTEAM
Hi Everyone,
This is Dave Forstrom, group manager for our security response communications team. We have just posted Microsoft Security Advisory 973472, which highlights a vulnerability in Microsoft Office Web Components. Specifically, the vulnerability exists in the Spreadsheet ActiveX control and while we’ve only seen limited attacks, if exploited successfully, an attacker could gain the same user rights as the local user.
Products affected are Microsoft Office XP Service Pack 3,
Microsoft Office 2003 Service Pack 3,
Microsoft Office XP Web Components Service Pack 3,
Microsoft Office Web Components 2003 Service Pack 3,
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1,
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3,
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3,
Microsoft Internet Security and Acceleration Server 2006, Internet Security and Acceleration Server 2006 Supportability Update,
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1.
----------
More information about the Office Web Components ActiveX vulnerability
We are aware of public attacks on the Internet exploiting a vulnerability in the Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). Microsoft has released an advisory with further information available here.
What’s the attacking vector?
This vulnerability could be used for remote code execution in a "browse and get owned" scenario. User interaction is required since a user needs to go to a malicious website that hosts the exploit.
----------
Snoopers Skim Data Off Embedded Chips in Drivers Licenses and Passports
War drivers have moved, from looking for open wireless systems to obtain free Internet access, to skimming data off IDs that use unencrypted embedded radio frequency identification (RFID) chips. Government agencies are using RFID chips to remotely and silently check the identity of persons carrying these special ID documents. As RFID enabled government issued IDs become more prevalent government, commercial, and criminal applications for the technology will develop.
Chips in official IDs raise privacy fears, Associated Press, July 11, 2009
----------
"The international space station is by far the largest spacecraft ever built by earthlings. Circling the Earth every 90 minutes, it often passes over North America and is visible from the ground when night has fallen but the station, up high, is still bathed in sunlight. After more than a decade of construction, it is nearing completion and finally has a full crew of six astronauts. The last components should be installed by the end of next year. And then? "In the first quarter of 2016, we'll prep and de-orbit the spacecraft," says NASA's space station program manager, Michael T. Suffredini."
----------
Wells Fargo Sues Self, Hires Different Lawyers To Respond
from the you-can't-make-this-up dept
In this particular case, Wells Fargo holds the first and second mortgages on a condominium, according to Sarasota, Fla., attorney Dan McKillop, who represents the condo owner. As holder of the first, Wells Fargo is suing all other lien holders, including the holder of the second, which is itself.
----------
http://www.law.com/jsp/article.jsp?id=1202432184159&rss=newswire
"What was fascinating to hear on our part was one of our counsel commented that we were the only law firm to ever ask him anything," Spirgel says.
----------
http://wcbstv.com/local/texting.manhole.raw.2.1081403.html
It was an accident waiting to happen -- an open sewer and a 15-year-old girl who was texting while she walked.
----------
Securing a laptop with whole disk encryption (TrueCrypt):
Quickpost: TrueCrypt’s Boot Loader Screen Options
Ready for some Security Through Obscurity fun?I’ve been playing with TrueCrypt’s Boot Loader Screen Options to display a custom message when I boot my laptop with full disk encryption.
----------
CA Apologizes for False Positive
One of our readers, Melvin, was kind enough to send us a heads up on an issue with CA DAT files. The site refers to a "false positive" detection for Win32/Amalum for detections via Microsoft Windows Service Pack 3 and commercial application, Cygwin. The files are quarantined and the file is appended with the extension "*.AVB". The files will still be intact and organizations running ISS should restore files from the GUI. For those using ITM, a search tool is available from CA support upon request.
Please update your signatures to DAT 6606 to ensure protection from the false positive. Here is a link to the CA statement.
----------
Tech Insight: It's About DAM Time
Jul 13,2009
Given today's threats to data from targeted attacks and unsavory insiders, it's no longer a question of whether or not to adopt database activity monitoring
----------
Mission Impossible? A Plan to Secure the Federal Cyberspace, Part 3
Security expert Ariel Silverstone looks at what is needed to truly secure the online systems used by the federal government. Does Obama's plan measure up? (Last in a three-part series)
Read more
----------
Most Users Clueless about Cybersecurity, FBI Says
Law enforcement officials urge basic education in online security issues for anyone using the Internet.
----------
Researcher Says IE Bug Could Spread Quickly A security analyst warns that a critical IE flaw that Microsoft has confirmed -- but has yet to patch -- is a prime candidate for another Conficker-scale attack Read more...
----------
skip to main |
skip to sidebar
Rather than an introspective blog, I will use this location to gather all the news stories that apply to security professionals.
No comments:
Post a Comment