The DHS Daily Open Source Infrastructure Report (DHS) coversthe publicly reported material for the preceding day(s) not previouslycovered.  This weekly summary provides a selection of those items ofgreatest significance to the InfoSec professional.

Should you not be aware of even one of the items discussedbelow it would be wise to familiarize yourself with it.  The headline above each entry will take youdirectly to the DHS report which presented the item for ten business days fromthe date of inclusion.  The Source linkwill take you to the original source cited by DHS.

A relatively quiet week, nearly all of thesignificant items in some way relate to antivirus protection.  A password compromise Trojan which bypassesmost AV tools was reported Monday, attack code focusing on a Microsoft vulnerabilitywas reported Tuesday, Twitter scammers spreading scareware was reportedWednesday, an AV scam impacting Google users reported Thursday and Cisco releaseda dozen patches reported Friday.


Nasty password Trojan evading AV software.  Could it be within your environment?

31.September 18, The Register –(International) World’s nastiest trojan fools AV software. One of theworld’s nastiest password-stealing trojans evades detection by the majority PCsrunning anti-virus (AV) programs, according to a study that examined 10,000machines. Source: http://www.theregister.co.uk/2009/09...des_detection/


Attackcode looms to attack a Windows flaw! Should you disable the vulnerablecomponent? 

41.September 20, Computerworld –(International) Microsoft unveils shield for critical Windows flaw as attackcode looms. With attack code that exploits a critical unpatched bug inWindows likely to go public soon, Microsoft wants users to run an automatedtool that disables the vulnerable component. Source: http://www.computerworld.com/s/artic...?taxonomyId=85


Twitter scammers spreading scareware!  Will it affect your employees or clients?

29.September 22, Network World –(International) Scammers auto-generate Twitter accounts to spread scareware.Scammers are increasingly using machine-generated Twitter accounts to postmessages about trendy topics, and tempt users into clicking on a link thatleads to servers hosting fake Windows antivirus software, security researcherssaid Monday.  Source: http://www.networkworld.com/news/200...o.html?hpg1=bn


Google users beware! There is risk as a result of an AV scam.

38.September 22, SCMagazine– (International) Rogue AV scam targetsGoogle users. An ongoing attack on Google users is sending victims to rogueanti-virus software sites, researchers said this week.  Source: http://www.scmagazineus.com/Rogue-AV...rticle/149460/


Cisco’slatest patches have been released!  Areyou on top of this?

33. September 23, IDG News Service– (International) Cisco patches a dozen router bugs. CiscoSystems has released its twice-yearly set of security patches for its routerfirmware, fixing 12 security flaws in the products. Source: http://www.computerworld.com/s/artic...?taxonomyId=17

Note: The DHS only maintains the last ten days of their reports online.  Toobtain copies of earlier reports or complete summaries, go to:


 




More...