|
|
07-11-2009
Registered User
26,240,
27
Weekly Summary of the "DHS Daily Open Source Infrastructure Report"
The DHS Daily Open Source Infrastructure Report covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.
Could Mafiaboy be right? If so, will your enterprise be impacted?
37. June 30, DarkReading - (International) ‘Mafiaboy': cloud computing will cause Internet security meltdown. A reformed black-hat hacker, better known as the 15-year-old “mafiaboy” who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay, says widespread adoption of cloud computing is going to make the Internet only more of a hacker haven. “It will be the fall of the Internet as we know it,” the hacker said on June 30 during a Lumension Security-sponsored Webcast event. “You're basically putting everything in one little sandbox...it's going to be a lot more easy to access,” he added, noting that cloud computing will be “extremely dangerous. This is not the last you're going to hear of this,” he said. A security and forensics expert for Lumension says cloud computing, indeed, will open up new avenues of risk. “We haven't even handled the fundamentals of [securing it] in our existing environments,” the expert said during an interview after the Webcast. “Now we're going to push it up to the cloud?” “Aside from the fact that the fundamental protocols are easily manipulated...social networking and dumpster diving have been going on a long time and are still extremely effective. The scariest aspect for business owners is their own employees compromising [them],” the hacker said. “Dumpster diving, social networking, and internal corporate sabotage will be the No. 1 threat. It's imperative that corporations take a closer look at their employees.” Source: http://www.darkreading.com/securitys...leID=218102139
Did the McAfee glitch impact you?
28. July 6, V3.co.uk - (International) McAfee glitch causes havoc for IT admins. A recent VirusScan update from McAfee caused mayhem for some IT administrators over the weekend, after it falsely reported that a range of critical system files were infected with a Trojan. The problem became apparent when users began posting to the company's forums, complaining of false positives and even some cases of the dreaded blue screen of death. The issue seems to affect only those users running an outdated version of the VirusScan engine, but some running the latest version also reported false positives, although not with critical system files. McAfee has acknowledged a problem, and has released another update which corrects it. However, it appears that machines affected by the glitch will have to be repaired manually, as the quarantined files cannot easily be returned to their original locations. “Last Friday, McAfee was made aware of some incorrect identification when using no longer supported versions of the software,” explained a McAfee spokesman. “Customers reporting this issue have been confirmed to be running VirusScan Enterprise 7.1 or 8.0i specifically with the 5100 scanning engine that has not been supported for 18 months.” “Customers running 5200 or a newer scanning engine version have not been impacted. Current versions are VSE8.7 and scanning engine 5301. The incorrect identification was resolved in the daily release on Friday July 3rd.” The company has created an entry in its KnowledgeBase detailing the issue and offering potential fixes for those affected. Source: http://www.v3.co.uk/v3/news/2245491/...-glitch-causes
Have you taken action to offset the Microsoft Video ActiveX hole?
29. July 6, CNET News - (International) Microsoft warns of hole in Video ActiveX control. Microsoft on July 6 warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site. There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog. This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files. Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under “Fix It For Me” in the Knowledge Base article for advisory number 972890 on the Microsoft support site. Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround. Microsoft is working on a security update and will release it when the quality is at the appropriate level for broad distribution, the company said. Source: http://news.cnet.com/8301-1009_3-102...=News-Security
Hopefully your antivirus can handle the ‘WORM_RANSOM.FD.'!
27. July 8, Spamfighter News - (International) Trend Micro discovers new ransomware ‘WORM_RANSOM.FD.' According to Trend Micro security researchers, they have detected a new ransomware that proliferates through an e-mail on the internet. Trend Micro have called the malware WORM_RANSOM.FD that seems as a mass mailing computer worm, but a detailed analysis of it has revealed that it contains a deadly payload. It has been discovered that WORM_RANSOM.FD downloads from remote websites when visitors access those sites or it may download secretly by other malware on the targeted system. While the deadly payload does not affect some files with extensions such as .dry, .rwg, .vxd, .dll, .inl and .exe, the malware is capable of encrypting all files stored in the targeted computers using Blowfish algorithm. Hence, the malware makes the files useless. Moreover, the worm makes a registry entry (ies) that allows it to do automatic execution whenever the system startup. Interestingly, the new ransomware WORM_RANSOM.FD does not follow the function of a typical ransomware which demands money for restoring encrypted files. Instead it gives a user three options to choose from to restore the affected files. Source: http://www.spamfighter.com/News-1268...M_RANSOMFD.htm
Is your Mac antivirus installed and up-to-date? If not, perhaps it should be!
34. July 9, V3.co.uk - (International) McAfee warns of new Mac malware attack. Researchers at McAfee Avert Labs have warned that a new malware attack for Mac OS X systems has been spotted in the wild. Known informally as ‘Puper', the Trojan disguises itself as a video program for OS X systems called ‘MacCinema'. The attack appears as a disk image which launches an installer application for the fictional MacCinema software. Once the installer completes its task, the user becomes infected with a script file named ‘AdobeFlash'. The malicious script then launches itself every five hours, and attempts to download and launch other malware on the infected system. This latest attack is similar to others which have targeted OS X users in recent months, often enticing the user to download and install the malware by posing as a video player or ‘codec' plug-in required to view movie files. Source: http://www.v3.co.uk/v3/news/2245704/...attack-spotted
More...
Week Ending: Friday, July 10, 2009
Could Mafiaboy be right? If so, will your enterprise be impacted?
37. June 30, DarkReading - (International) ‘Mafiaboy': cloud computing will cause Internet security meltdown. A reformed black-hat hacker, better known as the 15-year-old “mafiaboy” who, in 2000, took down Websites CNN, Yahoo, E*Trade, Dell, Amazon, and eBay, says widespread adoption of cloud computing is going to make the Internet only more of a hacker haven. “It will be the fall of the Internet as we know it,” the hacker said on June 30 during a Lumension Security-sponsored Webcast event. “You're basically putting everything in one little sandbox...it's going to be a lot more easy to access,” he added, noting that cloud computing will be “extremely dangerous. This is not the last you're going to hear of this,” he said. A security and forensics expert for Lumension says cloud computing, indeed, will open up new avenues of risk. “We haven't even handled the fundamentals of [securing it] in our existing environments,” the expert said during an interview after the Webcast. “Now we're going to push it up to the cloud?” “Aside from the fact that the fundamental protocols are easily manipulated...social networking and dumpster diving have been going on a long time and are still extremely effective. The scariest aspect for business owners is their own employees compromising [them],” the hacker said. “Dumpster diving, social networking, and internal corporate sabotage will be the No. 1 threat. It's imperative that corporations take a closer look at their employees.” Source: http://www.darkreading.com/securitys...leID=218102139
Did the McAfee glitch impact you?
28. July 6, V3.co.uk - (International) McAfee glitch causes havoc for IT admins. A recent VirusScan update from McAfee caused mayhem for some IT administrators over the weekend, after it falsely reported that a range of critical system files were infected with a Trojan. The problem became apparent when users began posting to the company's forums, complaining of false positives and even some cases of the dreaded blue screen of death. The issue seems to affect only those users running an outdated version of the VirusScan engine, but some running the latest version also reported false positives, although not with critical system files. McAfee has acknowledged a problem, and has released another update which corrects it. However, it appears that machines affected by the glitch will have to be repaired manually, as the quarantined files cannot easily be returned to their original locations. “Last Friday, McAfee was made aware of some incorrect identification when using no longer supported versions of the software,” explained a McAfee spokesman. “Customers reporting this issue have been confirmed to be running VirusScan Enterprise 7.1 or 8.0i specifically with the 5100 scanning engine that has not been supported for 18 months.” “Customers running 5200 or a newer scanning engine version have not been impacted. Current versions are VSE8.7 and scanning engine 5301. The incorrect identification was resolved in the daily release on Friday July 3rd.” The company has created an entry in its KnowledgeBase detailing the issue and offering potential fixes for those affected. Source: http://www.v3.co.uk/v3/news/2245491/...-glitch-causes
Have you taken action to offset the Microsoft Video ActiveX hole?
29. July 6, CNET News - (International) Microsoft warns of hole in Video ActiveX control. Microsoft on July 6 warned of a vulnerability in its Video ActiveX Control that could allow an attacker to take control of a PC if the user visits a malicious Web site. There have been limited attacks exploiting the hole, which affects Windows XP and Windows Server 2003, Microsoft said on its Security Response Center blog. This is the second DirectShow security hole Microsoft has announced in the past few months. The company has yet to provide a security update for a vulnerability announced in May that involves the way DirectX handles QuickTime files. Since there are no by-design uses for the ActiveX Control within Internet Explorer, Microsoft is recommending that users implement a workaround outlined in the security advisory. Customers can automatically implement the workaround by following the instructions under “Fix It For Me” in the Knowledge Base article for advisory number 972890 on the Microsoft support site. Even though Windows Vista and Windows Server 2008 are not affected by the vulnerability, Microsoft is recommending that users of those products also use the workaround. Microsoft is working on a security update and will release it when the quality is at the appropriate level for broad distribution, the company said. Source: http://news.cnet.com/8301-1009_3-102...=News-Security
Hopefully your antivirus can handle the ‘WORM_RANSOM.FD.'!
27. July 8, Spamfighter News - (International) Trend Micro discovers new ransomware ‘WORM_RANSOM.FD.' According to Trend Micro security researchers, they have detected a new ransomware that proliferates through an e-mail on the internet. Trend Micro have called the malware WORM_RANSOM.FD that seems as a mass mailing computer worm, but a detailed analysis of it has revealed that it contains a deadly payload. It has been discovered that WORM_RANSOM.FD downloads from remote websites when visitors access those sites or it may download secretly by other malware on the targeted system. While the deadly payload does not affect some files with extensions such as .dry, .rwg, .vxd, .dll, .inl and .exe, the malware is capable of encrypting all files stored in the targeted computers using Blowfish algorithm. Hence, the malware makes the files useless. Moreover, the worm makes a registry entry (ies) that allows it to do automatic execution whenever the system startup. Interestingly, the new ransomware WORM_RANSOM.FD does not follow the function of a typical ransomware which demands money for restoring encrypted files. Instead it gives a user three options to choose from to restore the affected files. Source: http://www.spamfighter.com/News-1268...M_RANSOMFD.htm
Is your Mac antivirus installed and up-to-date? If not, perhaps it should be!
34. July 9, V3.co.uk - (International) McAfee warns of new Mac malware attack. Researchers at McAfee Avert Labs have warned that a new malware attack for Mac OS X systems has been spotted in the wild. Known informally as ‘Puper', the Trojan disguises itself as a video program for OS X systems called ‘MacCinema'. The attack appears as a disk image which launches an installer application for the fictional MacCinema software. Once the installer completes its task, the user becomes infected with a script file named ‘AdobeFlash'. The malicious script then launches itself every five hours, and attempts to download and launch other malware on the infected system. This latest attack is similar to others which have targeted OS X users in recent months, often enticing the user to download and install the malware by posing as a video player or ‘codec' plug-in required to view movie files. Source: http://www.v3.co.uk/v3/news/2245704/...attack-spotted
More...