Mailing Lists & Feeds
Current Activity Calendar
| April 23, 2007 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.New Attack Technique for ARM Architectureadded April 20, 2007US-CERT is aware of a new attack technique presented at CansecWest and Black Hat Amsterdam. This technique affects devices that use the ARM (including Xscale) architecture, such as routers, wireless access points and mobile phones. The technique demonstrates that a vulnerability that results in a NULL pointer dereference can be used to execute arbitrary code. US-CERT has been working with vendors to inform them of this attack technique and provide mitigation strategies. US-CERT will continue to investigate and provide additional information as it becomes available. Apple Releases Security Update to Address Multiple Vulnerabilities in Various Productsadded April 19, 2007 | updated April 20, 2007Apple has released Security Update 2007-004 to address multiple vulnerabilities in various products. The impacts of these vulnerabilities include arbitrary code execution, privilege escalation, SYSTEM level access, information disclosure, and denial of service. More information about these vulnerabilities is located in the Vulnerability Notes Database and Technical Cyber Security Alert TA07-109A. US-CERT encourages users to apply the appropriate updates as soon as possible. Oracle Releases Critical Patch Update for April 2007added April 18, 2007Oracle has released the Oracle Critical Patch Update (CPU) for April 2007. This update contains 36 new security fixes for multiple vulnerabilities in various Oracle products and components. The impacts of these vulnerabilities vary depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, disclosure of sensitive information, and denial of service. More information is available in the Critical Patch Update for April 2007. We strongly encourage Oracle administrators to review, test, and install the patches within the April 2007 CPU. Virginia Tech Tragedy May Spawn Phishing Sitesadded April 17, 2007In recent years, US-CERT has received reports of an increased number of phishing sites set up in the wake of tragedies and natural disasters. US-CERT reminds users to remain cautious when receiving unsolicited email that could be a potential phishing attempt. Phishing emails may appear as requests for donations from a charitable organization asking the users to click on a link that will then take them to a fraudulent web site that appears to be a legitimate charity. The users are then asked to provide personal information that can further expose them to future compromises. Users are encouraged to take the following measures to protect themselves from this type of phishing attack:
For additional information regarding phishing, US-CERT recommends reading the following documents:
New Rinbot Variant Attempting to Exploit Microsoft Windows DNS RPC Vulnerabilityadded April 17, 2007US-CERT is aware of a new variant of the Rinbot worm that is currently scanning for port 1025/tcp and attempting to exploit the recent buffer overflow vulnerability in the Microsoft Windows DNS service RPC management interface. Like other variants of Rinbot, this variant is an Internet Relay Chat controlled backdoor that may provide an attacker unauthorized remote access to a compromised machine. US-CERT recommends the following actions to help mitigate the security risks:
New Storm Worm Variant Spreads through Social Engineeringadded April 12, 2007 | updated April 16, 2007US-CERT is aware of a new variant of the Trojan Worm known as "Storm Worm" that uses social engineering with mass mailing to spread to unsuspecting victims. This variant of Storm Worm arrives as an email attachment and also propagates through network file shares. Clicking on the executable file in the email installs a rootkit that may mask the malicious software from virus scans and shut down running security programs. This virus then scans the machine's hard drive to harvest email addresses that can be used to launch a spam attack. Understanding that the subject lines can change at any time, we are currently aware of the following:
The message body typically contains an image with text that warns of a worm and states that the attached .zip file is a patch for the worm. The .zip file is generally password-protected with the password given in the image. Passwords may differ among samples. US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:
Publicly Available Exploit Code for Vulnerability in RPC on Windows DNS Serveradded April 16, 2007US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Microsoft Windows DNS service RPC management interface. We are also aware of reports indicating this vulnerability is being actively exploited. More information about this vulnerability can be found in the following:
US-CERT recommends the following actions to help mitigate the security risks:
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more
Get Adobe Reader