Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
July 2007
 Right Arrow
Su M Tu W Th F Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    July 03, 2007 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    July 2Russian Cyber Attacks Reported
    June 29New Storm Worm Variant Spreads through Social Engineering
    June 28Publicly Available Exploit Code for a Vulnerability in RealNetworks Media Players
    June 27Justice Department Warns Public of Fraudulent Spam Email
    June 27Multiple Vulnerabilities in Kerberos Administration Daemon
    June 25Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities
    June 22CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database


    Russian Cyber Attacks Reported

    added July 2, 2007 at 01:12 pm

    US-CERT is aware of reports of cyber attacks occurring in Russian cyber-space. According to reports these attacks may be politically motivated.  It is reported that the attacks are similar to those that affected Estonia in April and May. 

    More information can be found in the following:

    http://www.washingtonpost.com/wp-dyn/content/article/2007/07/01/AR2007070100009.html

    US-CERT will continue to monitor this activity and may update with additional information.



    New Storm Worm Variant Spreads through Social Engineering

    added June 29, 2007 at 01:31 pm

    US-CERT is aware of a new variant of the Trojan Worm known as "Storm Worm" that uses social engineering with mass mailing to spread to unsuspecting victims. This variant of Storm Worm arrives as an email message with the subject line "You've received a postcard from a family member!", and contains a link to a malicious website that, when visited, installs malware on the user's system.

    US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:


    Publicly Available Exploit Code for a Vulnerability in RealNetworks Media Players

    added June 28, 2007 at 11:50 am

    US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in RealNetworks media players. By supplying a user with a crafted media file or stream, a remote unauthenticated attacker could execute arbitrary code or cause a denial-of-service condition on a vulnerable system.

    More information regarding this vulnerability can be found in Vulnerability Note VU#770904 and iDefense Labs Public Advisory: 06.26.07.

    To help mitigate the security risk, US-CERT recommends users upgrade their media player to the latest version as soon as possible.


    Justice Department Warns Public of Fraudulent Spam Email

    added June 27, 2007 at 06:41 pm

    The United States Department of Justice has released information warning the public of a recent surge in fraudulent spam e-mail messages claiming to be from the DOJ.  The messages contain a malicious attachment that supposedly contains information regarding complaints filed against them with the DOJ and IRS, but instead launches malware on the user's system when opened.

    More information regarding these messages can be found in the DOJ  Justice Department Alerts Public about Fraudulent Spam Email Press Release.

    To help protect against this type of attack, US-CERT recommends that users never open attachments from unsolicited email messages. More information on how to safely utilize email attachments can be found in the US-CERT Using Caution with Email Attachments Cyber Security Tip.


    Multiple Vulnerabilities in Kerberos Administration Daemon

    added June 26, 2007 at 02:31 pm | updated June 27, 2007 at 07:43 am

    US-CERT is aware of multiple vulnerabilities in the Kerberos administration daemon that may allow a remote user to execute arbitrary code or cause a denial-of-service condition on an affected system.

    More information regarding these vulnerabilities may be found in the following:

    US-CERT strongly encourages users and administrators to review the documents above and apply the patches as described in MIT krb5 Security Advisories 2007-004 and 2007-005 to address these vulnerabilities.


    Apple Releases Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to Address Multiple Vulnerabilities

    added June 25, 2007 at 10:39 am

    Apple has released Security Update 2007-006 and Safari 3 Beta Update 3.0.2 to address multiple vulnerabilities in WebCore, WebKit, and Safari 3 Beta. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct cross-site scripting attacks, or alter the contents of the address bar in the Safari web browser.

    More information regarding the vulnerabilities and remediation information can be found in the following:

    US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.


    CA Releases Updates for Multiple Vulnerabilities in Products that Use the Ingres Database

    added June 22, 2007 at 03:26 pm

    Computer Associates has released updates to address several vulnerabilities in products that use the Ingres database. These vulnerabilities may allow an attacker to execute arbitrary code on an affected system.

    More information regarding these vulnerabilities and which applications are affected can be found in the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document.

    US-CERT strongly encourages users to review the CA Security Advisor "CA Products That Embed Ingres Multiple Vulnerabilities" document and follow best-practice security policies to determine what updates should be applied.