Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
left_arrow
February 2008
 right_arrow
Su M Tu W Th F Sa
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    February 05, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    February 5Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities
    February 4Publicly Available Exploit for Facebook and MySpace Image Uploader Vulnerability
    February 1Department of Justice Phishing Campaign
    February 1Possible Department of Justice Phishing Campaign
    January 31Communication Interruption Due to Mediterranean Cable Break
    January 31Storm Worm Directing Users to Medical Spam Web Sites
    January 30Cisco Releases Security Advisories to Address a Vulnerability in the Cisco Wireless Control System
    January 25GE Fanuc Product Vulnerabilities
    January 25IBM AIX Vulnerabilities
    January 24Sun Releases Java Update


    Yahoo! Music Jukebox ActiveX Buffer Overflow Vulnerabilities

    added February 5, 2008 at 11:18 am

    US-CERT is aware of publicly available exploit code for vulnerabilities affecting Yahoo! Music Jukebox. These vulnerabilities are caused by buffer overflows in the Yahoo! MediaGrid ActiveX control and the YMP Datagrid ActiveX control. Successful exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code on a vulnerable system.

    More information regarding these vulnerabilities can be found in Vulnerability Notes VU#101676 and VU#340860.

    US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.


    Publicly Available Exploit for Facebook and MySpace Image Uploader Vulnerability

    added February 4, 2008 at 10:28 am | updated February 4, 2008 at 11:38 am

    US-CERT is aware of publicly available exploit code for an unpatched vulnerability affecting an image uploader used by Facebook and MySpace. This vulnerability is caused by a buffer overflow in Aurigma's ImageUploader ActiveX control. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code on an affected system.

    More information regarding this vulnerability can be found in Vulnerability Note VU#776931.

    US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.

    US-CERT will continue to investigate and provide additional information as it becomes available.


    Department of Justice Phishing Campaign

    added February 1, 2008 at 03:35 pm

    US-CERT has received reports of a phishing campaign that involves targeted email messages claiming to be from the Department of Justice. The emails include messaging that is designed to convince recipients that they are the subject of a business complaint filed through the Department of Justice. Initial reports indicate that as many as 20,000 users, representing a wide range of companies in the US, Canada, and Australia, have been targeted.

    The reports also indicate that a Department of Justice template is being used in these attacks.  The Department of Justice released a statement on its website indicating that it does not, and would not send that type of information to the public via email.  The statement includes an example of the template being used.

    To help protect against this type of attack, US-CERT recommends that users never open attachments or click links contained in unsolicited email messages. More information on how to avoid becoming a victim of such an attack can be found in the US-CERT Cyber Security Tips Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks.  



    Possible Department of Justice Phishing Campaign

    added January 31, 2008 at 09:33 pm | updated February 1, 2008 at 08:02 am

    US-CERT has received information indicating that a phishing campaign involving targeted malicious email messages may be imminent. The messages may attempt to convince users that they are the subject of a business complaint filed through the Department of Justice, and could include a malicious attachment or a link to a malicious website.

    To help protect against this type of attack, US-CERT recommends that users never open attachments or click links contained in unsolicited email messages. More information on how to avoid becoming a victim of such an attack can be found in the US-CERT Cyber Security Tips Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Attacks .


    Communication Interruption Due to Mediterranean Cable Break

    added January 31, 2008 at 11:31 am

    Internet and voice communications in many countries have been interrupted by a break in the Mediterranean cable that provides those services.  Reports are stating that repairs may take considerable time to complete and that other methods of connectivity are being implemented.

    This event may affect communications for the following countries:

    • Pakistan
    • Egypt
    • Maldives
    • Kuwait
    • Lebanon
    • Algeria
    • Sudan
    • UAE
    • Syria
    • Saudi Arabia
    • Bahrain
    • India

    More information can be found in the following:

    US-CERT will continue to monitor this situation and will provide more information as it becomes available.


    Storm Worm Directing Users to Medical Spam Web Sites

    added January 30, 2008 at 03:20 pm | updated January 31, 2008 at 09:01 am

    US-CERT is aware of a variant of the Storm Worm that sends unsolicited email messages to users and attempts to evade spam filtering. When a user receives this email message, it will contain a link in the format of:

    http://<IP Address>/<random directory name>

    The link directs the user to a website containing spam about medical information.

    US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:


    Cisco Releases Security Advisories to Address a Vulnerability in the Cisco Wireless Control System

    added January 30, 2008 at 02:23 pm

    Cisco has released Security Advisory cisco-sa-20080130-wcs to address a vulnerability in the Wireless Control System. The vulnerability exists in the Apache Tomcat URI handler and may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

    More information and workarounds regarding this vulnerability can be found in the Cisco Security Advisory cisco-sa-20080130-wcs.


    GE Fanuc Product Vulnerabilities

    added January 24, 2008 at 02:17 pm | updated January 25, 2008 at 03:52 pm

    Vulnerabilities in GE Fanuc CIMPLICITY and Proficy Real-Time Information Portal could allow an attacker to execute arbitrary code, obtain user credentials, upload and execute arbitrary files, or cause a denial-of-service condition.

    US-CERT encourages users to review the following:

    • Vulnerability Notes Database
    • GE Fanuc Proficy Real-Time Information Portal allows arbitrary file upload and execution (KB12460)
    • GE Fanuc Proficy Real-Time Information Portal transmits authentication credentials in plain text (KB12459)
    • Buffer Overflow Allows Remote Code Execution (KB12458)


    IBM AIX Vulnerabilities

    added January 25, 2008 at 10:28 am

    US-CERT is aware of multiple vulnerabilities affecting IBM AIX.  These vulnerabilities may allow a local attacker to gain escalated privileges on an affected system, gain access to sensitive information, or alter the behavior of system software.

    US-CERT encourages users to visit the IBM web site for further information regarding these vulnerabilities.

    US-CERT will provide more information as it becomes available.


    Sun Releases Java Update

    added January 24, 2008 at 04:00 pm

    US-CERT is aware that Sun has released an update to Java SE 6 containing fixes for 375 bugs. Users are encouraged to install the appropriate updates and should be aware that installing this new version of Java SE may not remove previous versions of the software. 

    For more information please see the following: