Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
August 2008
 Right Arrow
Su M Tu W Th F Sa
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    August 25, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    August 25Microsoft Revised Security Bulletin MS08-051
    August 25Red Hat Releases OpenSSH Security Update
    August 21Malware Circulating via Russia/Georgia Conflict Spam Messages
    August 21Opera Releases Version 9.52
    August 18Webex Meeting Manager ActiveX Control Vulnerability
    August 14Joomla! Password Reset Vulnerability
    August 13Apple MobileMe Phishing Scam
    August 12Microsoft Releases August Security Bulletin
    August 7Microsoft Releases Advanced Notification for August Security Bulletin
    August 7Malware Circulating via Spam Messages


    Microsoft Revised Security Bulletin MS08-051

    added August 25, 2008 at 09:22 am

    Microsoft has revised Security Bulletin MS08-051, which addresses vulnerabilities in Microsoft PowerPoint. This revision describes a rerelease of the standalone update package for Microsoft Office PowerPoint 2003.

    According to Microsoft, users who applied the update provided through Microsoft Update or Office Update do not need to take further action. Users who installed the original standalone update should apply the updated package as described in the revised Microsoft Security Bulletin.

    US-CERT encourages users and administrators to review Microsoft Security Bulletin MS08-051 and apply or reapply any necessary updates.


    Red Hat Releases OpenSSH Security Update

    added August 25, 2008 at 09:14 am

    Red Hat has released Security Advisory RHSA-2008:0855-6 to address a recent security incident. In the advisory, Red Hat indicates that the incident involved an intrusion on several of their computer systems. During the intrusion, an attacker was able to sign a small number of OpenSSH packages. Red Hat has provided a list of the compromised packages and has released updated versions of the OpenSSH packages as a precautionary measure.

    US-CERT encourages users and administrators to review Red Hat Security Advisory RHSA-2008:0855-6 and apply the solution provided in the document.


    Malware Circulating via Russia/Georgia Conflict Spam Messages

    added August 21, 2008 at 09:07 am

    US-CERT is aware of public reports of malware circulating via spam email messages related to the Russia/Georgia conflict. These messages contain factual information about the conflict. The messages also contain download instructions for the user to watch a video that is attached to the message. If a user opens the attachment, malware may be downloaded and installed onto their system.

    US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:


    Opera Releases Version 9.52

    added August 21, 2008 at 08:58 am

    Opera Software has released version 9.52 of the Opera web browser to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, inject malicious content into a page on a trusted website, obtain sensitive information, or cause a denial-of-service condition.

    US-CERT encourages users to review the latest Opera Security Advisories and upgrade to Opera 9.52 to help mitigate the risks.


    Webex Meeting Manager ActiveX Control Vulnerability

    added August 11, 2008 at 12:41 pm | updated August 18, 2008 at 10:44 am

    Cisco has released a Security Advisory to address a vulnerability that affects Cisco Webex Meeting Manager. This vulnerability is due to a buffer overflow condition in the "NewObject()" method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, open an e-mail message that contains embedded malicious HTML code, or by sending malicious HTML code via instant messaging applications, a remote attacker may be able to execute arbitrary code.

    US-CERT encourages users to review Cisco Security Advisory 107751 and apply any necessary updates or workarounds listed in the document. Additional information about this vulnerability can be found in the Vulnerability Notes Database.


    Joomla! Password Reset Vulnerability

    added August 14, 2008 at 01:20 pm

    The Joomla! Project has released an advisory to address a password reset vulnerability in the Joomla! content management system. This vulnerability, which may allow non-validating tokens to be forged, is due to a flaw in the reset token validation mechanism. Exploitation of this vulnerability may allow an unauthenticated attacker to reset the password of the first enabled user, which is typically an administrator user.

    US-CERT encourages users to review the Joomla! advisory and upgrade to version 1.5.6 (or newer) or apply the patch listed in the advisory.


    Apple MobileMe Phishing Scam

    added August 13, 2008 at 10:18 am

    US-CERT is aware of public reports of a phishing attack circulating via email messages that appear to be targeting Apple MobileMe users. These messages claim that there is a problem with the user's billing information and instruct the user to follow a web link to update personal information. Clicking on this link directs the user to a web page that contains a seemingly legetimate web form requesting personal and financial information. Any information entered in this form is not sent to Apple but rather, to a malicious attacker.

    US-CERT encourages users to do the following to help mitigate the risks:


    Microsoft Releases August Security Bulletin

    added August 12, 2008 at 02:24 pm

    Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Outlook Express, Windows Mail, and Windows Messenger as part of the Microsoft Security Bulletin Summary for August 2008. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information.

    US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.


    Microsoft Releases Advanced Notification for August Security Bulletin

    added August 7, 2008 at 04:27 pm

    Microsoft has issued a Security Bulletin Advance Notification indicating that the August release cycle will contain 12 bulletins, seven of which will have a severity rating of Critical. The notification states that these Critical bulletins are for Microsoft Windows, Office, and Internet Explorer. There will also be five important bulletins for Microsoft Windows, Office, Outlook Express, Windows Mail, and Windows Messenger. Release of these bulletins is scheduled for Tuesday, August 12.

    US-CERT will provide additional information as it becomes available.


    Malware Circulating via Spam Messages

    added August 7, 2008 at 12:06 pm

    US-CERT is aware of public reports of malware spreading via spam. It has been reported that malware is spreading in spam messages related to the upcoming Olympics and to fake CNN news reports. If a user clicks the link to one of these fake news reports they are prompted to install a Flash Player update. If users attempt to install the update, malware may be downloaded and installed onto their system.

    US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks: