Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
Current Activity Calendar
Left Arrow
September 2008
 Right Arrow
Su M Tu W Th F Sa
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30
Please click on a date above to see current activity for that day.

  • Latest Current Activity
    •

    September 19, 2008 - Current Activity

    This is an archived copy of current activity, if you would like to see the most recent version, please click here.

    September 19VMware Releases Security Advisory VMSA-0008-0015
    September 18Adobe Releases Security Advisory for Mac Illustrator
    September 16Fake Antivirus Software Circulating
    September 16Apple Releases Security Updates for Multiple Vulnerabilities
    September 15Apple Addresses Issues with iTunes 8.0
    September 12TWiki Releases Security Alert
    September 12Apple Releases iPhone v2.1
    September 11DHS Email Scam
    September 10U.S. Presidential Election and Phishing Scams
    September 10Apple Releases Security Updates


    VMware Releases Security Advisory VMSA-0008-0015

    added September 19, 2008 at 09:51 am

    VMware has released a Security Advisory indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in "openwsman". This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.

    US-CERT encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.


    Adobe Releases Security Advisory for Mac Illustrator

    added September 18, 2008 at 08:56 am

    Adobe has released a Security Advisory to alert users of potential vulnerabilities affecting the Macintosh version of Illustrator CS2. By convincing a user to open a malicious Adobe Illustrator file, an attacker may be able to execute arbitrary code.

    In the advisory, Adobe recommends that users exercise caution when receiving unsolicited or suspicious files. Adobe also states that they are currently unaware of any public exploitation of these vulnerabilities.

    US-CERT will provide more information as it becomes available.


    Fake Antivirus Software Circulating

    added September 16, 2008 at 12:30 pm

    US-CERT is aware of public reports indicating an increase in the instances of fake antivirus software circulating. These software applications are malicious code, not legitimate antivirus applications. These instances of malicious code are noted as being distributed through spam email messages containing malicious links, instant messages containing malicious links, private messages on social networking sites, infection from other malware, and from visiting compromised websites.

    Quite often, this malware attempts to convince users that there is something wrong with their systems. This leads to an attempt persuade the users into purchasing an illegitimate antivirus application. If the user purchases the bogus software, the attacker may be able to obtain personal and credit card information for use in additional scams and fraudulent activity.

    US-CERT encourages users to perform the following preventative measures to help mitigate the risks:

    • Install legitimate antivirus software from a trusted vendor, and keep its virus signature files up-to-date.
    • Do not follow unsolicited web links found in email messages or instant messages.
    • Use caution when visiting untrusted websites.
    • Do not install untrusted software.


    Apple Releases Security Updates for Multiple Vulnerabilities

    added September 16, 2008 at 08:02 am

    Apple has released Security Update 2008-006 and Mac OS X v10.5.5 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, information disclosure, denial of service, privilege escalation, or DNS cache poisoning.

    US-CERT encourages users to review Apple article HT3137 and apply the appropriate updates as soon as possible.

    US-CERT will provide additional details as the they become available.


    Apple Addresses Issues with iTunes 8.0

    added September 15, 2008 at 08:25 am

    Apple has released an article to address issues with their recent iTunes 8.0 release. The article indicates that Windows Vista users who have installed iTunes 8.0 may be seeing a blue screen error message when connecting an iPhone or iPod to their computer.

    US-CERT encourages users to review Apple article TS2280 and apply one of the solutions listed in the article to fix the issue.


    TWiki Releases Security Alert

    added September 12, 2008 at 12:38 pm | updated September 12, 2008 at 03:37 pm

    TWiki has released a Security Alert to address a vulnerability. This vulnerability is due to the way TWiki processes the "image" variable in URLs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

    US-CERT encourages users and administrators to review the TWiki Security Alert and apply the workaround listed in the Countermeasures section of the document or upgrade to version 4.2.3 to help mitigate the risks.

    Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.


    Apple Releases iPhone v2.1

    added September 12, 2008 at 01:46 pm

    Apple has released iPhone v2.1 to address multiple vulnerabilities in Application Sandbox, CoreGraphics, mDNSResponder, Networking, Passcode Lock, and Webkit. These vulnerabilities may allow an attacker to execute arbitrary code, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, bypass Passcode Lock, obtain sensitive information, or cause a denial-of-service condition.

    US-CERT encourages users to review Apple document HT3129 and upgrade to iPhone v2.1.


    DHS Email Scam

    added September 11, 2008 at 04:42 pm

    US-CERT is aware that spam email messages are being sent that appear to come from high-level DHS officials, some of which attempt to entice the user into an advance fee fraud scam. In some cases, the sender's address has been spoofed so that the email appears to come from a legitimate dhs.gov address.

    US-CERT encourages users to do the following to help mitigate the risks:


    U.S. Presidential Election and Phishing Scams

    added September 10, 2008 at 09:18 am

    Throughout the United States presidential election campaigns, US-CERT has received reports of phishing scams and email attacks related to the upcoming election. US-CERT reminds users to remain cautious when receiving unsolicited email messages that are related to the presidential election and presidential candidates because the messages may be part of a phishing scam.

    US-CERT encourages users to do the following to help mitigate the risks:


    Apple Releases Security Updates

    added September 10, 2008 at 09:11 am

    Apple has released four security updates to address multiple vulnerabilities in iTunes, QuickTime, iPod touch, and Bonjour for Windows. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, access the system with escalated privileges, or obtain sensitive information.

    US-CERT encourages users and administrators to review the following Apple Security Articles and apply any necessary updates: