Current Activity Calendar

	October 2009
Su	M	Tu	W	Th	F	Sa
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30	31

Please click on a date above to see current activity for that day.

October 01, 2009 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*October 1*	Research in Motion Releases Security Advisory
*September 28*	Microsoft Releases Fix It for SMB Vulnerability
*September 28*	Malicious Code Spreading via IRS Scam
*September 24*	Cisco Releases Multiple Security Advisories for IOS Vulnerabilities and Unified Communications Manager
*September 23*	Montgomery County Animal Shelter Search Engine Poisoning Campaign
*September 23*	Apple Releases iTunes 9.0.1
*September 18*	Adobe Releases Security Bulletin for RoboHelp Server 8
*September 11*	Fraudulent 9/11 Web Sites
*September 11*	Apple Releases Security Update 2009-005 and Mac OS X v10.6.1
*September 10*	Apple Releases Security Updates

Research in Motion Releases Security Advisory

added October 1, 2009 at 10:35 am

Research in Motion has released a security advisory to address a vulnerability related to how null characters are displayed in a BlackBerry dialog box. This vulnerability may allow an attacker to trick users into believing that they are connecting to a trusted secure site.

US-CERT encourages users to review the BlackBerry security advisory KB19552 and apply any necessary updates.

Microsoft Releases Fix It for SMB Vulnerability

added September 22, 2009 at 10:43 am | updated September 28, 2009 at 07:01 pm

Microsoft has released Microsoft Knowledge Base Article 975497 to address a previously reported vulnerability in Microsoft Sever Message Block (SMB). This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Microsoft Knowledge Base Article 975497 and Microsoft Security Advisory 975497 and apply the Fix it tool or workarounds. Microsoft Knowledge Base Article 975497 addresses the vulnerability that was previously reported in the "Microsoft Releases Security Advisory 975497" Current Activity entry.

US-CERT is aware that exploit code for this vulnerability has been made publicly available as part of the Metasploit Framework. Users and system administrators are strongly encouraged to apply the Microsoft Fix it solution or other workarounds until a patch is released.

Malicious Code Spreading via IRS Scam

added September 28, 2009 at 09:00 am

US-CERT is aware of public reports of malicious code circulating via spam email messages related to the IRS. The attacks arrive via an unsolicited email message and may contain a subject line of "Notice of Underreported Income." These messages may contain a link or attachment. If users click on this link or open the attachment, they may be infected with malicious code, including the Zeus Trojan.

US-CERT encourages users and administrators to take the following measures to protect themselves:

Review the How to Report and Identify Phishing, E-mail Scams and Bogus IRS Web Sites document on the IRS website.
Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Cisco Releases Multiple Security Advisories for IOS Vulnerabilities and Unified Communications Manager

added September 24, 2009 at 09:30 am | updated September 24, 2009 at 02:18 pm

Cisco has released multiple security advisories to address vulnerabilities in IOS Software and Unified Communications Manager. These vulnerabilities may allow an attacker to cause a denial-of-service
condition, buffer overflow, or access control list bypass.

US-CERT encourages users and administrators to review the following Cisco security advisories and apply any necessary updates to help mitigate the risks.

cisco-sa-20090923-acl : Cisco IOS Software Object-group Access Control List Bypass Vulnerability
cisco-sa-20090923-auth-proxy : Cisco IOS Software Authentication Proxy Vulnerability
cisco-sa-20090923-cm : Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
cisco-sa-20090923-cme : Cisco Unified Communications Manager Express Vulnerability
cisco-sa-20090923-h323 : Cisco IOS Software H.323 Denial of Service Vulnerability
cisco-sa-20090923-ios-fw : Cisco IOS Software Zone-Based Policy Firewall Vulnerability
cisco-sa-20090923-ipsec : Cisco IOS Software Internet Key Exchange Resource Exhaustion Vulnerability
cisco-sa-20090923-ntp : Cisco IOS Software Network Time Protocol Packet Vulnerability
cisco-sa-20090923-sip : Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability
cisco-sa-20090923-tls : Cisco IOS Software Crafted Encryption Packet Denial of Service Vulnerability
cisco-sa-20090923-tunnels : Cisco IOS Software Tunnels Vulnerability

Montgomery County Animal Shelter Search Engine Poisoning Campaign

added September 23, 2009 at 06:55 pm

US-CERT is aware of public reports regarding a search engine result poisoning campaign affecting search results for the Montgomery County Animal Shelter. Users seeking details on rumors about the closure of a "Montgomery County Animal Shelter" may be led to click on illegitimate search results which attempt to download malicious code. The rumors are being spread via e-mail, forums, and social networking sites, usually taking the form of a plea for readers to contact the shelter and adopt animals prior to the shelter's closing.

US-CERT is monitoring the situation and will provide updates as they become available.

Apple Releases iTunes 9.0.1

added September 23, 2009 at 09:23 am

Apple has released iTunes 9.0.1 to address a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review Apple article HT3884 and apply any necessary updates to help mitigate the risks.

Adobe Releases Security Bulletin for RoboHelp Server 8

added September 18, 2009 at 03:53 pm

Adobe has released security bulletin APSB09-14 to address a vulnerability in RoboHelp Sever 8. This vulnerability may allow a remote attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB09-14 and apply any necessary updates.

Fraudulent 9/11 Web Sites

added September 11, 2009 at 03:59 pm

US-CERT is aware of public reports indicating that attackers are using legitimate web pages to run malicious code on victims' machines.

Reports, including a posting by Sophos, indicate that these messages

Include keywords and names related to the 9/11/2001 terrorist attack
Prompt users with a fake virus scan that attempts to make users believe they have a security issue. The users are then asked to download fake security software that is actually malicious code.

Please note that these characteristics may change at any time.

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

Install anti-virus software, and keep its virus signature file up to date
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks

Apple Releases Security Update 2009-005 and Mac OS X v10.6.1

added September 11, 2009 at 09:43 am

Apple has released Security Update 2009-005 and Mac OS X v10.6.1 to address multiple vulnerabilities in a number of applications. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain elevated privileges, or access local files.

US-CERT encourages users and administrators to review Apple articles HT3865 and HT3864 and apply any necessary updates to help mitigate the risks. Apple article HT3864 addresses the vulnerability previously reported in the "Adobe Flash Vulnerability Affecting Apple Snow Leopard" Current Activity entry.

Apple Releases Security Updates

added September 10, 2009 at 09:20 am

Apple has released the following security updates:

OS 3.1 for iPhone
OS 3.1.1 for iPod touch
Quicktime 7.6.4

These security updates address vulnerabilities in multiple Apple products. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, access the system with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review the following Apple Security Articles and apply any necessary updates:

* iPhone and iPod OS update (Article: HT3860)
* Quicktime Update (Article: HT3661)

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory