The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
As part of a joint effort, the United States Secret Service, the Federal Bureau of Investigation, the Internet Crime Complaint Center (IC3) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released Fraud Advisory for Businesses: Corporate Account Take Over (PDF). The document explains that cyber criminals are targeting small- and medium- sized businesses and using methods such as malicious code, phishing, and social engineering attacks to compromise business banking accounts. Once these accounts have been compromised, cyber criminals can fraudulently transfer funds out of them and can cause significant business disruption and substantial monetary loss.
This advisory provides information that businesses can use to help understand, prevent, detect, and respond to the threats of corporate account take over. US-CERT encourages users and administrators to review this document and to remain vigilant in combating the threats of corporate account takeover.
US-CERT is aware of public reports of multiple vulnerabilities affecting Linux. Exploitation of these vulnerabilities may allow an attacker to access the system with root or "superuser" privileges.
The first of these vulnerabilities is due to a flaw in the implementation of the Reliable Datagram Sockets (RDS) protocol in Linux kernel versions 2.6.30 through 2.6.36-rc8. By sending a specially crafted socket function call, an attacker may be able to write arbitrary values into kernel memory and escalate privileges to root.
This vulnerability affects Linux installations where the CONFIG_RDS kernel configuration option is set and where there are no restrictions preventing unprivileged users from loading packet family modules. Reports indicate that this may be the default configuration and that a patch for this vulnerability has been committed to the Linux kernel. Users should apply any updates for their Linux distributions to help mitigate the risks. Additionally, reports indicate that preventing the RDS kernel module from loading is an effective workaround. This can be performed by executing the following command as root:
Adobe has released a security advisory to alert users of a vulnerability affecting Adobe Shockwave Player. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition.
US-CERT encourages users and administrators to review Adobe security advisory APSA10-04 and to consider implementing the workarounds provided in US-CERT Vulnerability Note VU#402231 until a fix is released by the vendor.
Additional information will be provided as it becomes available.