InfoSec News

Today, Oracle will release its quarterly patch bundle (Jan2011 CPU). The pre-announcement is already out, and it promises quite some entertainment for DBAs and Middleware Admins for the next couple weeks. One thing that certainly stands out from the list is the vulnerability in Oracle Audit Vault with a CVSS score of 10.0, apparently remotely exploitable without authentication. Always disappointing when a so-called security component makes the system actually more vulnerable.
We'll update this diary later, once the full information becomes available.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Remember four years ago when the Fake Codec scam managed to infect even large corporations? The bad guys still try this approach every now and then, but their most successful invention to date is clearly the fake anti-virus. We've been covering it repeatedly for the past two, three years now, and still is going strong. If an attack vector stays the same for years, it can only mean one thing: It is netting the bad guys enough money that they don't feel the urge to innovate.
The following popped up earlier today when some readers surfed to a perfectly OK web site that had apparently been hacked and amended. The site that seems to start the dive down the FakeAV rabbit hole at the moment is (dontclick!) baullka-dot-com/red.php . The goodies then come from 91.216.122.x which is known to provide unsolicited anti-virus help. Another netblock involved - 188.229.88.x and 188.229.92.x - seems to be a recent addition to the FakeAV universe.
I'm including a couple screenshots below, it never hurts to know what the current incarnation of FakeAV looks like ... *especially* since their current EXE registers with a mere 6/43 on the Virustotal scale.
Stay safe!










(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
glFusion BBCode HTML Injection Vulnerability
 
[ MDVSA-2011:012 ] mysql
 
[SECURITY] [DSA 2148-1] Security update for tor
 
Sphider 'conf.php' Remote Command Execution Vulnerability
 
With Steve Jobs taking another medical leave, Apple customers, investors, partners and employees are again left to wonder what implications this will have for the company's stock, financial performance, product development and business operations.
 
[ GLSA 201101-07 ] Prewikka: password disclosure
 
[ GLSA 201101-05 ] OpenAFS: Arbitrary code execution
 

eWEEK Europe UK

Cyber Security Challenge Reveals Network Defence Winners
eWEEK Europe UK
The competition was first mooted at the Infosec Security Show in April last year and was modelled on the US Cyber Challenge. The Cyber Security Challenge ...

and more »
 
Microsoft announced Monday that its CRM Online software is now available in 40 markets around the world, bringing it in closer competition with Salesforce.com and Oracle's CRM on Demand.
 
[SECURITY] [DSA 2147-1] Security update for pimd
 
[ GLSA 201101-06 ] IO::Socket::SSL: Certificate validation error
 
[SECURITY] [DSA 2146-1] Security update for mydms
 
[ MDVSA-2011:011 ] opensc
 
Acer will begin selling two or three new tablet PCs in the first half of the year, including one with a seven-inch screen, a company sales manager said on Monday.
 
Tata Consultancy Services (TCS), India's largest outsourcer, reported on Monday strong growth in revenue and profit for the quarter ended Dec. 31, citing a strong demand for its services.
 
Femtocells will soon be able to improve home security, personal safety and help integrate smartphones with TVs, laptops and media players, in addition to improving cellular coverage in the home, ABI Research said on Monday.
 
Apple CEO Steve Jobs will take a leave of absence from the company for medical reasons, but will remain involved in major strategic decisions, the company said Monday. He will leave day-to-day operations to COO Tim Cook.
 
pimd Multiple Insecure Temporary File Creation Vulnerabilities
 
Apple CEO Steve Jobs will take a leave of absence from the company for medical reasons, but will remain involved in major strategic decisions, the company said Monday. He will leave day-to-day operations to COO Tim Cook.
 
The Stuxnet worm that disrupted Iran's ability to enrich uranium into bomb-grade nuclear fuel was reportedly created by Israel and the U.S.
 
Consumers love their gadgets, and soon those devices will be able to sense our emotions and react to our moods by joining in on our elation or treading lightly when we're angry.
 
More than three years after the iPhone was first hacked, computer security experts think they've found a whole new way to break into mobile phones -- one that could become a big headache for Apple, or for smartphone makers using Google's Android software.
 
NTT DoCoMo's LTE (Long-Term Evolution) data network, launched in three of Japan's biggest cities on Dec. 24, promises speeds of up to ten times those of current 3G wireless. Over the last few days I've had a chance to test network performance in central Tokyo, and I found that while it does occasionally offer significantly faster downloads than 3G, the current LTE network generally under-performs and suffers from slow upload speeds.
 
Xfig and Transfig '.fig' File Buffer Overflow Vulnerability
 
InfoSec News: We need help with the strange disappearance of Dancho Danchev: http://www.zdnet.com/blog/security/we-need-help-with-the-strange-disappearance-of-dancho-danchev/7897
By Ryan Naraine Zero Day ZDNet News January 14, 2011
Zero Day blogger and malware researcher Dancho Danchev (right) has gone missing since August last year and we have some troubling information that suggests he may have been harmed in his native Bulgaria.
Dancho, who was relentless in his pursuit of cyber-criminals, last blogged here on August 18. His personal blog has not been updated since September 11, 2010.
At ZDNet, we made multiple attempts to contact him, to no avail. Telephone numbers are going to Bulgarian language voicemails and our attempts to reach him via a snail mail address also came up empty.
Over the last few months, we have contacted the Bulgarian CERT authorities and used anti-virus contacts there to help us figure out Dancho’s disappearance. No one can figure out what happened to Dancho.
[...]
 
InfoSec News: Computer Stolen In Oklahoma City Contains Research To Cure Prostate Cancer: Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.news9.com/Global/story.asp?S=13833909 : : By Emily Wood : News 9 : Jan 13, 2011 : : OKLAHOMA CITY -- An Oklahoma couple is urging thieves to return a stolen : computer they say has the power to save millions of lives. [...]
 
InfoSec News: Iran's nuclear program and a new era of cyber war: http://www.latimes.com/news/nationworld/world/la-fg-iran-cyber-war-20110117,0,2232905.story
By Ken Dilanian Los Angeles Times January 17, 2011
Just a few months ago, U.S. and Israeli officials were warning that Iran was a year away from having the capability to rapidly build a nuclear weapon. [...]
 
InfoSec News: Oracle plans to release 66 patches on Tuesday: http://www.computerworld.com/s/article/9205121/Oracle_plans_to_release_66_patches_on_Tuesday
By Chris Kanaracus IDG News Service January 14, 2011
Oracle is planning on Tuesday to release 66 security patches affecting hundreds of products, according to a notice on its Web site. [...]
 
InfoSec News: Hackers will not be deterred by UK cyber defences, report warns: http://www.guardian.co.uk/technology/2011/jan/17/hackers-uk-cyber-defences
By Owen Bowcott The Guardian 17 January 2011
Military "cyber weaponry" will become commonplace this century, but it will be unlikely to deter attacks by "hacktivists" and criminal gangs, [...]
 
Perl IO::Socket::SSL 'verify_hostname_of_cert()' Security Bypass Vulnerability
 
OpenAFS Unix Cache Manager Heap-Based Buffer Overflow Vulnerability
 

Posted by InfoSec News on Jan 16

http://www.latimes.com/news/nationworld/world/la-fg-iran-cyber-war-20110117,0,2232905.story

By Ken Dilanian
Los Angeles Times
January 17, 2011

Just a few months ago, U.S. and Israeli officials were warning that Iran
was a year away from having the capability to rapidly build a nuclear
weapon. Speculation was intensifying that Israel would launch airstrikes
to prevent that from happening.

But as the new year dawned, Western officials, with...
 

Posted by InfoSec News on Jan 16

http://www.computerworld.com/s/article/9205121/Oracle_plans_to_release_66_patches_on_Tuesday

By Chris Kanaracus
IDG News Service
January 14, 2011

Oracle is planning on Tuesday to release 66 security patches affecting
hundreds of products, according to a notice on its Web site.

A number of the patches are for vulnerabilities that meet the most
serious risk level under the Common Vulnerability Scoring System, Oracle
said. Products affected...
 

Posted by InfoSec News on Jan 16

http://www.guardian.co.uk/technology/2011/jan/17/hackers-uk-cyber-defences

By Owen Bowcott
The Guardian
17 January 2011

Military "cyber weaponry" will become commonplace this century, but it
will be unlikely to deter attacks by "hacktivists" and criminal gangs,
and could easily be used for state-sponsored cyber attacks instead, the
Organisation for Economic Co-operation and Development warns.

The British authors of the...
 

Posted by InfoSec News on Jan 16

http://www.zdnet.com/blog/security/we-need-help-with-the-strange-disappearance-of-dancho-danchev/7897

By Ryan Naraine
Zero Day
ZDNet News
January 14, 2011

Zero Day blogger and malware researcher Dancho Danchev (right) has gone
missing since August last year and we have some troubling information
that suggests he may have been harmed in his native Bulgaria.

Dancho, who was relentless in his pursuit of cyber-criminals, last
blogged here on...
 

Posted by InfoSec News on Jan 16

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.news9.com/Global/story.asp?S=13833909
:
: By Emily Wood
: News 9
: Jan 13, 2011
:
: OKLAHOMA CITY -- An Oklahoma couple is urging thieves to return a stolen
: computer they say has the power to save millions of lives.

Also from the article:

"Unfortunately, most of the data was never backed up, a mistake Shin
said could be a major setback in the fight...
 


Internet Storm Center Infocon Status