July 31st, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user’s system with malicious code.
Reports, including a posting by Sophos, indicate that these messages have the following characteristics. Please note that these attributes may change at any time.
- The subject line “E-Ticket#XXXXXXXXXX”
- An attachment named “eTicket#XXXX.zip”
DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:
Posted in Security Alerts | No Comments »
Tagged With: Airline Ticket • Airlines • Anti Virus Software • Attributes • E Ticket • Email Messages • Email Scams • Malicious Code • New Email • Open Attachments • Phishing Attacks • Preventative Measures • S System • Security Risks • Social Engineering • Subject Line • Unsolicited Email • Virus Signature • Xxxx
July 31st, 2008 . by DarkFiber Consulting
AVG has released version 8.0.156 to address multiple issues. Some of these issues could allow an attacker to cause a crash, resulting in a denial-of-service condition. This version also reduces the amount of incidental traffic generated by the program when searching on particular websites.
DarkFiber Consulting encourages users to review the AVG Program update and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Attacker • Avg Update • Crash • Denial Of Service • Necessary Updates • Traffic
July 29th, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file “fbi_facebook.exe” to infect the user’s system with malicious code.
Reports, including a posting by Sophos, indicate the following email subject lines are being used. Please note that subject lines can change at any time.
- F.B.I. may strike Facebook
- F.B.I. watching us
- The FBI’s plan to “profile” Facebook
- The FBI has a new way of tracking Facebook
- F.B.I. are spying on your Facebook profiles
- F.B.I. busts alleged Facebook
- Get Facebook’s F.B.I. Files
- Facebook’s F.B.I. ties
- F.B.I. watching you
DarkFiber Consulting encourages users and administrators to take the following preventative measures to help mitigate the security risks:
Posted in Security Alerts | No Comments »
Tagged With: Anti Virus Software • Email Messages • Email Scams • Executable File • Facebook • Federal Bureau Of Investigation • Malicious Code • Malicious Website • New Storm • Phishing Attacks • Preventative Measures • S System • Security Risks • Social Engineering • Storm Worm • Subject Lines • Trojan Horse Virus • Unsolicited Email • Virus Signature • Worm Activity
July 29th, 2008 . by DarkFiber Consulting
Oracle has released a Security Advisory to address a vulnerability in the WebLogic plug-in for Apache. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to compromise the confidentiality or integrity of WebLogic Server applications or cause a denial-of-service condition. The advisory indicates that exploit code for this vulnerability is publicly available.
DarkFiber Consulting encourages users to review the Oracle Security Advisory and implement the workarounds listed in the document to help mitigate the risks. At this time, a patch or update is not available.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Address • Apache • Attacker • Confidentiality • Denial Of Service • Exploit • Integrity • Oracle • Oracle Security • Security Advisory • Server Applications • Vulnerability • Weblogic • Workarounds
July 28th, 2008 . by DarkFiber Consulting
RealNetworks has released an update to address multiple vulnerabilities in RealPlayer. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. RealNetworks identifies the vulnerabilities as the following:
- RealPlayer ActiveX controls property heap memory corruption.
- Local resource reference vulnerability in RealPlayer.
- RealPlayer SWF file heap-based buffer overflow.
- RealPlayer ActiveX import method buffer overflow.
DarkFiber Consulting encourages users to review the RealNetworks advisory and apply the appropriate updates to help mitigate the risk.
Posted in Security Alerts | No Comments »
Tagged With: Activex Controls • Address • Arbitrary Code • Attacker • Based Buffer Overflow • Heap Memory • Import Method • Memory Corruption • Realnetworks • Realplayer Update • Resource Reference • Risk • Swf File • Vulnerabilities • Vulnerability
July 25th, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of public reports of an attack circulating via bogus email messages that claim to be from “US Customs Service.” The messages may contain the subject line “Parcel requires declaration” and indicate that a parcel has been received addressed to the recipient of the email. These messages may also encourage users to open an attachment to the message that may contain malicious code.
DarkFiber Consulting encourages users to do the following to help mitigate the risks:
- Review the alert posted by the U.S. Customs and Border Protection regarding this issue.
- Do not open attachments contained in unsolicited email messages.
- Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
- Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
- Install anti-virus software and keep virus signature files up to date.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Anti Virus Software • Customs And Border Protection • Customs Service • Email Messages • Email Scams • Line Parcel • Malicious Code • Open Attachments • Phishing Attacks • Recipient • Social Engineering • Software Virus • Subject Line • U S Customs And Border Protection • Unsolicited Email • Virus Signature
July 25th, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver’s clients to contact the incorrect, and possibly malicious hosts for particular services. As a result, web traffic, email and other important network data could be redirected to systems under the attacker’s control.
DarkFiber Consulting strongly urges administrators to patch affected systems immediately. Please review the following DarkFiber Consulting documents for further details:
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Affected Systems • Attacker • Current • Cyber Security • Dns Cache • Email • Important Network • Malicious Hosts • Mitigation • Nameserver • Nat Pat • Vulnerability Note • Web Traffic
July 23rd, 2008 . by DarkFiber Consulting
DarkFiber Consulting released a Current Activity entry and a Vulnerability Note on July 8, 2008 regarding deficiencies in DNS implementations. These deficiencies could leave an affected system vulnerable to cache poisoning. Technical details regarding this vulnerability have been posted to public websites. Attackers could use these details to construct exploit code. Users are encouraged to patch systems or apply workarounds immediately.
A number of patches implement source port randomization in the name server as a way to reduce the practicality of cache poisoning attacks. Administrators should be aware that in infrastructures where nameservers exist behind Network Address Translation (NAT) and Port Address Translation (PAT) devices, port randomization in the nameserver may be overwritten by the NAT/PAT device and a sequential port address could be allocated. This may weaken the protection offered by source port randomization in the nameserver.
DarkFiber Consulting encourages users to consider one of the following workarounds:
- Place the nameserver outside of the NAT/PAT device in the network infrastructure.
- Configure the NAT/PAT device to perform source port randomization.
- Configure the NAT/PAT device to preserve the source port assigned by the nameserver.
Additional information can be found in DarkFiber Consulting Vulnerability Note VU#800113.
More information will be provided as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Attackers • Code Users • Deficiencies • Dns Cache • Infrastructures • Mitigation • Name Server • Nameserver • Nat Pat • Network Address Translation • Network Infrastructure • Patches • Port Address Translation • Practicality • Randomization • Source Port • Technical Details • Vulnerability Note
July 18th, 2008 . by DarkFiber Consulting
Mozilla has released Firefox 3.0.1 to address three vulnerabilities. Exploitation of these vulnerabilities may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. One of these vulnerabilities may also affect Thunderbird and SeaMonkey. Two of these vulnerabilities were previously fixed in Firefox 2.0.0.16 as well; please see the DarkFiber Consulting Current Activity entry Mozilla Releases Firefox 2.0.0.16 for additional information.
DarkFiber Consulting encourages users to review the following Mozilla Foundation Security Advisories and upgrade to Firefox 3.0.1 or implement the workarounds provided in the documents to help mitigate the risks:
- MFSA 2008-34 : Remote code execution by overflowing CSS reference counter
- MFSA 2008-35 : Command-line URLs launch multiple tabs when Firefox not running
- MFSA 2008-36 : Crash with malformed GIF file on Mac OS X
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code • Attacker • Code Execution • Crash • Css Reference • Current • Denial Of Service • Gif File • Mac Os X • Mozilla Foundation Security Advisories • Mozilla Releases • Os X • Running • Seamonkey • Tabs • Thunderbird • Vulnerabilities • Workarounds
July 18th, 2008 . by DarkFiber Consulting
WordPress has released version 2.6 to address approximately 194 bugs, some of which may be security related.
DarkFiber Consulting encourages users to review the WordPress Blog entry related to the release of version 2.6 and upgrade to WordPress version 2.6 to help mitigate any risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Blog Entry • Bugs • Wordpress Blog