September 29th, 2008 . by DarkFiber Consulting
Mozilla has released Firefox and Thunderbird v2.0.0.17 and Firefox v3.0.3 to address multiple vulnerabilities. These may allow an attacker to execute arbitrary code, obtain sensitive information, conduct cross-site scripting attacks, cause a denial-of-service condition, operate with escalated privileges, or conduct Clickjacking attacks. Note that Firefox v3.0.2 was initially released to address these vulnerabilities. Version 3.0.3 was released to correct a flaw that was unrelated to the vulnerabilities.
DarkFiber Consulting encourages users and administrators to do the following to help mitigate the risks:
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code • Attacker • Cross Site Scripting • Denial Of Service • Firefox • Mozilla Releases • Privileges • Security Advisories • Thunderbird 2
September 26th, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of public reports of a new cross-browser exploit technique called “Clickjacking.” According to one of the reports, Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if a user clicks on a web page, they may actually be clicking on content from another page. A separate report indicates that this flaw affects most web browsers and that no fix is available, but that disabling browser scripting and plug-ins may help mitigate some of the risks.
An additional report suggests that Firefox users consider using the NoScript plug-in as an added preventative measure. Disabling IFRAMEs by default, as outlined in the Securing Your Web Browser document, is reported to protect against the vulnerability.
DarkFiber Consulting encourages users to review the report and follow the security recommendations as described in the Securing Your Web Browser document to help mitigate some of the risks.
DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Attacker • Iframes • New Cross • Plug Ins • Preventative Measure • Public Reports • Report Indicates That • Report Suggests That • Scripting • Security Recommendations • Vulnerability • Web Browser • Web Browsers • Web Consulting • Web Page
September 25th, 2008 . by DarkFiber Consulting
DarkFiber Consulting is aware of public reports of improved attack toolkits for exploiting vulnerabilities in PDF reader software.
DarkFiber Consulting encourages users to do the following to help mitigate the risks:
- Do not open untrusted files or files of unknown origin.
- Install antivirus software, and keep its virus signature files up to date.
- Regularly apply software patches and updates as supplied by the vendor.
Posted in Security Alerts | No Comments »
Tagged With: Adobe Pdf • Pdf Reader • Pdf Software • Reader Software • Software Patches • Unknown Origin • Virus Signature • Vulnerabilities
September 25th, 2008 . by DarkFiber Consulting
Apple has released updates for Java for Mac OS X 10.4 and 10.5 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.
DarkFiber Consulting encourages users to review Apple Article HT3178 and HT3179 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Address • Apple Article • Apple Mac • Apple Os • Apple Updates • Arbitrary Code • Attacker • Java For Mac • Java Mac • Java Os • Java Updates • Mac 10 • Mac Os X • Necessary Updates • Os X
September 25th, 2008 . by DarkFiber Consulting
Symantec has released a Security Advisory to address multiple vulnerabilities in the Veritas NetBackup Server/Enterprise Server. These vulnerabilities are due to stack-based buffer overflow conditions and unsafe method calls within an ActiveX control that is part of the scheduler component. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code.
DarkFiber Consulting encourages users to review the Symantec Security Advisory and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Activex Control • Address • Arbitrary Code • Attacker • Based Buffer Overflow • Enterprise Server • Necessary Updates • Overflow Conditions • Server Enterprise • Server Vulnerabilities • Symantec • Symantec Security • Veritas Netbackup • Vulnerability
September 24th, 2008 . by DarkFiber Consulting
Mozilla has released Firefox 3.0.2 to address multiple vulnerabilities. The impacts of these vulnerabilities include arbitrary code execution, enabling cross-site scripting, privilege escalation, information disclosure, and denial of service. As described in the Mozilla Foundation Security Advisories, some of these vulnerabilities may also affect Thunderbird and SeaMonkey.
DarkFiber Consulting encourages users to do the following to help mitigate the risks:
Posted in Security Alerts | No Comments »
Tagged With: Address • Arbitrary Code Execution • Denial Of Service • Escalation • Information Disclosure • Mozilla Foundation Security Advisories • Mozilla Releases • Privilege • Seamonkey • Thunderbird
September 24th, 2008 . by DarkFiber Consulting
Cisco has released multiple security alerts to address vulnerabilities in the Unified Communications Manager and IOS. These vulnerabilities may allow a remote unauthenticated attacker to cause a denial-of-service condition, obtain sensitive information, or operate with escalated privileges.
DarkFiber Consulting encourages users and administrators to review the following Cisco Alerts and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Attacker • Cisco Ios • Cisco Software • Communications Manager • Control Protocol • Denial Of Service • Feature Service • Information Disclosure • Ipc Message • Memory Leak • Message Memory • Multiprotocol Label • Necessary Updates • Network Traffic • Protocol Label • Redundancy • Service Vulnerability • Session Initiation Protocol • Unified Communications • Virtual Private Network
September 19th, 2008 . by DarkFiber Consulting
VMware has released a Security Advisory indicating it has updated the ESXi and ESX 3.5 packages to address a vulnerability in “openwsman”. This vulnerability is due to several buffer overflow conditions in the handling of HTTP basic authentication headers. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on the host running ESXi or ESX.
DarkFiber Consulting encourages users and administrators to review VMware Security Advisory VMSA-0008-0015 and apply any necessary updates to help mitigate the risks.
Posted in Security Alerts | No Comments »
Tagged With: Arbitrary Code • Attacker • Authentication • Buffer Overflow • Necessary Updates • Overflow Conditions • Security Advisory • Vmware • Vulnerability
September 18th, 2008 . by DarkFiber Consulting
Adobe has released a Security Advisory to alert users of potential vulnerabilities affecting the Macintosh version of Illustrator CS2. By convincing a user to open a malicious Adobe Illustrator file, an attacker may be able to execute arbitrary code.
In the advisory, Adobe recommends that users exercise caution when receiving unsolicited or suspicious files. Adobe also states that they are currently unaware of any public exploitation of these vulnerabilities.
DarkFiber Consulting will provide more information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Adobe Illustrator • Arbitrary Code • Attacker • Caution • Illustrator Adobe • Illustrator Cs2 • Mac • Macintosh • Macintosh Version • Security Advisory • Suspicious Files • Vulnerabilities
September 16th, 2008 . by DarkFiber Consulting
Apple has released Security Update 2008-006 and Mac OS X v10.5.5 to address multiple vulnerabilities in Mac OS X and related products. The impacts of these vulnerabilities include arbitrary code execution, information disclosure, denial of service, privilege escalation, or DNS cache poisoning.
DarkFiber Consulting encourages users to review Apple article HT3137 and apply the appropriate updates as soon as possible.
DarkFiber Consulting will provide additional details as the they become available.
Posted in Security Alerts | No Comments »
Tagged With: Additional Details • Address • Apple Article • Apple Updates • Arbitrary Code Execution • Denial Of Service • Escalation • Information Disclosure • Mac Os X • Os X • Related Products • Security Updates • Service Privilege