CA users targeted by attackers

Patches from Mandriva, Gentoo, Debian, others Sophos warns of Mac Trojan malware Deep Throat Fight Club, and other interesting reading

New exploit targets corporate CA users
An exploit specifically targeting corporate Computer Associates users has been created some three weeks after a critical vulnerability was identified. The attack uses an ActiveX Control buffer overflow vulnerability present in 21 CA products, including BrightStor ARCServe Backup for Laptops and Desktops, Unicentre Remote Control, Software Delivery, Asset Management, Desktop Management Bundle and Desktop Management Suite. Computerworld, 04/01/08.
**********

Mandriva, Gentoo patch CUPS vulnerabilities

Multiple flaws have been found in CUPS, the most serious of which could be exploited to run malicious code on an affected machine. Both Gentoo and Mandriva are out with patches for the problem.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

New exploit targets corporate CA users
An exploit specifically targeting corporate Computer Associates users has been created some three weeks after a critical vulnerability was identified. The attack uses an ActiveX Control buffer overflow vulnerability present in 21 CA products, including BrightStor ARCServe Backup for Laptops and Desktops, Unicentre Remote Control, Software Delivery, Asset Management, Desktop Management Bundle and Desktop Management Suite. Computerworld, 04/01/08.
**********

Mandriva, Gentoo patch CUPS vulnerabilities

Multiple flaws have been found in CUPS, the most serious of which could be exploited to run malicious code on an affected machine. Both Gentoo and Mandriva are out with patches for the problem.

Mandriva

Gentoo
**********

Two new patches from Debian:

xine-lib (multiple flaws)

iceweasel (multiple flaws)
**********

Two new updates from rPath:

lighttpd (denial of service)

Firefox (multiple flaws)
**********

Today's malware news:

Mebroot Spreading through High-Traffic, Compromised Web Sites
Symantec is tracking more and more high-traffic Web sites that become compromised and then used to spread malicious code. After the breach our MSS team spotted out on Tata, we have been notified of another Web site with a similar issue. Symantec Security Response blog, 04/02/08.

Office exploit hits the street
Attack code that targets a recently patched vulnerability in Microsoft Corp.'s Office suite has gone public, a security company said today as it urged users to update immediately. Computerworld, 03/31/08.

Stormy April Fool's Day
A wave of April Fool's Day related Storm mails have just been sent out. Similar as the other times with a link that points to an IP address. F-Secure blog, 03/31/08.

Unusual banking trojan found today
We've seen tons of banking trojans lately, but now we've run into something quite unique. This new banking trojan was found today from a drive-by-download site. We've added detection for it as Win32.Pril.A. It not only infects the MBR of the machine, but also reflashes the boot code in the Flash BIOS, making disinfection problematic. F-Secure blog, 04/01/08.

Sophos warns of Mac Trojan malware
Security consultant Sophos is warning of the appearance of money-grabbing Trojan horse malware aimed at Macs. The firm isn't being alarmist with news of the Imunizator Trojan, which makes false claims that Macs have privacy problems as part of its attempt to install itself. Sophos advises users not to panic. Mac World, 03/31/08.
**********

From the interesting reading department:

"Deep Throat Fight Club" to pummel Web filters
Untangle, a company that makes a security gateway based on open source, next Wednesday plans what it's calling the "Deep Throat Fight Club" in a San Francisco bar to beat on Web filters of six competing vendors. Network World, 04/02/08.

Vermont ski area reports Hannaford-like theft of payment card data
In a security breach that sounds similar to the one disclosed by Hannaford Bros. Co. last month, the Okemo Mountain Resort ski area in Vermont announced this week that data from more than 46,000 credit and debit card transactions may have been compromised during a system intrusion over a 16-day period in February. Computerworld, 04/02/08.