- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
Jason Meserve provides up-to-the-minute news on vendor security alerts and fixes.
Microsoft patches critical bugs in Windows graphics system
Microsoft issued a critical patch for two vulnerabilities in the core graphics subsystem of Windows, one of eight fixes released
Tuesday as part of its monthly security updates. IDG News Service, 04/08/08.
Microsoft advisories:
Vulnerability in Microsoft Project Could Allow Remote Code Execution
Vulnerabilities in GDI Could Allow Remote Code Execution
Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution
Security Update of ActiveX Kill Bits
Cumulative Security Update for Internet Explorer
Vulnerability in DNS Client Could Allow Spoofing
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution
Related:
US-CERT: Microsoft Updates for Multiple Vulnerabilities
**********
Adobe fixes seven flaws in Flash Player
Adobe has upgraded its Flash Player to fix seven vulnerabilities in the graphics and video software widely used for interactive
Web pages and banner advertisements. Adobe classifies the patches as "critical" and advises people upgrade to the latest version,
9.0.124.0. All of the vulnerabilities could allow a hacker to execute code on a machine. IDG News Service, 04/09/08.
US-CERT Advisory: Adobe Flash Updates for Multiple Vulnerabilities
**********
Five new updates from Debian:
pdns-recursor (cache poisoning attack)
libcairo (integer overflow, code execution)
lighttpd (denial of service)
**********
Four new patches from Gentoo:
PECL APC (buffer overflow, code execution)
UnZip (double free flaw, code execution)
MySQL (multiple flaws)
**********
Today's malware news:
Kraken, Not New But Still Newsworthy?
There's recently been quite much fuss about a botnet of spam trojans dubbed Kraken. There've been some claims that the botnet
is the biggest currently out there, massing over 400,000 infected computers. Most vendors in the industry have been wondering
about the numbers, which seem to be a bit bloated when taking a look at received samples. F-Secure blog, 04/09/08.
Symantec: Kraken to Surpass Storm
New attack kit targets bag of ActiveX bugs
Hackers are using a new multiple-attack package composed of seven ActiveX exploits, many of them never seen in the wild before,
said a security company on Friday. Fewer than half of the flawed ActiveX controls have been patched. Computerworld, 04/07/08.
**********
From the interesting reading department:
Video: Bluefire protects mobile devices against attack
In a rather chilling demo with Bluefire Security Technologies, Keith finds out how easy it is for someone to attack a mobile
device. Network World, 04/09/08.
Podcast: How the FCC's 700mhz auction could open the door for mobile malware
Threats to mobile devices today mostly take the form of a lost or stolen device containing sensitive information. But the
recent 700mhz spectrum auction, which requires open access in some blocks, could pave the way for more malware on your smartphone.
Jeff Ailiber and Tom Bowers of Kaspersky Lab talk about the potential threat and what can be done to protect your mobile device.
(11:00)
10 security threats to watch for
There are lots of ways business networks can be compromised, and more are developing all the time. They range from technology
exploits to social engineering attacks, and all can compromise corporate data, reputation and the ability to conduct business
effectively. Network World, 04/09/08.
Experts hack power grid in no time
Basic social engineering and browser exploits expose electric production and distribution network. Network World, 04/09/08.
Malware count blows past 1M mark
Symantec Corp.'s malware tally topped 1 million for the first time in the second half of 2007 as the number of new malicious
code threats skyrocketed, the company said in its semiannual report on the state of security. Computerworld, 04/08/08.
Microsoft releases public beta of security console
Microsoft on Tuesday released the first public beta of a centralized management console that will pull together administrative
tasks around its collection of Forefront security software for clients, servers and the network edge. Network World, 04/09/08
RSA - Chertoff: DHS project will lock down federal computers
U.S. Homeland Security Secretary Michael Chertoff said his agency is working on a "reverse Manhattan Project" to help secure
the federal government's computer systems. IDG News Service, 04/08/08.
HP admits to selling infected flash-floppy drives
Hewlett-Packard Co. has been selling USB-based hybrid flash-floppy drives that were pre-infected with malware, the company
said last week in a security bulletin. Computerworld, 04/07/08.
Jason Meserve is multimedia editor at Network World.
Comment