You are previewing premium content. Oracle looking at emergency patch for WebLogic
Patches from Oracle, RealNetworks, VMware, others Exploit reveals the darker side of automatic updates FAQ: The DNS bug and you, and other interesting reading
Oracle issues warning over dangerous WebLogic flaw
Oracle is scrambling to create an emergency patch for a severe vulnerability in the company's WebLogic server, as exploit
code is circulating on the Web. The problem lies in the Apache plug-in for the Oracle WebLogic Server and Express products
(formerly known as BEA WebLogic), both application servers. IDG News Service , 07/29/2008.
Oracle advisory
**********
RealNetworks patches four critical bugs in multimedia player
RealNetworks has issued four critical patches for several versions of its RealPlayer running on Windows, Linux and Apple's
Mac OS X. The flaws could allow a hacker to run malicious code on a PC or cause the computer to reveal information, according
to an advisory from Secunia, a security vendor based in Denmark. IDG News Service, 07/28/2008.
Real's advisory
**********
VMWare patches ESX service console packages for Samba and vmnix
A number of flaws in VMWare's ESX service console packages for Samba and vmnix have been patched by the vendor. No word on
how the flaws could be exploited, but users should download and install the patch as quickly as possible.
**********
Four new patches from rPath:
tshark/wireshark (denial of service)
httpd mod_ssl (cross scripting, denial of service)
fetchmail (denial of service)
**********
Four new updates from Ubuntu:
ffmpeg (file handling, code execution)
Firefox (multiple flaws)
**********
Four new fixes from Mandriva:
ffmpeg (file handling, code execution)
Thunderbird (multiple flaws)
**********
Two new patches from Debian:
python 2.5 (multiple flaws)
**********
Today's malware news
Exploit reveals the darker side of automatic updates
A new exploit called Evilgrade can take advantage of automatic updaters to install malicious code on unsuspecting systems,
and your computers could be more vulnerable than you think. Computerworld, 07/30/2008.
Fake Jetblue eTickets
The most common way a user gets infected these days is through drive-by downloads and while the prevalence of malicious email
attachments definately has gone down we still see them on a dialy basis. Like today when we saw a large spam run sending out
fake JetBlue etickets. F-Secure, 07/30/2008.
Also: Airlines warn customers of infected ticket invoices
Storm, the feds and Facebook
Over the last few weeks we've seen a bunch of different Storm themes and we don't blog about all of them because it would
get pretty repetitive after a while but it's interesting for us to follow them as the group behind them are sometimes very
innovative and sometimes fall back on tried and tested themes. The latest round which started today talks about FBI getting
instant access to Facebook accounts. F-Secure, 07/28/2008.
Myspace Drive By
A fake "your system may be infected" popup. Note the site it launches from is one of the more aggressive types (it shrinks
your browser down into the bottom corner, and won't let you do anything other than cycle in an endless loop of popups until
you agree to download the file being pushed). The SpywareGuide Greynets Blog, 07/30/2008.
**********
From the interesting reading department:
Hackers shut down Neosploit attack kit
A noted hacker attack kit has been retired from service by its criminal creators, most likely because it was priced too high
compared to the competition, researchers said today. Computerworld, 07/29/2008.
Security experts knock Apple for not patching DNS bug
Apple has not yet patched a critical Domain Name System (DNS) bug in its Mac OS X operating system, analysts and security
researchers noted today as some criticized the company for dragging its feet. Computerworld, 07/28/2008.
FAQ: The DNS bug and you
You know a bug is Big News when it makes National Public Radio's "All Things Considered," the network's afternoon drive-time
show. Computerworld, 07/30/2008.
30 Days of DNS Attack Activity
With the array of activity as of late surrounding Kaminsky's DNS Cache Poisoning vulnerability, we checked some of our various
data sources to get an idea of what folks are seeing activity-wise as a result - if anything discernible. Security to the
Core, 07/28/2008.
DNS attack writer a victim of his own creation
HD Moore has been owned. That's hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit, has
become the victim of a computer attack. IDG News Service, 07/30/2008.
Study: Companies need to address telework security
Companies that allow employees to telecommute need to pay better attention to the cybersecurity challenges associated with
it, according to a new study. IDG News Service, 07/29/2008.
Georgia student arrested for hacking grades, VoIP
A 19-year-old Cartersville, Georgia, college student has been charged with hacking into his school's computer system to change
grades and steal other user's passwords. IDG News Service, 07/29/2008.
App security audits: Don't ignore thick clients
When it comes to running application security audits many organizations make the mistake of assuming that only Internet-facing,
browser-based Web applications deserve scrutiny. After all, thick client applications tend to face inside and tend to be compiled
binaries so they are less risk of malicious tampering. Network World, 07/29/2008.
Most sensitive data on government laptops unencrypted
Only 30% of sensitive information stored on U.S. government laptops and mobile devices, including the personal information
of U.S. residents, was encrypted a year ago, despite a series of data breaches at government agencies in recent years, according
to an auditor's report. IDG News Service, 07/29/2008.
Read more about security in Network World's Security section.
Most Read
Videos
Rss FeedLatest News
Rss Feed
-
Network World, Inc
The Connected Enterprise