* Patches from Cisco, Apple, Mandriva, others * Beware latest Sober variant * Second sample of Windows attack code posted, and other interesting reading Today’s bug patches and security alerts:Cisco IOS security hole surfaces in Web server codeSecurity researchers this week said they discovered a hole in the Web server code in Cisco’s IOS software. The flaw could allow attackers – armed only with knowledge of the Cisco device’s IP address – to gain administrative control of a Cisco device or run arbitrary code on the machine, according to claims. NetworkWorld.com, 11/30/05.http://www.networkworld.com/news/2005/113005-cisco-ios.html Secunia advisory:https://secunia.com/advisories/17780/ Cisco patches Security AgentCisco has released a free patch for its Security Agent software used to provide threat protection for desktop and servers. A local attacker could exploit a flaw in previous releases to gain elevated system privileges. For more, go to:https://www.cisco.com/warp/public/707/cisco-sa-20051129-csa.shtml**********Attackers targeting unpatched IE bug, Microsoft warnsMicrosoft is warning Internet Explorer users to be careful where they browse because attackers are now targeting a critical unpatched bug in the software. If successful, these attackers could possibly use this bug to seize control of a user’s system, Microsoft says. IDG News Service, 11/30/05. http://www.networkworld.com/news/2005/113005-microsoft-ie-bug.htmlUpdated Microsoft advisory:https://www.microsoft.com/technet/security/advisory/911302.mspx********** Concerns raised over Perl security flawDyad Security Wednesday posted an advisory about a potentially serious flaw in the open source scripting language Perl but some security experts say they find the vulnerability unlikely. IDG News Service, 11/30/05.http://www.networkworld.com/news/2005/113005-perl-flaw.html?nl**********Apple releases new Mac security updateThe newest update from Apple fixes issues in Apache2, apache_mod_ssl, CoreFoundation, curl, iodbcadmintool, OpenSSL, passwordserver, Safari, sudo and syslog. The most serious of the vulnerabilities could be exploited to run arbitrary code on the affected machine. For more, go to:https://docs.info.apple.com/article.html?artnum=302847Apple releases new Java Security updateA new release from Apple fixes numerous flaws in various versions of the Java platform for Macintosh. The updates can be found here:https://www.apple.com/support/downloads/javasecurityupdate.html**********Mandriva releases kernel updatesA number of flaws have been found in the Linux kernels used by Mandriva. The most serious of the flaws could be exploited to run malicious code on the affected machine. For more, go to:https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:220https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:219https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:218Mandriva patches netpbmA number of buffer overflow flaws have been found in the netpbm graphic conversion utilities. They could be exploited to run malicious code on the affected machine. For more, go to:https://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:217**********Today’s roundup of virus alerts:Sober variant on rise, security firm warnsThe latest variant of the Sober worm is aiming for the top virus of the year spot. As of Monday morning, a staggering one in14 e-mails circulated on the Internet contains the Sober worm, according to the anti-virus vendor Sophos. IDG News Service, 11/28/05.http://www.networkworld.com/news/2005/112805-sober-worm.html?nlTroj/Goldun-AE — A Trojan that steals credentials entered into Web sites. It installs “mssol.dll” and spread through an e-mail message with an attachment that, when opened, displays an image of a woman. (Sophos)W32/Kelvir-BE — A new Kelvir variant that spreads through Microsoft Windows Messenger. It tries to get the user to click on a link. (Sophos)W32/Rbot-AYA — This Rbot variant spreads through network shares by exploiting a number of known Windows flaws. It drops “msnfilen.exe” in the Windows System folder and allows backdoor access through IRC. (Sophos)W32/Rbot-LT — The second Rbot variant of the day drops “LSSRV.EXE” in the Windows System directory and can allow backdoor access through IRC. (Sophos)Troj/Lecna-F — A backdoor worm that installs “winword.exe” in the Windows System folder and “USBTest.sys” in the “drivers” folder. (Sophos)Troj/Paltus-A — This Trojan drops “sserver.exe” in the Windows System directory and registers as “Realplus”. It allows backdoor access. (Sophos)Troj/IRCBot-AO — A backdoor Trojan that allows access through port 8000 and can be used to download malicious executables from remote sites. It drops “smschk.exe” in the Windows System folder and disables certain security applications. (Sophos)Troj/Bankem-I — A password stealing Trojan that targets financial Web sites. It installs “appwiz.dll” in the Windows System folder and registers as a Browser Helper Object. (Sophos)W32/Mytob-AT — A new Mytob variant that spreads through e-mail messages that look to come from a system administrator. The infected attachment will have a double extension and the virus installs “External.exe” in the Windows System folder. (Sophos)W32/Mytob-FY — A second new Mytob worm that has similar properties to Mytob-AT above. This one drops “expI0rer.exe” in the Windows System folder. (Sophos)W32/Francette-Y — An IRC backdoor worm that can also monitor data entered into specific online banking sites, sending the bounty to a remote site via HTTP. It spreads through network shares by exploiting known Windows flaws, dropping a randomly named file in the Windows System folder. (Sophos)**********From the interesting reading department:Second sample of Windows attack code postedFor the second time this week, hackers have posted a sample of code that could be used to attack a Windows machine that has not been updated with the most recent Microsoft security patches. On Tuesday the French Security Incident Response Team (FrSIRT) Web site posted a sample of a maliciously encoded imagefile that could be used by attackers to grind a Windows PC to a halt. IDG News Service, 11/29/05.http://www.networkworld.com/go2/1128bug2a.htmlSecurity expert: More sophisticated cyber attacks likelyThe cyber attacks of recent years have been relatively unsophisticated and inexpensive compared to the potential of organized attacks, a cybersecurity expert said Tuesday. IDG News Service, 11/29/05.http://www.networkworld.com/news/2005/112905-cyber-security.html Related content news Omdia: AI boosts server spending but unit sales still plunge A rush to build AI capacity using expensive coprocessors is jacking up the prices of servers, says research firm Omdia. By Andy Patrizio Dec 04, 2023 4 mins CPUs and Processors Generative AI Data Center feature What is Ethernet? The Ethernet protocol connects LANs, WANs, Internet, cloud, IoT devices, Wi-Fi systems into one seamless global communications network. By John Breeden Dec 04, 2023 11 mins Networking news IBM unveils Heron quantum processor and new modular quantum computer IBM also shared its 10-year quantum computing roadmap, which prioritizes improvements in gate operations and error-correction capabilities. By Michael Cooney Dec 04, 2023 5 mins CPUs and Processors High-Performance Computing Data Center feature Is immersion cooling ready for mainstream? Liquid cooling started as a fringe technology but is becoming more common. Proponents hope the same holds true for immersion cooling. By Andy Patrizio Dec 04, 2023 9 mins Green IT Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe