* Patches from Macromedia, Conectiva, Gentoo, others * Beware peer-to-peer and e-mail worm * Whitepaper: The Phishing Guide - Understanding & Preventing Phishing Attacks, and other interesting reading Today’s bug patches and security alerts:Macromedia releases cumulative patches for JRun and ColdFusion MXThe JRun patch covers everything released to date for versions 4.0, 3.1 and 3.0. The ColdFusion MX update covers all previous bug fixes for versions 6.0, 6.1, and 6.1 J2EE. For more, go to:JRun: https://www.nwfusion.com/go2/0927bug1a.htmlColdFusion MX: https://www.nwfusion.com/go2/0927bug1b.html**********@Stake warns of flaw in JumpDrive Secure 1.0 and Lexar Safe Guard softwareThe USB drive is supposed to protect data files using a password. But @Stake says there is a means of accessing the protected data without knowing the password. For more, go to:https://www.atstake.com/research/advisories/2004/a091304-1.txt@Stakes issues advisory on Pingtel Xpressa According to @Stake, “The Pingtel Xpressa handset [a SIP phone] can be administered over a variety of interfaces (console, telnet and http). A vulnerability exists in the HTTP server which enables a remote authenticated attack to cause the underlying VxWorks operating system to stop.” For more, go to:https://www.atstake.com/research/advisories/2004/a091304-2.txt**********Conectiva, Gentoo patch Apache Version 2.0.51 of the popular Web server is available for Conectiva and Gentoo users. This is a bug fix release that repairs problems in IPv6, configuration file parsing, mod_ssl, and mod_dav_fs. For more, go to:Conectiva:https://www.nwfusion.com/go2/0927bug1c.htmlGentoo:https://security.gentoo.org/glsa/glsa-200409-21.xmlhttps://security.gentoo.org/glsa/glsa-200409-33.xml**********Mandrake Linux patches ImageMagickA buffer overflow in imagemagick could be exploited by a specially crafted image or movie file. An attacker could use this in a denial-of-service attack or to potentially run commands on the affected machine. For more, go to:https://www.nwfusion.com/go2/0927bug1d.html**********Gentoo, Mandrake Linux patch mpg123A buffer overflow in the mpg123 multimedia player could be exploited to crash the application and allow an attacker to run their own code on the affected machine. For more, go to:Gentoo:https://security.gentoo.org/glsa/glsa-200409-20.xmlMandrake Linux:https://www.nwfusion.com/go2/0927bug1e.html**********Gentoo releases SUS fixSUS allows regular users to execute certain commands with root privileges. A string format flaw in the utility could be exploited by a local user to gain elevated privileges. For more, go to:https://security.gentoo.org/glsa/glsa-200409-17.xmlGentoo patches cdrtoolsThe cdrtools package for Gentoo, used for burning CDs, contains a flaw that could allow a local user to gain root privileges on the affected machine. For more, go to:https://security.gentoo.org/glsa/glsa-200409-18.xml**********iDefense warns of flaw in GNU RADIUSA vulnerability in the asn_decode_string() of the GNU RADIUS server could be exploited in a denial-of-service attack. For more, go to:https://www.nwfusion.com/go2/0927bug1f.htmlRelated fix from Gentoo:https://security.gentoo.org/glsa/glsa-200409-29.xml**********Debian patches imlibAccording to Debian, a heap overflow error in imlib, an imaging library for X and X11, could be abused by an attacker to execute arbitrary code on the victim’s machine. For more, go to:https://www.debian.org/security/2004/dsa-548https://www.debian.org/security/2004/dsa-552**********Today’s roundup of virus alerts:W32/Forbot-Gen – Not much is known about this bot, other than it allows backdoor access via IRC. (Sophos)W32/Forbot-AG – Another Forbot variant that spreads via network shares and infects “IEXPLORE.EXE” in the Windows System directory. It uses IRC to allow backdoor access and can be used to launch denial-of-service attacks or as a proxy server. (Sophos)W32/Forbot-AJ – Similar to Forbot-AG in capability. This variant uses an infected file called “videosd32.exe”. (Sophos)W32/Rbot-KJ – A variant of Rbot that spreads through network shares and infects the file “Msloader32.exe” in the Windows System folder. The worm can be used for a number of tasks including turning a Webcam on. (Sophos)W32/Zusha-A – A virus that exploits the Windows LSASS vulnerability to spread between machines. It infects the file “aux32.exe” in the Windows System folder. (Sophos)W32/Agobot-MX – This Agobot variant installs itself as “services21.exe” in the Windows System folder, steals game CD keys and disables security-related applications. (Sophos)Rayl.A – A virus that spreads via MSN Messenger by getting users to click on an image. The virus will attempt to download malware from a remote site. (Panda Software)W32/Mexer-E – A peer-to-peer and e-mail worm that creates a directory called “sysnet” and installs itself as “RUBY13.EXE”. (Sophos)W32/Myfip-C – A worm that spreads via network shares, infecting machines with the filename “txt.exe” or “dfsvc.exe”. The virus seems to collect information about certain files and sends it back to the author. (Sophos)**********From the interesting reading department:Whitepaper: The Phishing Guide – Understanding & Preventing Phishing AttacksThis paper covers the technologies and security flaws Phishers exploit to conduct their attacks, and provides detailed vendor-neutral advice on what organizations can do to prevent future attacks. Security professionals and customers can use this comprehensive analysis to arm themselves against the next phishing scam to reach their in-tray. Next Generation Security Software, 09/04.https://www.nextgenss.com/papers/NISR-WP-Phishing.pdfBuzz: Security in a world without bordersAs the perimeter loses ground in the battle for secure networks, some security executives want to do away with perimeter security altogether. But others aren’t so sure. Network World, 09/27/04.https://www.nwfusion.com/buzz/2004/092704perimeter.htmlSecurity vendors harden productsSecurity companies this week are trotting out intrusion-prevention system and vulnerability-assessment products that not only widen customer choice but also indicate growing multi-vendor collaboration. Network World, 09/27/04.https://www.nwfusion.com/news/2004/092704newsec.html?nlCisco offerings target small firmsCisco this week will release products it says will help small companies deal with the complexities of LAN switch security, convergence and network management. Network World, 09/27/04.https://www.nwfusion.com/news/2004/092704cisco.html?nlAuthentication services on tapVeriSign last week began offering a managed authentication service based on two-factor hardware tokens that online businesses can use as an alternative to hosting their own authentication servers or depending on less-secure, reusable passwords. Network World, 09/27/04.https://www.nwfusion.com/news/2004/092704security.html?nlSymantec report: E-comm attacks on riseSymantec last week issued its biannual Internet threat report, which notes, among other trends, that e-commerce sites were the most targeted by hackers in the first six months of this year. Network World, 09/27/04.https://www.nwfusion.com/news/2004/092704symantec.html?nlNew, dangerous Microsoft JPEG exploit releasedNew computer code that exploits a recently disclosed hole in Microsoft’s Internet Explorer Web browser is circulating on the Internet and could allow remote attackers to take full control of vulnerable Windows machines, according to warnings from anti-virus companies and Internet security experts. IDG News Service, 09/23/04.https://www.nwfusion.com/news/2004/0923newdanger.html?nlE-business sites hit with attacks, extortion threatsA distributed denial-of-service attack that disrupted Web-based systems at credit card payment processing firm Authorize.Net earlier this week is indicative of a sharp increase in the number of cyberattacks being targeted at specific companies and driven by profit motives on the part of the hackers who launch them. Computerworld, 09/24/04.https://www.nwfusion.com/news/2004/0924ebussites.html?nlNokia adds anti-virus protection to new smart phoneFinnish mobile phone manufacturer Nokia will offer mobile anti-virus software through F-Secure as one of the features in its new Nokia 6670 smart phone when it is released in October, the companies announced Thursday. IDG News Service, 09/23/04.https://www.nwfusion.com/news/2004/0923nokiaadds.html?nl Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe