Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2905216 times)

polonus · « **Reply #2430 on:** February 27, 2013, 03:05:07 PM »

Open door: Oracle's JRE, something has to change: http://www.f-secure.com/weblog/archives/00002511.html (link article author = sean)

polonus

Asyn · « **Reply #2431 on:** February 27, 2013, 03:21:14 PM »

Quote from: polonus on February 27, 2013, 03:05:07 PM

Open door: Oracle's JRE, something has to change...

Couldn't agree more..!! They continue to dig their own (Java) grave...

Asyn · « **Reply #2432 on:** March 01, 2013, 06:46:48 PM »

YAJ0: Yet Another Java Zero-Day
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

polonus · « **Reply #2433 on:** March 02, 2013, 03:48:49 PM »

For those concerned and our forum's qualified removers,

Added free removal tool for old school MiniDuke malcode: http://download.bitdefender.com/removal_tools/
Download link: http://download.bitdefender.com/removal_tools/MiniDuke_Removal_Unified.exe

polonus

Pondus · « **Reply #2434 on:** March 02, 2013, 11:36:08 PM »

EVERNOTE hacked
Security Notice: Service-wide Password Reset
http://evernote.com/corp/news/password_reset.php

polonus · « **Reply #2435 on:** March 03, 2013, 05:55:05 PM »

For Mac and Windows alike: http://www.intego.com/mac-security-blog/intego-discovers-a-new-multi-platform-minecraft-password-stealer/
(link article author = Lisa Myers)

polonus

polonus · « **Reply #2436 on:** March 05, 2013, 01:53:19 PM »

Pan Adam Gowdiak comes up with 5 new holes in Oracle's Java, software starts to look like the proverbial Swiss Cheese now, see: http://www.security-explorations.com/en/SE-2012-01-status.html

Quote

Oracle provides tracking numbers for Issues 56-60, claims they are still not confirmed.

polonus

polonus · « **Reply #2437 on:** March 05, 2013, 02:28:14 PM »

Multi-browser heap spray attack now added to metasploit: https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
(link article author = Peter Van Eeckhoutte, security researcher)

polonus

polonus · « **Reply #2438 on:** March 05, 2013, 11:28:49 PM »

Already dangerous to keep this in production - PHP version 5.2.17
Read: http://forums.cpanel.net/f185/already-dangerous-keeping-php-5-2-17-production-267442.html
link thread poster = kevin levin
Webmasters should always update and upgrade....

polonus

polonus · « **Reply #2439 on:** March 06, 2013, 06:15:21 PM »

Targeted attack dismantled just in time: http://blog.seculert.com/2013/03/the-chinese-time-bomb.html (blog article poster = seculart)

polonus

Asyn · « **Reply #2440 on:** March 08, 2013, 12:46:27 PM »

Microsoft Security Bulletin Advance Notification for March 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar

polonus · « **Reply #2441 on:** March 10, 2013, 08:09:02 PM »

Kelihos Botnet Stronger as Ever after vain attempt to bring it down, analysis: http://www.lavasoft.com/mylavasoft/malware-descriptions/blog/kelihos-botnet-gains-strength-again-0 (link article author = alexander adamov) See this on one of the encrypted IPs: http://urlquery.net/report.php?id=1028057
with ET CURRENT_EVENTS Suspicious double HTTP Header possible botnet CnC see: http://doc.emergingthreats.net/bin/view/Main/2012707
and ET INFO EXE Download With Content Type Specified As Empty -> http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/15732 (link posting author - Will Metcalf) another example: http://urlquery.net/report.php?id=1305759 See how this IP could not be verified: http://dnsbl.inps.de/query.cgi?lang=en&action=check&ip=62.84.252.23&quick=0 and here this would not resolve: 404report.projecthoneypot.org/ip_62.84.252.23
but listed as a zombie here: http://support.clean-mx.de/clean-mx/publog.php?as=AS35362
62.84.252.23 | SD Bad Event 67 2013-01-03 2013-01-18 Spam Server Dictionary Attacker. So an endless task to get these sinkholed. And then another division of zombies comes into play...rather interesting info here: http://pastebin.com/NfA4pvpg linked to http://www.fireeye.com/blog/files/cagremub.ru_ips and consider info here: https://github.com/CybOXProject/Tools/blob/master/scripts/snort_to_cybox/example/botnet-cnc.rules (Github info)

polonus

polonus · « **Reply #2442 on:** March 12, 2013, 10:02:23 AM »

Threat: localStorage bug allows sites to fill up hard disk
Browser makers should be aware of HTML-5 hardware bomb: -http://feross.org/fill-disk/ (link article author = Feross Aboukhadijeh )
Firefox not vulnerable...Chrome might crash totally before the HD is full...

polonus

Asyn · « **Reply #2443 on:** March 12, 2013, 02:27:55 PM »

US-CERT warns of HP LaserJet printer backdoor
http://www.h-online.com/security/news/item/US-CERT-warns-of-HP-LaserJet-printer-backdoor-1821334.html

bob3160 · « **Reply #2444 on:** March 12, 2013, 02:46:46 PM »

Microsoft changes default Flash behavior in Windows 8 and RT

"Summary: In a surprise reversal, Microsoft has changed the default behavior of Flash content on websites
viewed using Internet Explorer in Windows 8 or Windows RT. Previously, sites had to be on a whitelist before Flash would work.
The new behavior effectively turns the Compatibility View list into an exclusive blacklist of badly behaved sites."