詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_21.html
目前分類:資安新聞 (704)
- Oct 22 Mon 2007 11:13
[大砲開講]電線電纜產業服務網被植入惡意連結
電線電纜產業服務網被植入惡意連結,此惡意程式為 PE_LOOKED.GEN、BKDR_HUPIGON.EVG 和其他惡意程式,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: 匿名網友)
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_21.html
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_21.html
- Oct 22 Mon 2007 10:41
RealPlayer發現嚴重漏洞 僅影響Windows版
【賽迪網訊】10月21日消息,據外電報導,賽門鐵克研究人員發現一種惡意軟件能夠攻擊沒有使用補丁的RealNetworks的媒體播放器中一個嚴重安全漏洞。在發現這個惡意軟件一天之後,RealNetworks表示要馬上發佈修復這個漏洞的補丁。
RealNetworks產品開發總經理Russ Ryan星期五(10月19日)在博客中稱,RealNetworks已經製作了RealPlayer 10.5和11版本的補丁,修復了賽門鐵克發現的安全漏洞。該公司將將通過這個博客和公司安全更新網頁在星期五晚些時候向用戶提供這個補丁。
RealNetworks產品開發總經理Russ Ryan星期五(10月19日)在博客中稱,RealNetworks已經製作了RealPlayer 10.5和11版本的補丁,修復了賽門鐵克發現的安全漏洞。該公司將將通過這個博客和公司安全更新網頁在星期五晚些時候向用戶提供這個補丁。
- Oct 22 Mon 2007 10:37
以議會網站遭黑客攻擊 多名議員資料被修改
以色列議會網站20日遭黑客攻擊,多名議員的個人資料被惡意修改。警方已經對此展開調查。
據《耶路撒冷郵報》網站報導,以色列總理奧爾默特在議會網站裡的個人資料被黑客添加了「很快將入獄」的內容。
據《耶路撒冷郵報》網站報導,以色列總理奧爾默特在議會網站裡的個人資料被黑客添加了「很快將入獄」的內容。
- Oct 19 Fri 2007 15:43
[大砲開講]國光客運網站被植入惡意連結
國光客運網站被植入惡意連結,此惡意程式為 TROJ_HEURI.AW,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: Jimau 和匿名網友)
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_607.html
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_607.html
- Oct 19 Fri 2007 15:42
[大砲開講]臺北市商業處網站被駭
臺北市商業處網站被駭,在這裡要注意的是這個網站有可能被植入惡意連結或惡意程式碼,所以,他們的網管應該要找出系統或軟體的安全漏洞,然後,儘快修補這些漏洞,而不是只是移除/修改那些遭駭的檔案。
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_3599.html
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_3599.html
- Oct 19 Fri 2007 15:39
[大砲開講]中國國民黨網站被植入惡意連結
中國國民黨網站被植入惡意連結,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: Jimau)
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_18.html
詳情請按 rogerspeaking.blogspot.com/2007/10/blog-post_18.html
- Oct 18 Thu 2007 13:42
蠕蟲Win32/Pushbot.S 利用 MSN 進行傳播
- Oct 18 Thu 2007 13:41
Linux系統存在與Windows同樣的安全漏洞
【賽迪網訊】近日,微軟稱它會修復Windows安全漏洞以減少新的基於網絡的安全風險。但是,安全研究人員稱,其它操作系統可能也有同樣的安全風險。
一直在認真研究這個問題的安全研究人員之一Nathan McFeters稱,他希望在本星期在聖地亞哥舉行的Toorcon黑客會議上介紹Linux和Mac OS X等其它基於Unix的操作系統也存在URI(統一資源識別符)協議處理程序安全漏洞的細節。
一直在認真研究這個問題的安全研究人員之一Nathan McFeters稱,他希望在本星期在聖地亞哥舉行的Toorcon黑客會議上介紹Linux和Mac OS X等其它基於Unix的操作系統也存在URI(統一資源識別符)協議處理程序安全漏洞的細節。
- Oct 18 Thu 2007 13:28
Kaspersky Web Scanner ActiveX Format String Vulnerability
iDefense has published an advisory for a high-risk vulnerability in the Kaspersky online virus scanner which was discovered by Stephen Fewer of Harmony Security. You can read the full iDefense advisory here:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=606
- Oct 18 Thu 2007 11:01
HP Attacks the Printer Security Gap
Hewlett Packard on Oct. 17 introduced HP Secure Print Advantage, an appliance-software combination that attempts to wall off from the network an often-forgotten but growing attack vector—the printer.
An extension of its HP Secure Advantage portfolio announced the summer of 2006, HP Secure Print Advantage encrypts documents at the point of printing with a client module, inspects each sent job for malware, and then terminates the job if infected or re-encrypts it and delivers it to a secure print module if clean.
An extension of its HP Secure Advantage portfolio announced the summer of 2006, HP Secure Print Advantage encrypts documents at the point of printing with a client module, inspects each sent job for malware, and then terminates the job if infected or re-encrypts it and delivers it to a secure print module if clean.
- Oct 18 Thu 2007 10:52
The New Global Storming Network
A new Storm site advertises a networking application. That site looks like this:
- Oct 18 Thu 2007 10:51
Skype Stealer
Yesterday we added detection for a Trojan-Spy password stealer targeting Skype. The malware bills itself as Skype Defender, which sounds like a security plug-in.
Running the malware produces this dialog:
Running the malware produces this dialog:
- Oct 18 Thu 2007 10:40
Metasploit adds iPhone/iPod Touch hacks
As reported in ComputerWorld, security researcher H.D. Moore has included several iPhone and iPod Touch exploits in the latest Metasploit tool. The free tool is used by professional pen-testers and criminal hackers alike. The new exploits take advantage of a flaw in the TIFF image-rendering library and are similar to flaws used by the iPhone Dev Team.
"This exploit is rock solid. It's very reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. You can send it in an e-mail; you can embed it in a Web page," Moore told ComputerWorld.
"This exploit is rock solid. It's very reliable, as reliable as the WMF [Windows Metafile] exploits in Windows. You can send it in an e-mail; you can embed it in a Web page," Moore told ComputerWorld.
- Oct 18 Thu 2007 10:37
Congress concerned P2P promotes identity theft, calls for federal investigation
Still worried that peer-to-peer filesharing networks like Lime Wire are causing users to "inadvertently" expose sensitive documents, posing potential security risks, members of Congress are now asking for a formal investigation into the phenomenon.
The latest concern from the House of Representatives Committee on Oversight and Government Reform, judging by a 7-page letter (click for PDF) dated Wednesday to Federal Trade Commission chairwoman Deborah Majoras, appears to be this: Peer-to-peer networks may make unsuspecting consumers vulnerable to identity theft.
The latest concern from the House of Representatives Committee on Oversight and Government Reform, judging by a 7-page letter (click for PDF) dated Wednesday to Federal Trade Commission chairwoman Deborah Majoras, appears to be this: Peer-to-peer networks may make unsuspecting consumers vulnerable to identity theft.
- Oct 17 Wed 2007 11:20
Core Security Adds Web App Testing to Tool Belt
Core Security Technologies is adding Web application penetration testing to the latest version of its security assurance tool.
Set to be released within 30 days, Core Impact Version 7.5's new abilities mark an increased recognition of the vulnerabilities affecting Web applications by the Boston-based firm, which started out focusing on testing of network servers and services before branching out to cover client-side attacks.
Set to be released within 30 days, Core Impact Version 7.5's new abilities mark an increased recognition of the vulnerabilities affecting Web applications by the Boston-based firm, which started out focusing on testing of network servers and services before branching out to cover client-side attacks.
- Oct 17 Wed 2007 11:17
Oracle Issues Pile of 51 Security Patches
Oracle on Oct. 16 released 51 security fixes, including 27 patches for the beating heart of so many enterprises: the Oracle database.
In addition to that load of patches, Oracle administrators can also look forward to rolling out 11 patches to Oracle's Application Server, seven to Oracle Collaboration Suite, eight to Oracle E-Business Suite and Applications, three to Oracle Enterprise Manager and three to Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne.
In addition to that load of patches, Oracle administrators can also look forward to rolling out 11 patches to Oracle's Application Server, seven to Oracle Collaboration Suite, eight to Oracle E-Business Suite and Applications, three to Oracle Enterprise Manager and three to Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne.
- Oct 17 Wed 2007 10:57
New Software Flaws Affect Nearly Every Windows User
SANS reports nearly 100 new flaws in commercial software this week; thousands more are found in custom software.
As of yesterday, the four most critical flaws affect Internet Explorer, Outlook Express, Microsoft Word, and Kodak Image Viewer, which Microsoft patches because it comes with Windows.
As of yesterday, the four most critical flaws affect Internet Explorer, Outlook Express, Microsoft Word, and Kodak Image Viewer, which Microsoft patches because it comes with Windows.
- Oct 15 Mon 2007 09:55
Bringing Security into the Development Process
When it comes to data leaks, most of the talk is about hackers breaking into networks or employees e-mailing and downloading sensitive information. But some vendors are paying more attention to the preproduction environment, where there are often security holes big enough to push a hard drive through.
"The development environment and quality assurance environment have always been…significantly more open and free," said Louis Carpenito, former vice president of information security business strategy at Symantec.
"The development environment and quality assurance environment have always been…significantly more open and free," said Louis Carpenito, former vice president of information security business strategy at Symantec.
- Oct 15 Mon 2007 09:51
E-Bay of Zero-Day Bugs Plans Expansion
WabiSabiLabi made a bit of a scene when officials there announced they created a marketplace for security researchers to hawk their findings to the highest bidder.
Roughly two months after its creation, company officials are touting what they say is the success of their marketplace, which has had some 160,000 unique visitors, and is looking to expand.
Roughly two months after its creation, company officials are touting what they say is the success of their marketplace, which has had some 160,000 unique visitors, and is looking to expand.
- Oct 15 Mon 2007 09:28
Bug fixed in Flickr-to-Twitter code?
There was definitely a bug in the code that processed Flickr categories in Twittergram. If you'd specify that a picture required a tag, and one of the pictures didn't have it, all the other new pictures would be ignored, whether they had the tag or not. Permalink to this paragraph
Some people who used the category tagging feature didn't notice this problem because they never uploaded pictures without the tags. Permalink to this paragraph
Some people who used the category tagging feature didn't notice this problem because they never uploaded pictures without the tags. Permalink to this paragraph