ecunia Advisory: | SA27063 | |
Release Date: | 2007-10-05 | |
Critical: | Moderately critical |
|
Impact: | Manipulation of data |
目前分類:資安新聞 (704)
- Oct 08 Mon 2007 10:53
Web Templates Management System "id" SQL Injection
- Oct 08 Mon 2007 09:51
9月份10大惡意軟件排名出爐 P2P高居榜首
賽迪網訊10月6日消息,據國外媒體報導,國際知名殺毒軟件廠商BitDefender日前公佈了今年9月份十大惡意軟件排名,結果p2p.puce.g高居榜首。
BitDefender數據顯示,今年9月份,win32.worm.p2p.puce.g佔全部惡意軟件的比例的11.1%,排名首位。worm.rjump.k以10.3%的比例緊隨其後。
BitDefender數據顯示,今年9月份,win32.worm.p2p.puce.g佔全部惡意軟件的比例的11.1%,排名首位。worm.rjump.k以10.3%的比例緊隨其後。
- Oct 06 Sat 2007 17:28
魔獸世界遭入侵!鎖卡駭千人 遊戲公司也損失上百萬!
在國內有數十萬名玩家的網路線上遊戲「魔獸世界」,近來疑似被駭客入侵,破解了中華電信的小額付款機制,先是盜取了上百名玩家的帳號和密碼後,冒名大量購買點數卡,再低價上網拍賣,造成上千名玩家遭到停卡,遊戲公司也損失上百萬元!
來自不同背景的玩家,一塊在虛擬世界裡奮勇殺敵,刻畫精緻的怪物,還有震撼的場景,線上遊戲魔獸世界吸引全球超過八百萬的會員,光在台灣每天就有12萬人上線,不過,最近卻成了詐騙集團下手的目標。
中華電信數據分公司協理劉伴和說:「(駭客)就發一個E-mail給客戶,然後客戶不小心就把它一點,一點就叫他(玩家)去把這個,程式安裝在電腦裡面,那個電腦裡面,就等於有一個間諜(木馬程式),在它的電腦裡面。」
- Oct 05 Fri 2007 14:53
[大砲開講]女人國女性購物社群入口網站被植入惡意連結
女人國女性購物社群入口網站被植入惡意連結,此惡意程式為 TROJ_DLOADER.PMG,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。
詳情按此 rogerspeaking.blogspot.com/2007/10/blog-post_8806.html
詳情按此 rogerspeaking.blogspot.com/2007/10/blog-post_8806.html
- Oct 05 Fri 2007 14:52
[大砲開講]創意先進有限公司(HOT)網站被植入惡意連結
創意先進有限公司(HOT)網站被植入惡意連結,此惡意程式為 PWS-Lineage,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒 (此惡意程式會竊取帳號與密碼)。
詳情按此 rogerspeaking.blogspot.com/2007/10/hot.html
詳情按此 rogerspeaking.blogspot.com/2007/10/hot.html
- Oct 05 Fri 2007 14:51
[大砲開講]彰化秀傳紀念醫院網站被植入惡意連結
彰化秀傳紀念醫院網站被植入惡意連結,(目前中華電信的ADSL無法連上此惡意連結,不知其他ADSL可以嗎?),最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。
詳情按此 rogerspeaking.blogspot.com/2007/10/blog-post_04.html
詳情按此 rogerspeaking.blogspot.com/2007/10/blog-post_04.html
- Oct 05 Fri 2007 14:49
[大砲開講]僑光技術學院網站被植入惡意連結
僑光技術學院網站被植入惡意連結,此惡意程式為 TROJ_DELF.HYF,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: Jimau)
詳情按此 rogerspeaking.blogspot.com/2007/10/blog-post.html
詳情按此 rogerspeaking.blogspot.com/2007/10/blog-post.html
- Oct 05 Fri 2007 14:33
[轉貼]國際「黑客」猖獗震驚全球 解密黑客七大類
本月,國際黑客的猖獗再次震驚全球。在不到半個月的時間裡,黑客兩度攻入聯合國官方網站,甚至篡改聯合國秘書長潘基文發表聲明的網頁。
網絡科技的發展為人類帶來便利。但與之相應產生的黑客群體,也給人們的生活、經濟、甚至國家安全造成巨大的威脅。在網絡時代裡,黑客永遠是一個我們繞不過去,時刻警惕的神秘群體。
網絡科技的發展為人類帶來便利。但與之相應產生的黑客群體,也給人們的生活、經濟、甚至國家安全造成巨大的威脅。在網絡時代裡,黑客永遠是一個我們繞不過去,時刻警惕的神秘群體。
- Oct 05 Fri 2007 14:31
[轉貼]IBM:微軟、蘋果、甲骨文最易受攻擊
IBM最新研究表明今年上半年有五大廠商受攻擊的次數最多,共被攻擊411次佔已知攻擊總數—3272的12.6%。
在2007年上半年,微軟是最易被攻擊的,被攻擊次數最多,Apple第二位,Oracle第三。IBM的Internet Security Systems' X-Force R&D部門在當地時間9月17日公佈了這份全球攻擊報告。具體數字如下:
在2007年上半年,微軟是最易被攻擊的,被攻擊次數最多,Apple第二位,Oracle第三。IBM的Internet Security Systems' X-Force R&D部門在當地時間9月17日公佈了這份全球攻擊報告。具體數字如下:
- Oct 05 Fri 2007 14:28
[轉貼]俄羅斯黑客發表文章 指出卡巴斯基6.0和7.0留後門
9月12日下午,Rootkit技術研究網站www.rootkit.com上發表了俄羅斯黑客EP_X0FF的一篇文章:(卡巴斯基反病毒軟件6/7中的黑客後門)
EP_X0FF是著名的俄羅斯黑客,曾開發過Rootkit Unhooker,Process walker等國際領先的反ROOTKIT軟件,並擔任微軟SysInternals技術論壇的Malware(惡意軟件)版版主。
EP_X0FF是著名的俄羅斯黑客,曾開發過Rootkit Unhooker,Process walker等國際領先的反ROOTKIT軟件,並擔任微軟SysInternals技術論壇的Malware(惡意軟件)版版主。
- Oct 03 Wed 2007 15:38
JVN#61208749 Webmin における OS コマンドインジェクションの脆弱性
ウェブベースのシステム管理ツールである Webmin には、許可されていない Webmin ユーザが OS コマンドを実行できる脆弱性があります。
Windows 版 Webmin 1.360 およびそれ以前
- Oct 03 Wed 2007 11:59
Hackers Push Trojan With Promises of 'Nude Angelina Jolie' Pics
Malware writers in September were sending out waves of spam in an attempt to infect computers with the Pushdo Trojan horse by offering pictures of naked female celebrities.
By Sharon Gaudin
By Sharon Gaudin
- Oct 03 Wed 2007 11:57
Top 14 VoIP vulnerabilities
he new book “Securing VoIP Networks,” the vulnerable side of VoIP
By Ellen Messmer, Network World, 10/01/07
By Ellen Messmer, Network World, 10/01/07
- Oct 03 Wed 2007 11:54
Simulated attack shows vulnerable U.S. power infrastructure
A report this week on CNN that showed how a software vulnerability in a control system could be used to physically destroy power grid equipment refocused attention on an issue that some have been quietly trying to fix for several years.
The CNN segment, which aired Thursday, showed a turbine being reduced to a smoking, shuddering, metal spewing mess as the result of malicious code execution on the computer controlling the system.
The CNN segment, which aired Thursday, showed a turbine being reduced to a smoking, shuddering, metal spewing mess as the result of malicious code execution on the computer controlling the system.
- Oct 03 Wed 2007 11:51
CERT Advances Secure Coding Standards
he secure coding movement got a little boost today as CERT and Fortify Software announced that they have teamed up to automate part of the process of building security into software -- specifically, automating compliance with CERT's C and C++ Secure Coding Standard.
CERT is translating its guidelines into a coding format that will run on Fortify's Source Code Analysis tool. The resulting software module will be available for free from CERT, so other tool vendors can convert it to their products, and organizations that do in-house testing can use it with their tools as well.
CERT is translating its guidelines into a coding format that will run on Fortify's Source Code Analysis tool. The resulting software module will be available for free from CERT, so other tool vendors can convert it to their products, and organizations that do in-house testing can use it with their tools as well.
- Oct 03 Wed 2007 11:46
Leaky Spy Tools?
One of the difficulties with spy tool applications is that even if they are legitimately used – the application vendor still has the problem of properly handling confidential data.
Case in point: Mobile-Spy for Windows Mobile.
Case in point: Mobile-Spy for Windows Mobile.
- Oct 03 Wed 2007 11:43
Hackers Control PCs While Users Unaware
BOSTON - A few weeks ago Candace Locklear's office computer quietly started sending out dozens of instant messages with photos attached that were infected with malicious software.
She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.
She was sitting at her desk, with no sign that the messaging software was active. By the time she figured out what was going on, several friends and colleagues had opened the attachments and infected their computers.
- Oct 03 Wed 2007 11:40
Web SWAT Initiative Targets Threats
- Oct 03 Wed 2007 10:11
You Wouldn't Actually Turn Off Your Firewall, Would You?
October 1, 2007
By Larry Seltzer
For weeks now I've been thinking on and off about "deperimeterization," a term that has been used in a variety of ways for years. Some analyst talk got it in the news recently.
By Larry Seltzer
For weeks now I've been thinking on and off about "deperimeterization," a term that has been used in a variety of ways for years. Some analyst talk got it in the news recently.
- Oct 03 Wed 2007 09:39
Comparison Shows Very Little Shift in PCI Failures