Network Associates reports multiple vulnerabilities in its McAfee ePolicy Orchestrator (ePO). The flaws could allow a number of malicious actions to occur, including obtaining the SA password, stopping the service, overwriting data and/or executing arbitrary code. The vulnerabilites affect ePolicy Orchestrator 2.0, 2.5 and 2.5.1 and 3.0. NAI Security Bulletin 01:54 PM#
A vulnerability affecting Microsoft operating systems has many security experts nervously forecasting a worm exploiting the flaw and prompting the U.S. Department of Homeland Security to issue an alert in which the department noted its concern "that a properly written exploit could rapidly spread on the Internet as a worm or virus in a fashion similar to Code Red or Slammer."
07:13 AM#
DirectX a Direct Threat to Users
Home users are particularly susceptible to a flaw discovered in Microsoft's DirectX technology which can allow an attacker to run malicious code on an affected user's systems, operating with the same rights and privileges as that user. The vulnerability can be exploited via a specially crafted MIDI file engineered to take advantage of a buffer overflow flaw in the technology. If such an exploit were sent via email, Microsoft Outlook and Outlook Express could automatically launch the malicious MIDI file. Microsoft has issued a critical patch to resolve this security issue. Microsoft Security Bulletin MS03-030.
11:42 AM#
A Trojan disguising itself as correspondence from well-known banking entities Wells Fargo, Citibank, and E-Loan has been plaguing users with messages purporting to be rejected loan applications. The message claims the attached file is the rejected application, when in fact it is the insidious Webber Trojan. Read the article.
If you've received an email attachment you aren't sure about, save it to your local drive or floppy disk, then upload it to the Kaspersky On-line Virus Checker for a quick, free, and effective scan.
06:52 PM#
Gillette Cam SpyWear
Bad enough we have to worry about our computers hosting unwelcome programs that spy on our activities, via Spyware. In April we brought you info about RFID technology which threatened to introduce SpyWear to our persons. Now it seems that Gillette Mach3 razor blades sold at a Cambridge store are outfitted with this RFID technology, snapping customers' photos when they remove a packet of the blades for purchase.
Tesco tests spy chip technology Free Spy in Every Pack Slashdot discussion 01:53 PM#
Could your computer be a criminal?
One thousand home computers hijacked and used to serve up pornography. Perhaps tens of thousands co-opted by the “SoBig” virus, many of them turned into spam machines. Hundreds of other home computers loaded with secret software used to process stolen credit cards. If your biggest computer crime fear was lost or stolen files, think again: Someone may be using your PC to commit crimes...read more 01:58 PM#
Sophos Debuts Antivirus for Mac OS X
Antivirus vendor Sophos will be introducing Sophos Anti-Virus for Mac OS X at the MacWorld Expo on July 16-18. In addition to on-demand detection and disinfection of local, network, and removeable drives, SAV for OS X will offer InterCheck for on-access scanning, centralized installation and centralized management capabilities suitable for large enterprises. Also see: Sophos Press Release | Macintosh Antivirus Products 03:25 PM#
Antivirus developer Sophos is warning customers to be extra vigilant about reading licensing agreements before agreeing to having software installed on their system. In question are the tactics used by Avenue Media, a Curacao-based company sending email and Instant Messenger invitations to view free "funny" video clips of everything from Bill Gates getting a pie in the face to cows caught in compromising positions. Users who click through to take advantage of the invitation may receive a lot more than they bargained for...read more.
11:40 AM#
In late June 2003, spam-fighters from the news.admin.net-abuse.email Usenet group noticed a particular spammer seemed to be able to move his websites around at will, minute-by-minute. Joe Stewart, GCIH, Senior Intrusion Analyst at LURHQ Corporation, analyzes the Trojan responsible for these dynamically shifting spam servers.
01:19 PM#
GFI has released a paper that exposes how hackers
can elude anti-virus software with custom Trojans.
As Trojans are increasingly being used to steal
credit card data, passwords, and other sensitive
information, and to launch electronic attacks against
targeted organizations, GFI's latest white paper
aims to help network administrators tackle this
growing problem.
11:13 AM#
Hacker Tracker Victim of Challenge
In an ironic twist, zone-h.org, the hack-tracking site which would have served as a sort of virtual scorecard for the July 6th Hackers Challenge, was subjected to a DDoS attack of sorts as curious onlookers jammed the superhighway to their servers. Though otherwise uneventful - only small sites with poor security seemed to be vandalized, with the designated reporting site unable to provide tracking it's doubtful the real success or failure of the contest can be known.
10:58 AM#
A coordinated hacking contest set for Sunday, July 6th, have some government agencies and security experts issuing warnings. The hacking contest organizers award points based on skill and speed and apparently feel hacking the Windows operating system is too trivial to be worth much. Microsoft Windows OS hackers will receive only a single point, whereas the presumably more secure HP-UX and Macintosh OS will garner up to 5 points. Average users have little to fear from such contests, but the publicity surrounding it could cause copycats to unleash malicious code. Computer Safety Tips outlines a few simple steps that can provide a good measure of security to home users.
01:20 PM#
| 