And the winners of oldest incident contest are…
Open Security Foundation’s DataLossDB has announced the winners of oldest incident contest.
Read more via SecuriTeam Blogs entry.
Read more via SecuriTeam Blogs entry.
Open Security Foundation - an organization behind OSVDB and DataLossDB has launched a competition to find the oldest documented data loss incident.
The last day to make a submission is next Friday - 15th May.
This reminder was posted to my SecuriTeam Blogs section too.
After a delay of weeks I have posted an entry to SecuriTeam Blogs. The subject is Give me your fingerprints, I’ll sell you a mobile phone.
The fact is that in Mexico mobile phone companies are building a database of their clients, complete with fingerprints.
Read more here.
The new Trojan for Mac was found and the name of the malware is OSX.Lamzev.A.
This Trojan has been covered at my most recent SecuriTeam Blogs entry.
RSA Security’s Blog has released information about the seriousness of the Sinowal banking Trojan - including some statistics.
This was covered in my newest SecuriTeam Blogs post.
A list of hundreds Windows machines has been released by 0x000000.com. The list entitled RPC Worm Victim List states that the victim machines are mainly Windows XP machines (i.e. MSIE 6.0 or MSIE7.0; Windows NT 5.1 in browser’s user agent).
I made a script yesterday to generate WHOIS queries and the results say that the victim machines are located mainly in Asian area.
There is one machine registered to Microsoft IP too.
Link to my newest SecuriTeam blog entry.
I have released an FAQ document about critical Windows RPC vulnerability MS08-067 at SecuriTeam Blogs site. The document will be updated during the Sunday (Finnish time) and hyperlinks will be added.
Link to the document below:
Microsoft Windows RPC Vulnerability MS08-067 (CVE-2008-4250) FAQ - October 2008
Update: hyperlinks added, new information added and several updates
Overall three vulnerabilities have been reported in Apple's iPhone this month.
All of these affect to the most recent Phone version 2.1.
The summary about SMS information disclosure vulnerability and Mail's phishing and spamming vulnerability can be read via my newest SecuriTeam Blogs entry. Visit the link here.
The Hacker’s Choice group has managed to clone a chip of RFID-based passport and of course, they used the name, DOB and photo of Elvis Aaron Presley. This is the subject of my SecuriTeam Blogs entry posted recently.
Demonstration video and some technical information can be found here.
First time in the history of Anti-Phishing Working Group (APWG) the number of phishing reports received and new phishing sites discovered decreased at the end of period (i.e. Mar ‘08).
The number of crimeware-spreading URLs rose to a new record, in turn.
The release of the APWG Q1 report [pdf] is the subject of my SecuriTeam Blogs entry written today.
New information about the "important infrastructure issue" affecting to Fedora Project has been released today.
Mr. Paul W. Frields, Fedora Project Leader has posted an announcement about the facts, including:
"One of the compromised Fedora servers was a system used for signing Fedora packages."
More information available at
redhat.com/...announce-list/2008-...
and
It is not known if Sun Microsystems or Nokia Corp. paid €20 000 to get the detailed information about J2ME vulnerabilities affecting to Nokia Series 40, but both of the companies have confirmed the existence of these vulnerabilities.
Read more via my SecuriTeam Blogs entry.
Update 22nd Aug: The IDG.No reports that
“Gowdiak would not disclose if he was paid, but said that only reputable, vetted companies that pay would get the full research, which amounted to 180 pages and 14,000 lines of proof-of-concept code.
Nokia has a complete copy of Gowdiak’s research, said Mark Durrant of Nokia’s corporate communications.”
There are several means how you can detect if there are spying devices etc. installed to workstations in your organization. This topic is the subject of my newest SecuriTeam Blogs entry - follow the link here.
A new entry has been added to my SecuriTeam Blogs blog (in fact more than 24 hours ago already).
It discusses about the recent J2ME vulnerabilities discovered by Adam Gowdiak affecting to at least tens of millions Nokia Series 40 Java phones.
Update 14th Aug: Added link to the Nokia listing of S40 models.
There was two separate malwares spreading in the social networking site Facebook (and MySpace was affected as well). Until the Facebook security team had capable to block the Koobface worm we had a protection via Windows-based anti-virus software.
Russian-based Kaspersky Lab reported about the existence of the worm on 31th July. It took several days until there was coverage malware write-ups available from notable anti-virus vendors.
The following malware names have been assigned by the AV industry (listed in alphabetical order):
McAfee – W32/Koobface.worm
BitDefender – Win32.Worm.KoobFace.A
Kaspersky Lab – Net-Worm.Win32.Koobface.b
Panda Security – Boface.A [their technical name is W32/Boface.A.worm]
Sunbelt Software – Net-Worm.Win32.Koobface.b
Sophos – detected proactively as Mal/Heuri-D, Mal/Heuri-E, Mal/Emogen-N and Mal/Packer
Symantec – W32.Koobface.A
The protection exists before the write-up release in many cases, however.
You can read the entire SecuriTeam Blogs entry written on Friday here.
It was three years again - on Monday 25th Jul 2005 when Aviram Jenik posted his entry entitled First Post to SecuriTeam Blogs site.
The fact is that according to their statistics there are currently 1,037 posts and 3,435 comments written.
This anniversary is covered at this post. You can find the SecuriTeam Blogs main page here.
In many Microsoft Word zero-day vulnerabilities since 2006 Word Viewer utility is being included to affected products.
This week the situation is different, however.
Read my entry related to the most recent vulnerability (disclosed via targeted attacks, naturally) from SecuriTeam Blogs - link here.
Mr. Sebastian Muniz, Core Security presented the Cisco IOS rootkit last week as promised - and it appears that Cisco guys have this presentation or they were at EuSecWest listening Mr. Muniz. I don't know the answer, but Cisco has updated its response document, see my latest SecuriTeam Blogs entry.
There has been a less active period because my girlfriend takes my time;-) but I'll post to my SecuriTeam blog in the near future, absolutely.
Link to the entry mentioned is here, post #1096 at SecuriTeam Blogs, BTW.
In mid-January Microsoft confirmed that a new, previously unknown Excel vulnerability was used in targeted attacks. Anti-virus vendors had information about these Trojan several days earlier. This week US-CERT issued a warning about the new wave of exploitation.
After more than two months there is a fix available for this extremely critical Microsoft Excel vulnerability.
My newest SecuriTeam Blogs entry goes to details of this Excel vulnerability.
