Another company gets a laptop stolen with customer data on it. Fortunately this time it appears that all of the sensitive data was encrypted. They’re not sure of the number of customers but affected, but said it was “a very small number”. This is just another incident in a long list of stolen and lost customer information. This time they were prepared, and it’s probably going to save people some grief. If one of your company’s laptops get stolen, will you be just as prepared?
Several vulnerabilities have been identified and subsequently patched in the newest version of Ruby. If you are a Ruby developer, make sure you download this as it contains an important update. A fix for the DNS logic within the resolv.rb script. The update implements randomized source ports, in order to help protect from spoofing attacks. Upgrade to 1.8.6-p286, or 1.8.7-p71, to mitigate this and other issues identified.
There’s a couple malware emails making the rounds right now. One claims to be from the UPS, and the other said to come from CNN.com. The UPS email claims that they tried to deliver a package but the recipient address was wrong. The email contains an attachment invoice which it explains you need to print out and take it to their office. The CNN email contains a subject of “CNN.com Daily Top 10” and includes links that attempt to entice a user to click on them. If you follow the link, you’re redirected to a site and prompted to install an updated flash player. In both cases, of course, the executables are not what they say they are. Usually these emails are fairly easy to pick out due to grammatical and spelling errors. It’s also a good idea to not open any unexpected attachments, even if you believe they’re from a reputable source.
Oracle has released a patch out of cycle in response to an exploit going public yesterday. The flaw allows remote code execution without being authenticated in WebLogic Server and WebLogic Express. Every version of WebLogic from version 6.1 to 10 are vulnerable. This is a critical vulnerability and the patch needs to be rolled out immediately. If for some reason that is not possible, Oracle believes there are two workarounds. The first is using the Apache LimitRequestLine Parameter, or you man also use the Apache mod_security module. Full details of the vulnerability and the workarounds are available here.
An exploit has been released that takes advantage of a vulnerability in OfficeScan 7.3. The vulnerability is within the ActiveX control. Exploitation of this vulnerability allows arbitrary code execution. Trend Micro has already patched this issue, and version 8 of OfficeScan is not vulnerable. So if you are vulnerable, apply the update or upgrade to verson 8.
An exploit for the recent DNS issue has been released in a popular attack framework (Metasploit). This is going to make running the exploit trivial for any would be malicious user that has enough skill to download Metasploit. The exploit claims to only work against Bind 9, but I would be very surprised if it doesn’t work against all the other vulnerable DNS implementations. This issue isn’t just going to go away and hide in a corner somewhere. So, if you haven’t yet patched, DO IT NOW!!.
Apple Mac OS X 10.5 and 10.4 ARDagent (Apple Remote Desktop) contains a vulnerability that allows local users to gain root privileges through an AppleScript command. This issue was first presented last month, but now there are indications that this vulnerability is being actively exploited to install malicious software on target systems. Because this vulnerability is so easy to exploit, and allows root access, there is a potential for a lot of bad things to land on the system, such as rootkits.
At this time there has been no patch provided by Apple. Users are cautioned to only run trusted AppleScripts, and only install trusted applications.
Tomorrow, Microsoft is releasing four security updates for multiple issues affecting Windows, Microsoft SQL Server and Microsoft Exchange Server. All four updates carry a rating of “important”, no “critical” updates on this round. Surprisingly, there’s no update for recent IE vulnerabilities. As usual, these updates should be tested and rolled out as soon as possible.
Microsoft has released a security advisory in response to the rapid increase in SQL injection attacks that have happened lately. This advisory was released to assist Web site administrators in identifying SQL injection issues within their Web application code, and to provide temporary solutions to mitigate SQL injection attacks against the server. The full advisory can be found at http://www.microsoft.com/technet/security/advisory/954462.mspx
It’s good to see Microsoft release such an advisory with explicit details on how to mitigate current issues and avoid SQL injection in the future. We have seen too many applications vulnerable to SQL injection, no matter if they’re ASP, PHP, Perl, Ruby or anything else. If you’re an ASP developer be sure to read this advisory and implement the listed strategies when coding, if you haven’t already.
A new OS X Trojan has been spotted in the wild. The Trojan has been given the identifier “TheOSX/Hovdy-A”, and can perform somewhat advanced attacks against an infected machine. The Trojan takes advantage of a recent escalation exploit within applescript to gain root access to the machine. Once root, the Trojan can manipulate the firewall, steal passwords, and disable security settings. As OS X becomes more popular, we can expect to see more malicious software aimed it. Don’t assume that you’re safe just because you’re on a Mac, follow all of the precautions that your would with any other OS and practice safe surfing!