Beware of Myanmar Aid Scams & Trojans

Posted on by
Reply

Nothing like a disaster to bring out the crimeware.

Keep your eyes open for disaster and aid oriented phishing and trojan scams. There is likely to be the same types of attacks that we have seen with other disasters. We can expect everything from Trojan horses designed to look like headline update tools, phishing schemes asking for donations, basic client-side exploits from web and HTML emails and the usual myriad of outright fraud.

Basically, if you really want to help folks, drop by known and trusted organizations such as the Red Cross, etc.

Be on the look out for strange network activity as this is likely going to be a basis for growing the bot-nets by yet another expansion.

SQL Injection Worms Infecting New Sites

Posted on by
Reply

Attacks continue in the wild against ASP pages with SQL injection flaws. It appears that the worm is injection scripts and iframes into the webpages which then forwards users to another page with an exploit embedded. The exploits are believed to be based on recent Real Player vulnerabilities. take over visitors to the websites. It looks like the infection of user machines is by Real Player vulnerabilities that seem more or less detected pretty well. It’d be a good idea to make sure everyone has Real Player updated if it is installed as a precaution for users that may visit any infected site.

Windows XP Service Pack 3

Posted on by
Reply

Windows XP Service Pack 3 has been released. This long awaited update to Windows XP offers some enhanced security features borrowed from Windows Vista and a few other things. Rolling out this service pack will also install all of the Windows updates released since service pack 2. Some of the enhancements in SP3 includes black hole router detection, network access protection, enhanced security for administrator and service policy entries, and a kernel mode cryptographic module.

Akamai Download Manager Vulnerability

Posted on by
Reply

Akamai Download Manager installs an ActiveX control if a user uses the ActiveX download manager. The ActiveX control will remain installed on the users computer until manually removed. A program execution vulnerabillity has been identified within this ActiveX control. This problem is due to two undocumented object parameters. By using these parameters in a malicous website, it is possible to cause the Download Manager to automatically download and execute arbitrary applications from malicious hosts.

Akamai has released a new version of the download manager to correct this issue. MicroSolved recommends updating to the newest version if you have ever used the Download Manager. It is also possible to manually remove the ActiveX control, or set the kill-bits for this control to disable it.

Lotus Expeditor Client Vulnerability

Posted on by
Reply

A vulnerability in IBM Lotus Expeditor has been identified, which could be exploited to compromise a user’s system. The issue is that the application registers the “cai” URI handler, which allows launching rcplauncher.exe with arbitrary command line arguments. This can be exploited to execute arbitrary by having a user click on a malicous url link. It’s reported that Lotus Expeditor Client for Desktop versions 6.1.0, 6.1.2, and 6.1.2 are vulnerable. Contact IBM Support to request a patch to mitigate this issue.

WordPress Code Execution Vulnerability

Posted on by
Reply

Two new vulnerabilities have been identified in WordPress 2.5. The vulnerabilities could allow an attacker to conduct xss attacks, bypass some security restrictions, compromise the vulnerable system. The first vuln could allow an attacker to bypass the authentication mechanism by creating a cookie with certain settings.

The second vulnerability is caused by passing input to an unspecified parameter which is not properly sanitised by the server. This vulnerability can be exploited to execute arbitrary script code in a user’s browser session.

All users should update to the latest version of WordPress, version 2.5.1.

Perl 5.8.8 Vulnerability – Trillian 3.1 Long Nick

Posted on by
Reply

A double free vulnerability exists in perl 5.8.8. A result of a UTF8 crafted regular expression, this vulnerability could cause a denial of service on certain operating systems. This has not been fixed as of the time of this writing.

A curious vulnerability has been announced for Trillian 3.1 where a specially formed nickname can cause a buffer overflow in Windows. Very few details are available at this time, and an exploit hasn’t been released, but I wouldn’t expect it to be long before we see a real PoC.

VoIPER – A VoIP Fuzzing Tool

Posted on by
Reply

VoIPER, a VoIP fuzzing framework, has been released. This tool includes a suite built on the Sulley fuzzing framework and a SIP torturer. The fuzzer currently incorporates tests for SIP INVITE, SIP ACK, SIP CANCEL, SIP request structure, and SPD over SIP. VoIPER, and tools like it, are likely to increase the likely hood that additional SIP vulnerabilities will be found. Proper architecture and configuration surrounding a SIP implementation is likely to reduce the potential for compromise in almost all scenarios.

Here We Grow Again! — MSI is Hiring!

Posted on by
Reply

MSI is seeking a technical leader with an understanding of Linux, networking and an interest in information security. The main focus of this position is project/engagement management, but the successful candidate will also need to be able to participate in security testing as a member of our team. They should have excellent written and verbal communication skills and not be afraid of dynamic environments. Public speaking, customer presentations and technical writing definitely go in the “plus” column.

The position is full time, located in Columbus, Ohio and has excellent benefits, a friendly and casual working environment and minimal travel. It also includes working with our team and being the best that the security industry has to offer.

If you would like more information about this position, please send your resume to bhuston**AT**microsolved.com.