Subscribe to Security and ISM News

Massive SQL Injection Attack Hits Internet

By Liam Reimers | April 5, 2011

On Thursday, March 31st, information security firm Websense reported that a massive SQL injection attack, dubbed “LizaMoon,” was rapidly circulating the Internet.

LizaMoon uses a common URL encoding tactic to update SQL database tables on servers that are susceptible to the attack, effectively editing live website data. It exploits this breach to insert Javascript into the affected websites which leads users to a scareware scam site.

In response to this attack, the ISM team added a pair of rules to the Intrusion Prevention System (IPS) to protect both servers and users behind the ISM. Today, the BBC reported that due to the quick response of security firms like the ISM team, very few people were actually affected by the attack.

Topics: ISM Updates, Malware and Viruses, Security News

BlackBerry Releases Patches for Enterprise Server

By Liam Reimers | October 14, 2010

Today, BlackBerry released patches to address a vulnerability in the PDF distiller component of the BlackBerry Attachment Service for BlackBerry Enterprise Server (BBES).

Listed as BlackBerry KB24547, the have scored it using the Common Vulnerability Scoring System (CVSS) at 7.6. This scale ranges from zero (0) through ten (10), and 7.6 is classified as “High” risk, just one rating below the most severe rating of “Critical.” This score is due to the nature of the vulnerability – buffer overflow errors that could lead to a DoS condition or even arbitrary code execution on the system with BBES installed.

BlackBerry Enterprise Server Administrators are urged to patch immediately.

Related Links:

BlackBerry KB24547:
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547

CVSS at Wikipedia:
http://en.wikipedia.org/wiki/CVSS

Topics: Security News

Microsoft Patches A Record 49 Vulnerabilities

By Liam Reimers | October 12, 2010

It’s “Patch Tuesday,” and Microsoft has issued patches to correct a record 49 separate vulnerabilities in its Windows operating systems and other Microsoft software.

These updates include patches rated “Critical,” Microsoft’s most severe security rating, reserves for vulnerabilities that are currently being exploited to allow attackers to remotely control affected systems. Some of the critical patches affect Internet Explorer versions 6 through 8, meaning a computer could be compromised simply by web surfing to a malicious site.

Microsoft and UIA recommend all users and system administrators patch their systems immediately.

Related Links:

Microsoft Windows Update:
http://update.microsoft.com/

Microsoft Security Research and Defense Blog:
http://blogs.technet.com/b/srd/

ISC SANS Black Tuesday Roundup:
http://isc.sans.edu/diary.html?storyid=9736

Topics: Security News, Windows Security News

Microsoft Releases “Important” ASP.Net Patch

By Liam Reimers | September 28, 2010

Today, Microsoft released an out-of-band security bulletin that addresses a vulnerability in ASP.Net. ASP.Net is a software component used in the Microsoft web services software, and according to the Microsoft Security Blog, affects “all versions of the .NET Framework when used on Windows Server operating systems. Windows desktop systems are listed as affected, but consumers are not vulnerable unless they are running a Web server from their computer.” The listed operating systems include Windows XP, Vista, Windows 7, Server 2003, and Server 2008.

The vulnerability has been classified as “Important,” just one step below “Critical.” An “Important” rating is described by Microsoft as, “a vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users data, or of the integrity or availability of processing resources.”

This is a publicly disclosed vulnerability, and attacks have already begun. The Microsoft Security Blogs notes: “Based on our comprehensive monitoring of the threat landscape, we have determined an out-of-band release is needed to protect customers as we have seen limited attacks and continued attempts to bypass current defenses and workarounds.”

System administrators should update their servers and any workstations running web services immediately. The update will be available immediately through the Microsoft Download Center, and through Windows Update and WSUS in the coming days.

Related Links:

Microsoft Advance Security Bulletin:
http://www.microsoft.com/technet/security/bulletin/ms10-sep.mspx

Microsoft Security Blog Post:
http://blogs.technet.com/b/msrc/archive/2010/09/27/out-of-band-release-to-address-microsoft-security-advisory-2416728.aspx

Microsoft Download Center:
http://www.microsoft.com/downloads/en/default.aspx

Topics: Windows Security News

64-bit Linux local kernel exploit

By Kevin Rhodes | September 20, 2010

An announcement was made on September 19, 2010, that a vulnerability has existed in the 64-bit Linux kernel for approximately two years.  The vulnerability requires local access to the server in question to exploit, but the exploit is trivial to execute.  While local root access to the server is bad enough, there is also a back-door that is installed that allows remote execution of code on the exploited server.

Several Linux distributions have already published kernel updates that address the issue, with others soon to follow.  There are also third-party patch and detection tools that can be utilized to discover and treat an exploited system.

This type of exploit points out the need for a tiered security policy.  In this case sound physical security would preclude a machine being hacked by this mechanism.  But if you don’t know that your system has been physically protected 24/7…  You may be a victim.

Additional reading:
http://linux.slashdot.org/story/10/09/20/0217204/Linux-Kernel-Exploit-Busily-Rooting-64-Bit-Machines

Test Tool:
https://www.ksplice.com/uptrack/cve-2010-3081.ssi.xhtml

Topics: Security News

Severe Remote Code Execution Vulnerability in Windows

By Liam Reimers | July 15, 2009

On Monday, July 13, Microsoft published a security advisory that describes a flaw in Microsoft Office Web Components that could allow an attacker to take over your PC just by visiting a web page in Internet Explorer or opening an HTML email in Outlook, Outlook Express, or any client that utilizes the Microsoft HTML rendering engine. This affects your Windows PC even if you don’t have Microsoft Office installed, and even if you have all the latest updates and service packs from Microsoft. In other words, everyone is vulnerable!

There are already confirmed cases of this ActiveX exploit being used on the World Wide Web, but even more dangerous, you could be vulnerable to it just by opening an email in Outlook or Outlook Express. If you have configured your email program to block the execution of ActiveX and Active Scripting controls, you could still be vulnerable if you click a link that takes you to an external web page that contains an attack using this vulnerability.

Microsoft plans to deploy a critical security update to repair the problem, however, until that happens, your computer is vulnerable to being taken over. Microsoft has issued a temporary workaround for the problem, and the Security Desk recommends that all its customers run this fix immediately to protect your computer from attackers.

Please visit this link right away and apply the fix by clicking the “Fix It” icon:
Knowledge Base Article (and Fix): http://support.microsoft.com/kb/973472

Related Link:
Security Advisory: http://www.microsoft.com/technet/security/advisory/973472.mspx

Topics: Windows Security News

Microsoft Patches Two Critical Vulnerabilities in Exchange

By Craig Cocca | May 27, 2009

Microsoft has released two critical updates for its Exchange product, to patch two security holes that permit remote code execution and DoS attacks. We recommend that all customers using Exchange apply the patch referenced in the following MS Technet bulletin immediately:

http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

If you have an Internet Security Manager running in Mail Forward Exchange mode with Spam and Virus protection enabled, you will be protected from these exploits, but you should still patch Exchange as soon as possible.

Topics: Malware and Viruses, Security News, Windows Security News

Conficker Worm Update

By Craig Cocca | March 31, 2009

Tomorrow is April 1st, which is the date that security experts predict that the prevalent Conficker/DownADUp Worm will receive new commands from its creator and possibly wreak havoc on infected computers throughout the world. Researchers do know that the worm will evolve on this date, but they don’t know for sure what will happen once this evolution occurs. Most experts agree that “probably nothing” will happen, but users are urged to take precautions to make sure they’re protected with the latest updates, as well as virus and malware scanning software.

For the past several months, the Internet Security Manager team has been working to block Conficker from being able to connect to its command and control server through proxy blocks and Intrusion Detection Rules. Nevertheless, this virus is best at spreading throughout Windows networks internally, and we have received many reports of networks being attacked when one computer on the network becomes infected via a USB drive or other removable media, and then the entire network falls victim to the virus soon after. Therefore, we are advising customers to make sure their Windows PCs are patched with the latest Windows updates, and to run the Microsoft Malicious Software Removal Tool, which can be found at:

http://www.microsoft.com/security/malwareremove/default.mspx

More on the worm can be found at:

http://support.microsoft.com/kb/962007

Topics: Malware and Viruses, Windows Security News

Microsoft Issues Critical Patches for IE and Exchange

By Craig Cocca | February 11, 2009

Microsoft issued several patches yesterday to correct critical vulnerabilities in Exchange and Windows. The Exchange vulnerabilities are particularly alarming, as they allow an attacker to send a specially crafted e-mail to an Exchange server, which triggers the exploit and allows the attacker to take control of the Exchange server remotely.

The Internet Security Manager provides a comprehensive spam e-mail filtering system that stops not only spam, but also viruses, trojans, and other e-mail threats in their tracks. The ISM can be placed inline with an Exchange server using our Mail Forward Exchange technology to stop e-mail threats in their tracks before they ever reach your mail server. Placing the ISM in front of an Exchange server provides a safe, secure, easy to install solution that can eliminate spam and protect your mail server. For more information, please contact your ISM sales representative.

For more information on this week’s Microsoft security patches, please see http://voices.washingtonpost.com/securityfix/2009/02/critical_ie_exchange_flaws_in.html?wprss=securityfix?hpid=sec-tech

Topics: Malware and Viruses, Security News, Windows Security News

Computers Being Infected with Malware Via Windshield Ticket

By Craig Cocca | February 9, 2009

Over the weekend, a new (and completely novel) malware attack vector came to light in several website and blog posts. Someone in Grand Forks, North Dakota has been placing fake parking notices on the windshields of cars in the area, with instructions to take care of the ticket by going to a certain web site. When that web site is visited with Internet Explorer, it installs a malicious Browser Helper Object (BHO) that propagates the malware to the visitor’s computer. This is an excellent example of social engineering being used to compel users to install malicious software on their computer, despite other security measures that might be in place to prevent such an attack.

More on this story can be found at http://community.zdnet.co.uk/blog/0,1000000567,10012076o-2000331828b,00.htm

Topics: Malware and Viruses, Windows Security News

« Previous Entries Back to Top