06-29-2009 11:28 Interoute Internet Attacks Barometre online Interoute's Internet Barometer shows real-time statistics on Internet attacks worldwide and provides information on the source of those attacks. The source of attacks indicates potentially hostile organizations and networks. So, the Barometer identifies whether the perpetrator is a "known Bad Guy"; a spoofer who is trying to hide his or her identity by using different IP addresses; or an unknown attacker. The Internet Barometer is only possible because of the integral role Interoute plays (...) - Security Tools / Data Mining, Network Monitoring, Interoute Tools :: security-database Povezani zapisi: 03-10-2010 18:47 Microsoft re-release of KB973811 - attacks on Extended Protection for Authentication, (Wed, Mar 10th) Yesterday Microsoft re-released KB973811 ==http://www.microsoft.com/technet/security/advisory/973811.mspx This relates back to the original KB973917 == http://support.microsoft.com/kb/973917 and advisory MS09-071 ==http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx This affects the Extended Protection for Authentication functions within XP, Vista and Server 2003 ==http://support.microsoft.com/kb/968389 It didn't show up in yesterday's Patch Tuesday review because Microsoft is classifying it as a non-security upgrade. This is confusing to me, because the update actually includes mitigation against a credential forwarding attack, which you might see on an unencrypted, unsigned connection (yes, there's still a lot of that going around ! ) This update affects XP, Vista and Server 2003. Windows 7 and Server 2008 are not affected. Thanks to our readers on letting us know about this one. I'm still puzzled as to why this wasn't on Microsoft's list of security updates ... =============== Rob VandenBrink Metafore =============== ISC 03-10-2010 16:27 Internet Explorer 0-day targeted in spam runs Hot on the heels of the Patch Tuesday announcements yesterday (see blog or links to vulnerability assessment pages), came the announcement of a new zero-day in Internet Explorer (CVE-2010-0806). Whilst checking through some URLs supposedly serving up malicious code to exploit this vulnerability, I noticed a link to some spam runs from earlier in the week. On March 8th SophosLabs saw spam messages attempting to trick the recipient into visiting rogue web pages. Messages used at least two social engineering tricks to lure victims into clicking the malicious link. the tried and tested “delivery failed, please confirm address details” messages request for details confirmation for insurance quoteExample messages are shown below. In either case, clicking on the link takes the victim to a web page which kickstarts the infection process. Generic detection for the exploit scripts seen thus far has been added as Troj/ExpJS-R. A script used to query the browser/OS version before loading the exploit script (or redirecting to a games site) has been added as Troj/JSRedir-AW. The malicious payloads installed in such attacks are liable to change of course, but the ones seen thus far have been either proactively detected as Mal/Dropper-Y, or added as Troj/Dloadr-CYS. SophosLabs will continue monitoring for new attacks looking to exploit this vulnerability. In the interim, aside from keeping your protection up to date, take note of the following from the Microsoft announcement: Our investigation has shown that the latest version of the browser, Internet Explorer 8, is not affected. If you are an IE user and have not yet upgraded to version 8, take a hint! It is strongly recommended that you do so. Aside from not being affected from this particular issues, there are a whole bundle of other security related features you are missing out on otherwise. The SophosLabs vulnerability assessment page for the IE 0-day vulnerability will be updated accordingly. Sophos 03-01-2010 6:08 AS/NZ "Online Offensive - Fight fraud online" week March 1-7, (Mon, Mar 1st) The Australian Competition Consumer Commission (ACCC) released a report on online fraud today (http://www.accc.gov.au/content/index.phtml/itemId/916075) as part of their awareness campaign Online Offensive - Fight Fraud Online which runs March 1-7. The programme runs every year in Australia and New Zealand and aims to educate people about online scams and is a cooperative effort between government and private enterprise. The idea is to provide non-IT people with some of the tools that they can use to recognise the various schemes. We all know someone who has been taken in. So if you are helping out with Seniors computing courses, or other community computing awareness course, providing some in house training, or even performing internet help desk duties for family members, then you may find some of this information useful. The following sites all have information on the different scams online: www.scamwatch.gov.au - The ACCC also runs the scamwatch website that has a lot of easy to understand information about the various scams doing the rounds. www.fido.gov.au - The Australian Securities and Investments Commission (ASIC) has their Fido web site, look under scams warnings for information. www.lookstogoodtobetrue.com - is a good resource for easily digestible scam information. www.ftc.gov/bcp/menus/consumer/tech/scams.shtm - The FTC site has scam information. It is written in governmentese so you may need to translate, but nonetheless some good information. www.ftc.gov/bcp/menus/consumer/tech/scams.shtm - A second FTC web site with some more specific information www.fbi.gov/cyberinvest/escams.htm - This FBI page has information on some of the newer scams. www.usa.gov/Citizen/Topics/Internet_Fraud.shtml - This internet fraud page provides information on where to report fraud as well as some general information. www.oft.gov.uk/advice_and_resources/small_businesses/scams/ - Some basic info on this UK web site regarding scams www.onguardonline.gov - An interactive site providing some good information to help protect internet users If you have links to government sites specifically related to scams and fraud let us know. Mark ISC 02-28-2010 11:00 Godinu dana besplatno Trend Micro Internet Security 2010 http://shop.trendmicro.com/iomega/en/?sn=f9bj26006x MyCity::Zastita |
