Microsoft Windows, Office and Internet Explorer
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Forefront Edge Security as part of the Microsoft Security Bulletin Summary for April 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.
Microsoft Windows Malicious Software Removal Tool
Microsoft has released an [...]
Read More About - Microsoft Windows, Office and Internet Explorer »
U.S. Electrical Grid Attacked by Hackers
Hackers planted malware onto the network of the U.S. electrical grid. It is likely their intent was to cripple the power infrastructure. According to security researcher Roger Thompson the hackers probably gained access like many others by exploiting holes in software, such as, Windows.
“Any computer connected to the Internet is potentially vulnerable. [...]
Read More About - U.S. Electrical Grid Attacked by Hackers »
Coordinating Virus and Spyware Defense
by CERT
Using anti-virus and anti-spyware software is an important part of cyber security. But in an attempt to protect yourself, you may unintentionally cause problems.
Isn’t it better to have more protection?
Spyware and viruses can interfere with your computer’s ability to process information or can modify or destroy data. You may feel that the more anti-virus [...]
CONFICKER WORM IMPORTANT ANNOUNCEMENT
US-CERT saw no evidence of nefarious behavior associated with Conficker on April 1, 2009. It is important to understand that it is still unclear what Conficker is intended for and capable of doing. Systems with infections must be cleaned now. An infected system could enable an attacker to remotely take control of that system and [...]
Microsoft Security Advisory: Power Point
Microsoft has released security advisory 969136 to address reports of a vulnerability in Microsoft Office PowerPoint. By convincing a user to open a specially crafted Office file, a remote attacker may be able to gain access to the affected system with the same rights as the user running PowerPoint.
US-CERT encourages users and administrators to review [...]
Read More About - Microsoft Security Advisory: Power Point »
Safer Net Surfing
by NIST
When you type www.irs.gov—or the Web address of your bank or an e-commerce site—into your web browser, you want to be sure that no one is hijacking your request and sending you to a bogus look-alike page. You’re relying on the integrity of the Internet’s “phone book,” the Domain Name System (DNS). Computer scientists [...]
Tracking GhostNet: Investigating a Cyber Espionage Network
This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to [...]
Read More About - Tracking GhostNet: Investigating a Cyber Espionage Network »
Conficker Worm Targets Microsoft Windows Systems
US-CERT is aware of public reports indicating a widespread infection of the Conficker worm, which can infect a Microsoft Windows system from a thumb drive, a network share, or directly across the network if the host is not patched with MS08-067.
The presence of a Conficker infection may be detected if a user is unable to [...]
Read More About - Conficker Worm Targets Microsoft Windows Systems »
Java Security Vulnerabilities
Sun Releases Updates for Java SE
added March 26, 2009 at 08:54 am
Sun has released updates for Java SE to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.
US-CERT encourages users to review the Sun Java SE 6 Update Release Notes and upgrade [...]
Microsoft Updates for Multiple Vulnerabilities
Source: US-CERT
As part of the Microsoft Security Bulletin Summary for March 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows and Windows Server.
A remote, unauthenticated attacker could gain elevated privileges, poison the DNS cache, execute arbitrary code, or cause a vulnerable application to crash.
Solution
Microsoft has provided updates for these vulnerabilities in the Microsoft [...]
Read More About - Microsoft Updates for Multiple Vulnerabilities »