 
|
|
 |
|
 |
| Home » Publications » AusCERT Web Log » AusCERT Week in Review for 20 May, 2011
|
| |
 |
 |
 |
|
|
|
|
Date: 23 May 2011
Click here for printable version
AusCERT Week in Review
20 May 2011
AusCERT (the conference) is over for another year - and what a week it's been. It began with a light-hearted take on a serious issue - identity theft - explored the new frontiers of SCADA security and future networks, paused for some dinner entertainment and finished with a spirited debate on some of the key questions in IT security. Thanks to everyone, members and people from the local (and international) IT community who attended and made AusCERT2011 what it continues to be: the premier IT security conference in the Southern Hemisphere. See you next year!
This week, Microsoft released the latest version of EMET, the Enhanced Mitigation Toolkit. This tool(kit) is designed to mitigate exploits (even
0-days) by placing additional obstacles to increase the difficulty of attack. Applications for which a patch is not available may be protected by EMET.
For more information about EMET visit:
http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx
Reports emerged this week of Mac-targeted malware, the existence of which means that Mac OSX is now popular enough to make it a tempting target for cyber-criminals. Never have the words "victim of its own success" been more true:
http://blogs.computerworld.com/18296/as_the_mac_gets_targeted_by_malware_the_pc_gets_safer
AusCERT in the Media:
- ---------------------
The AusCERT conference generated a lot of media stories this week, with controversy high on the agenda:
Security experts go to war: wife targeted (SMH) http://www.smh.com.au/technology/security/security-experts-go-to-war-wife-targeted-20110517-1eqsm.html
AusCERT Facebook photo hack may be a test case (SC Magazine) http://www.scmagazine.com.au/News/257826,auscert-facebook-photo-hack-may-be-a-test-case.aspx
AusCERT 2011: Police lack tools to combat cybercrime (CIO) http://www.cio.com.au/article/386769/auscert_2011_police_lack_tools_combat_cybercrime/
AusCERT 2011: Mobile banking malware on the rise (CIO) http://www.cio.com.au/article/386757/auscert_2011_mobile_banking_malware_rise/
Smartphones: the perfect bugging device (ZDNET) http://www.zdnet.com.au/smartphones-the-perfect-bugging-device-339315350.htm
AusCERT 2011: Eugene Kaspersky calls for Internet Interpol (Computerworld) http://www.computerworld.com.au/article/386790/auscert_2011_eugene_kaspersky_calls_internet_interpol_/
Web Log Entries:
- ----------------
Last week's Week in Review:
http://www.auscert.org.au/render.html?it=14358
Alerts, Advisories and Updates:
- -------------------------------
Title: ASB-2011.0039 - [Win][Linux][FreeBSD][Mac][OSX] Opera prior to 11.11:
Execute arbitrary code/commands - Remote with user interaction
Date: 19 May 2011
URL: http://www.auscert.org.au/14368
Title: ASB-2011.0038 - [UNIX/Linux] Sendmail: Denial of service -
Remote/unauthenticated
Date: 18 May 2011
URL: http://www.auscert.org.au/14367
Title: ASB-2011.0037 - [Win][UNIX/Linux][Mac][OSX] Google Chrome: Execute
arbitrary code/commands - Remote with user interaction
Date: 16 May 2011
URL: http://www.auscert.org.au/14362
External Security Bulletins:
- ----------------------------
Title: ESB-2011.0533 - [Linux][RedHat] qemu-kvm: Multiple vulnerabilities
Date: 20 May 2011
OS: Red Hat Linux, Other Linux Variants, SUSE, Ubuntu, Debian GNU/Linux
URL: http://www.auscert.org.au/14371
Title: ESB-2011.0532 - [Win][Cisco][Solaris] Cisco Systems: Cross-site
scripting - Remote/unauthenticated
Date: 19 May 2011
OS: Solaris, Cisco Products, Windows 2003, Windows XP, Windows 2000,
Windows 7, Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/14370
Title: ESB-2011.0531 - [Win][Linux] Shibboleth Identity Provider: Cross-site
scripting - Remote/unauthenticated
Date: 19 May 2011
OS: Windows 2003, Red Hat Linux, Windows 7, Ubuntu, Debian GNU/Linux,
Windows XP, SUSE, Windows 2000, Windows Vista, Windows Server 2008,
Other Linux Variants
URL: http://www.auscert.org.au/14369
Title: ESB-2011.0530 - [SUSE][OpenSUSE] SUSE: Multiple vulnerabilities
Date: 18 May 2011
OS: Other Linux Variants, SUSE
URL: http://www.auscert.org.au/14366
Title: ESB-2011.0529 - [Win] ZDI: Multiple vulnerabilities
Date: 17 May 2011
OS: Windows 7, Windows Server 2008, Windows Vista, Windows 2003, Windows
2000, Windows XP
URL: http://www.auscert.org.au/14365
Title: ESB-2011.0528 - [Win] EMC SourceOne Email Management: Access privileged
data - Existing account
Date: 17 May 2011
OS: Windows 2003, Windows XP, Windows 2000, Windows 7, Windows Vista,
Windows Server 2008
URL: http://www.auscert.org.au/14364
Title: ESB-2011.0527 - [RedHat] flash-plugin: Multiple vulnerabilities
Date: 16 May 2011
OS: Red Hat Linux
URL: http://www.auscert.org.au/14363
Title: ESB-2011.0526 - [SUSE] java-1_4_2-ibm: Execute arbitrary code/commands
- Remote/unauthenticated
Date: 16 May 2011
OS: SUSE
URL: http://www.auscert.org.au/14361
Title: ESB-2011.0525 - [Win][Solaris] HP Business Availability Center:
Cross-site scripting - Remote with user interaction
Date: 16 May 2011
OS: Solaris, Windows 2003, HP-UX, Windows XP, Windows 2000, Windows 7,
Windows Vista, Windows Server 2008
URL: http://www.auscert.org.au/14360
Title: ESB-2011.0524 - [Debian] apr: Denial of service -
Remote/unauthenticated
Date: 16 May 2011
OS: Debian GNU/Linux
URL: http://www.auscert.org.au/14359
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
|
|
|
|
 |
|
 |
|
|
|
|
|