| |
 |
 |
 |
|
|
|
|
Date: 13 July 2012
Click here for printable version
Greetings,
With Friday afternoon beginning to wind to a close, here are a few items that you may find of interest from the week.
First up is the compromise of Yahoo Voices in which 453,491 email addresses and passwords were published online by hacker group 'D33DS Company'. The hackers stated that they used "Union-based SQL Injection" to obtain the information and that "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat".
Next we have the Formspring compromise which was reported a few days earlier. Formspring state on their blog that they were "notified that approximately 420k password hashes were posted to a security forum, with suspicion that they could be Formspring passwords." In response, Formspring disabled all users' passwords and asked its members to reset them, along with some reminders regarding the creation of more complex passwords. Additionally, regarding the breach itself, Formspring stated that "We found that someone had broken into one of our development servers and was able to use that access to extract account information from a production database."
Also of interest this week was the discovery by F-Secure of a new piece of multi-platform malware, affecting Windows, OSX and Linux based operating systems. The malware was identified on a compromised Colombian Transport website.
Of particular interest to me this week however, was the recent theft of a BMW 1M coupe, in which thieves were able to hack into the car via its OBD port after breaking the window, and then trick the OBD port into cloning the key fob in under three minutes. More information, including a youtube video of the theft can be found at Geekosystem.
And lastly, here are my picks for the week's top 5 bulletins:
1) ESB-2012.0665 - [Win] Microsoft Windows: Execute arbitrary code/commands - Remote with user interaction
First, while possibly not the most serious of vulnerabilities, is Microsoft's bulletin regarding a vulnerability in the Windows Sidebar and Windows Gadgets found in Windows Vista and Windows 7. According to Microsoft, Gadgets installed from untrusted sources could potentially allow the execution of nasty code. While Microsoft has not released an update to correct the issue, they have however provided mitigation via a Microsoft Fix It solution - of course the other alternative is to just simply disable the Windows Sidebar and Gadgets.
2) ESB-2012.0655 - [Win] Microsoft XML Core Services: Execute arbitrary code/commands - Remote with user interaction
Next up, Microsoft released a critical security bulletin regarding the XML Core Services vulnerability for which it released a Fix It solution for back in June. Microsoft had advised in June that this vulnerability was being actively exploited.
3) ESB-2012.0670 - [Cisco] Cisco Telepresence Products: Execute arbitrary code/commands - Remote/unauthenticated
Cisco released four bulletins regarding denial of service and code execution vulnerabilities found in a number of its Telepresence products, stating that these vulnerabilities could be exploited without authentication being necessary.
4) ESB-2012.0667 - [Linux][RedHat] kernel: Denial of service - Remote/unauthenticated
Red Hat released a bulletin regarding a couple of vulnerabilities in the Linux kernel, one of which could allow for a remote unauthenticated denial of service if an attacker sends specially-crafted packets to a target system that is using IPv6.
5) ASB-2012.0100 - [UNIX/Linux] Puppet: Multiple vulnerabilities
Puppetlabs released details of four separate vulnerabilities which have been corrected in the latest version of Puppet, version 2.7.18, which could allow for numerous impacts, including confidential and privileged data access, the deletion of arbitrary files and denial of service.
Have a great weekend!
Jonathan
The AusCERT Week in Review is a roundup of the week's notable security advisories, events and AusCERT activities - brought to you by the AusCERT Coordination Centre team. For an extra perspective, follow @AusCERT on Twitter and stay connected to events as they happen.
|
|
|
|
 |
|
 |
|
|