Greetings and salutations,

The main stories this week are based on a newie and an oldie; definitely both baddies.

Many people would have already heard about the scams where you receive a phone call, supposedly from Microsoft Tech Support, or another well known organisation, saying that your PC has problems and that you have to pay for software to fix said problems. This week, a combined effort to crack down on the international scam has resulted in US$188,000 in assets being frozen, with more expected in the not too distant future. What I think is particularly cool is that regulators from five countries, including Australia, joined forces in order to make a significant dent in what is being touted as one of the biggest scams this decade. The scammers certainly have not made it easy, apparently they used "virtual offices, including more than 80 different domain names and 130 different phone numbers". Nice. Read the full story on ZDNet.

In other news, a number of reports have been circulating about ADSL modems being hacked in Brazil. Cristine Hoepers from CERT.br presented information about these attacks at the 2012 FIRST Symposium earlier this year. In brief, ADSL modems with a vulnerable chipset and web interface credentials stored in plain text, had their DNS server settings changed. When the victim visited a popular site such as Google or Facebook, they are directed to a malicious replica that results in malware being installed and banking protection disabled. The concern being that many people do not take steps to secure and update their ADSL modems and it appears that at least some makes/models do not encrypt web interface credentials.

AusCERT recommends that you keep your ADSL modems up-to-date with the latest firmware, regularly verify settings such as DNS servers, and make sure that the password used for your web interface is unique. This way if someone gets hold of it they can't then use the same password to log into net banking for example. If you suspect that your ADSL modem has been compromised, do a hard reset to factory default settings and install the latest firmware. If you are anything like me Murphy's Law is likely to apply. Have an alternative connection such as 3G handy in case something goes wrong :)

Before moving onto the top bulletins for the week, AusCERT has published updated Incident Response Metrics so check it out.

Now onto the bulletins:

1) ESB-2012.0953 - ALERT [Win][Mac][OSX] Adobe code signing certificate: Reduced security - Remote/unauthenticated

Adobe is revoking a code signing certificate after reports of it being misused. According to Adobe's bulletin the certificate was to be revoked on October 4.

2) ASB-2012.0134 - [Win][UNIX/Linux] Wireshark: Denial of service - Remote with user interaction

Wireshark 1.8.3 has been released addressing multiple denial of service vulnerabilities. Each of which require "injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file".

The rest of the bulletins we've seen this week have been reasonably ordinary. However there were a significant number from IBM over the long weekend for Tivoli products, Websphere, and a couple for Rational Business Developer. If you use IBM products go back and look through our bulletins page to see if any of these affect your organisation.

Stay safe,
Olivia