Tenable Network Security has announced the release of version 4 of their vulnerability scanner, Nessus. Nessus is a network scanner that can be used to detect potential vulnerabilities on individual systems and networks, preventing remote attackers from gaining access to private data. It can audit a network for individual anti-virus products and ensure that these are running the latest updates.

The 5.0 release now supports multi-threading, improving performance and decreasing the amount of time each scan requires. The ability to create custom XSLT reports based on the scan results has also been added.

More at http://www.h-online.com

Vulnerabilities scanner vulnerability, tenable network

Conficker is damaging machines very fast. Usxusally it attcks windows 2000, XP, and server 2003.  It  spread through Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.

Once this virus infects a computer it does a number of things including:

• Extracts all of its files to the System directory with random DLL file names, which can damage completely to your system.
• Abolish the restore points.
• Registers a services called Netsvcs
• Creates scheduled tasks that execute all of the DLL files.
• Creates it’s own simple HTTP server on the infected computer and spreads the worm to other computers in the network through file shares.
• Creates an Autorun.inf file in file shares to execute the warm files once the share is accessed by another computer.
• Connects to external sites to download additional files.

http://conficker.com/ can help you out from this evil.

Vulnerabilities conficker, Microsoft security, vulnerability

Microsoft has warned users of Internet Explorer (IE) 7 that hackers have been attacking a vulnerability in the current version of the web browser that, in a worst-case scenario, could potentially lead to remote takeover of their computer – and the threat is rising rapidly.

Basically, a vulnerability in the browser has left it, according to Microsoft, ‘exploitable’, while the older IE 6 and Beta 2 version of IE 8 are also potentially vulnerable.

On Microsoft’s Threat Research & Response blog, Ziv Mador and Tareq Saade said that “a significant number of users have been affected” by the vulnerability, with an increase of over 50pc in the number of reported attacks since Sunday, 20 December.

“Based on our stats, since the vulnerability has gone public, roughly 0.2pc of users worldwide may have been exposed to websites containing exploits of this latest vulnerability.”

Microsoft is also warning that the new exploits for IE 7 are being hosted on pornography sites.

“Our investigation of these attacks so far has verified that they are not successful against customers who have applied the workarounds listed in this advisory. Additionally, there are mitigations that increase the difficulty of exploiting this vulnerability,” Microsoft said in an official statement.

The workarounds advised by Microsoft are: enable a firewall, apply all software updates and install antivirus and anti-spyware software.

Computer threats, Vulnerabilities Hackers Attacking Rapidly, Microsoft Warning, Tareq Saade, Vulnerability In New Version, Ziv Mador

PHP is “a scripting language extensively used in web application development. The package contains a number of language extensions aside from the language core”.

A heap buffer overflow was found in mbstring extension that is bundled in the standard distribution. mbstring extension provides a set of functions for the manipulation of multibyte / Unicode strings.

The vulnerability occurs in the part of the encoding conversion facility that decodes strings that contain HTML entities into Unicode strings. Due to the decoder’s incorrect handling of error conditions, the bounds check for a heap-allocated buffer is effectively bypassed. An attacker can exploit this vulnerability to transfer arbitrary data to a specific region of the heap if he gains control over the input of the decoder.

More at http://seclists.org

Vulnerabilities heap buffer, PHP-security

The IntelliShield Cyber Risk Report is a strategic intelligence product that highlights current security activity and mid- to long-range perspectives. The report addresses seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical. The Cyber Risk Reports are a result of collaborative efforts, information sharing, and collective security expertise of senior analysts from Cisco security services that include the IntelliShield team (IntelliShield Alert Manager, Applied Intelligence, and IPS), ROS, PSIRT, the Corporate Security Programs Organization, and Legal Support.

Vulnerability

Vulnerability and threat activity levels during the time period were highlighted by the release of updated versions of the Java Runtime Environment and multiple alert notifications by Sun. IntelliShield analysts identified 23 distinct and previously undisclosed vulnerabilities from these Sun notifications. Due to the wide range of systems that are affected by vulnerabilities in Java, administrators are advised to test the Java updates as soon as possible to ensure that users can safely install the updates without losing the ability to perform critical functions.

Microsoft released the Advanced Notification for the December 2008 security bulletin release. Of the eight bulletins scheduled for release on December 9, 2008, Microsoft scored six with a maximum severity rating of Critical and two with a rating of Important. These bulletins address vulnerabilities in the Microsoft Windows operating system, the Microsoft Office Suite of applications, the Microsoft Developer Tools and Software, Microsoft Internet Explorer, and Microsoft Server Software products.

In other vulnerability-related events, the ElcomSoft security software vendor released an advisory claiming that the password protection mechanism of Adobe Acrobat 9 is significantly weaker than that of prior versions. ElcomSoft reported that, although the encryption algorithm of the newer version is more complex, the password protection scheme is less secure. This claim is based on the time required to recover lost passwords to encrypted .pdf documents. This advisory underscores the reality that users should not rely solely on password protection and encryption to secure sensitive documents. To improve the security of sensitive information, users are also advised to take measures to limit access to documents to only intended recipients and consider deleting such documents when they are no longer necessary to retain.

More at Cisco

News, Vulnerabilities intellishield, risk report, vulnerability

Vulnerability management is an effective way for enterprises to understand their networks without any assumptions. Vulnerability management perform the following tasks to keep your enterprise network structure flowing smoothly.

1- Asset management

vulnerabilities can occur in any of the software installed on a device, the more granular the information about that device that can be obtained, the better. The asset identification tools help and scan the network and report details about all the devices they find in network scan — both the expected and the unexpected.

2-Correlation

Correlation is a key where by aggregating data from a variety of sources, including application logs, system logs, traps and alerts, correlation tools help administrators track relationships between devices on the network.

3- Validation

How do you know which vulnerability reports apply to your environment and which do not? Validation. Validation tools confirm which devices in the network are truly vulnerable and distill the vulnerability data into a focused list to help determine which vulnerabilities merit action. Validation compares information about the vulnerability against information about the environment.

4- Remediation

Remediation tools, think carefully about the level of automation that is appropriate. For example, do you perform regression testing on critical applications before deploying a potentially conflicting patch? What patch workflow requires buy-in from teams that currently maintain the process? And what about auditing? Ensuring that automated actions are audited is extremely useful during application debugging.

GFI has recently released the most advanced version of GFI LANguard to date. The new version 9 includes improved user experience through increased automation. What is GFI LANguard? GFI LANguard is a vulnerability management solution offering security scanning, patch management and network auditing through a single, integrated console and provides you with the tools needed to detect, assess, report and rectify any threats. The latest version builds on an extensive feature set to make it easier for users to manage network scans, install patches and get a complete picture of the security scanner set-up on their network.

Vulnerabilities network-security, security scan, security scanner

 Once a user has patched their computer against a particular vulnerability,the computer is then immune to malware that seeks to exploit thatvulnerability. The problem is that patches cannot be immediately delivered:vendors must analyse a vulnerability and develop and extensively test apatch that remedies it — and then push the patch out to users. This is not aspeedy process. The delay between the discovery of a vulnerability and therelease of a patch can often run to more than 50 days22 — and this createsa risk window during which any user running the vulnerable application canbe exploited.The challenge facing security companies is how to close that risk window— and it is a challenge that is far from easy.Anti-virus and anti-spyware vendors face a similar problem to that outlinedabove — they need to analyse hostile code in order to be able to develop,test and distribute a fix. While they are usually able to do this considerablyfaster than application and operating system vendors can release a patchfor a vulnerability, there is nonetheless some delay and, accordingly, still awindow of risk.The heuristic detection (“behaviour analysis”) capabilities built in to manyanti-virus and anti-spyware programs provides some degree of protectionagainst emerging threats, but it is far from complete. Independent testing23has shown heuristic detection methods to be far less effective than thetraditional signature-based detection methods. Technological advancesmay well result in heuristic detection eventually becoming much moreeffective, but at this point in time it is simply too inaccurate to providereliable protection.To be able to provide complete protection against emerging and rapidlyevolving malware, a product needs to be able to close the risk window byblocking exploits and the sources of exploits as soon as they appear. Andthat is exactly what AVG does.

Vulnerabilities hostile code, patches, spyware programs, spyware vendors

Your PC powers up correctly, it passes the POST, all drives are detected correctly, but Windows does not load automatically. Instead you see the following error message:

Cannot find a device file that may be needed to run Windows or a Windows application.
The Windows registry or SYSTEM.INI file refers to this device file, but the device file no longer exists.
If you deleted this file on purpose, try uninstalling the associated application using its uninstall or setup program.
If you still want to use the application associated with this device file, try reinstalling that application to replace the missing file.
(filename)
Press a key to continue

This happens when a Windows system file is renamed or deleted by accident. Most importantly, when you see this screen, stop and write down the name of the file in question. Then push a key and see if Windows will continue to load after all, often it will. To correct the problem, you need to extract a copy of the missing file from the Windows Cab files. If you have Windows 98, this can be done pretty easily if you can still get into Windows with a command called System File Checker, or short SFC. If you cannot get into Windows anymore or don’t have Windows 98, you need to use the Extract command from the DOS prompt.

Operating systems security, Vulnerabilities, Windows security Operating systems security, Vulnerabilities, Windows security, Windows-Vista

A security policy says what is and is not allowed. A vulnerability is a condition that enables someone (the attacker) to violate the security policy. Security policies vary from site to site. For example, consider a race condition problem in UNIX software that is to be run with root privileges. If all users of that system have root privileges, then the race condition is not a vulnerability because it allows users to access root–an access they already enjoy. Usually, however, UNIX systems have users not authorized to work as root. If they exploit the race condition to gain root access, then the security policy (which says that only users authorized to acquire root privileges may acquire them) has been violated.In order to develop the property-based testing tool to analyze programs for potential security vulnerabilities, we must understand exactly what a vulnerability is in the NASA environment.

One ancillary issue is the mapping of a high-level security policy to an implementation level. Continuing the above example, the policy states a rule at an abstract level (”only users authorized to acquire root privileges may acquire root privileges”). At the implementation level, this translates into several rules (”butter overflows are a vulnerability,” “failure to check arguments are a vulnerability,” and so forth). Unfortunately, testing for security flaws requires the implementation level statement of the policy. Hence the vulnerabilities must be stated at that level to prepare for the next step.

Vulnerabilities Vulnerabilities

Metasploit has proof of concept code for exploiting MS06-040. The countdown to the worm begins.
Exploit Module: netapi_ms06_040 [MetaSploit.com]

Original post by Security Wonk and powered by Img Fly

Computer threats, Vulnerabilities Computer threats, System Patching, Vulnerabilities

Wired has a story out of DefCon picturing Blackberries as the perfect backdoor into your corporate network. Since many cop orations inherently trust the blackberry straight in through their firewalls, it might be worth a read.

The program, called proxy, has to be placed on a Blackberry either physically or as a Trojan horse delivered by e-mail. Once installed, it causes the Blackberry to call back to the attacker’s system in the background, opening a communications channel between the attacker and the company’s internal network.

Details are sketchy, and I can’t find the mentioned “documents on its website” or get to their website at all, but the fact that he says he’ll release the app in the next week or so doesn’t make me feel all warm and fuzzy.
Blackberry a Juicy Hacker Target [Wired]

Original post by Security Wonk and software by Elliott

Computer threats, Vulnerabilities, Wireless network security Computer firewall, Computer threats, Vulnerabilities, Wireless network security

The guys at Black Hat are demonstrating some interesting attacks against the device drivers for the wireless card in a MacBook Pro:
The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the underlying OS X operating system.

This highlights an emerging trend of attacks against device drivers. Should attacks like this become a trend I suspect we’ll see the following:

Wireless Cards Hit First: Many attacks focused on Wireless cards, and not just because they are remotely accessible. The fact that there’s only a couple of chipset manufacturers will make attacks easier. Especially considering this:
After the demo, Ellch … will talk about a new tool he’s developing that can remotely scan and figure out the chipset and driver version of a wireless device on a target computer. So far, Ellch said the [...]

Original post by Security Wonk and a wordpress plugin by Elliott

Computer threats, Vulnerabilities, Wireless network security Computer firewall, Computer threats, System Patching, Vulnerabilities, Wireless network security