Security Advisory

Hacking 2011. 12. 5. 02:17

Adobe Releases Security Advisory for Adobe Flex SDK

added December 1, 2011 at 10:44 am

Adobe has released a security advisory to alert users of a vulnerability that affects Adobe Flex SDK. This vulnerability affects Adobe Flex SDK 4.5.1 and earlier 4.X and 3.6 and earlier 3.X for Windows, Macintosh, and Linux operating systems. Exploitation of this vulnerability may allow an attacker to perform a cross-site scripting attack within the Adobe Flex SDK application.

US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to mitigate the risk.


Google Releases Chrome 15.0.874.121

added November 17, 2011 at 02:23 pm

Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.121.


Internet Systems Consortium Releases BIND-P1 Patches

added November 17, 2011 at 11:27 am

The Internet Systems Consortium has released updates for BIND to address a vulnerability. This vulnerability may allow an attacker to cause a denial-of-service condition. Please refer to the Internet Systems Consortium advisory for additional information.

US-CERT recommends that administrators of this product apply the respective patches for BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, and 9.4-ESV-R5-P1 or check with their software vendors for updated versions.


Apple Releases iTunes 10.5.1

added November 15, 2011 at 09:25 am

Apple has released iTunes 10.5.1 to address a vulnerability. This vulnerability may allow an attacker to conduct a man-in-the-middle attack that could lead a user to click on a forged link believed to have originated from Apple.

US-CERT encourages users and administrators to review Apple article HT5030 and apply any necessary updates to help mitigate the risks.


Fraudulent Digital Certificates Could Allow Spoofing

added November 10, 2011 at 04:25 pm | updated November 14, 2011 at 02:48 pm

US-CERT is aware of public reports that DigiCert Sdn. Bhd* has issued 22 certificates with weak encryption keys. This could allow an attacker to use these certificates to impersonate legitimate site owners. DigiCert Sdn. Bhd has revoked all the weak certificates that they issued. Entrust, the parent Certificate Authority to DigiCert Sdn. Bhd, has released a statement containing more information.

Mozilla has released Firefox 8 and Firefox 3.6.24 to address this issue. Additional information can be found in the Mozilla Security Blog.

Microsoft has provided an update for all supported versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2641690.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risks. US-CERT will provide additional information as it becomes available.

*DigiCert Sdn. Bhd is not affiliated in any way with the US-based corporation DigiCert, Inc.


Adobe Releases Security Advisory for Adobe Flash Player and Adobe AIR

added November 11, 2011 at 09:30 am

Adobe has released a security advisory to alert users of vulnerabilities affecting Adobe Flash Player and Adobe AIR. These vulnerabilities affect Adobe Flash Player 11.0.1.152 and earlier versions for Windows, Macintosh, Linux, Solaris, Adobe Flash Player 11.0.1.153 for Android, and Adobe AIR 3.0 for Windows, Macintosh, and Android. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review the Adobe Security Bulletin and apply any necessary updates to help mitigate the risk.


Apple Releases iOS 5.0.1

added November 10, 2011 at 04:16 pm

Apple has released iOS 5.0.1 for the iPhone 3GS, iPhone 4, iPhone 4S, iPod 3rd generation or later, iPad, and iPad 2 to address multiple vulnerabilities. These vulnerabilities may allow an attacker execute arbitrary code or obtain sensitive information.

US-CERT encourages users and administrators to review Apple Support Article HT5052 and apply any necessary updates to help mitigate the risk.


Google Releases Chrome 15.0.874.120

added November 10, 2011 at 03:23 pm

Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome 15.0.874.120.


Operation Ghost Click Malware

added November 10, 2011 at 12:52 pm

On November 9, 2011 US Federal prosecutors announced Operation Ghost Click, an ongoing investigation that resulted in the arrests of a cyber ring of seven people who allegedly ran a massive online advertising fraud scheme that used malicious software to infect at least 4 million computers in more than 100 countries.

The cyber ring, comprised of individuals from Estonia and Russia, allegedly used the malicious software, or malware, to hijack web searches to generate advertising and sales revenue by diverting users from legitimate websites to websites run by the cyber ring. In some cases, the software, known as DNSChanger, would replace advertising on popular websites with other ads when viewed from an infected computer. The malware also could have prevented users' anti-virus software from functioning properly, thus exposing infected machines to unrelated malicious software.

US-CERT encourages users and administrators to use caution when surfing the web and to take the following preventative measures to protect themselves from malware campaigns:

  • Refer to the FBI's announcement of Operation Ghost Click for additional information on how to protect yourself and recover from DNSChanger attacks.
  • Maintain up-to-date antivirus software.
  • Configure your web browser as described in the Securing Your Web Browser document.
  • Do not follow unsolicited web links in email messages.
  • Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments.

'Hacking' 카테고리의 다른 글

How to Keep Your AWS Credentials on an EC2 Instance Securely  (0) 2012.01.28
HttpOnly  (0) 2011.12.10
Web Penetration Testings  (0) 2011.12.04
Blocked DOMAINS / IP address for spreading malicous files (Chat.EXE, Chat.DLL)  (0) 2011.11.30
Virus Pattern (Trend Micro)  (0) 2011.11.29
Posted by CEOinIRVINE
l
블로그 이미지
Information Security & US & Life & Love & Fashion & Hacking & Passion hack, web security, game security, game hack, fps, ava, wow, starcraft II, soldier front, gunz, reverse engineering, SQL injection, XSS, hacking, penetration testings, IT, internet technlogoy, security, penetratoin testing, XSS, XSRF CEOinIRVINE

최근에 올라온 글

공지사항

카테고리

CEOinIRVINE (2282)
Editorials (4)
Finance & EMBA (1)
Fashion (239)
IT (215)
Hacking (266)
Online Game (17)
Vocabulary (14)
iLoveBlackberry (2)
Business (1108)
Politics (165)
US News (115)
World News (63)
Career Consulting (8)
Apple (5)
Car (13)
Travel (5)
Irvine (3)
Sports (3)
recipe (1)
Music (15)
TVs (11)
Spanish (1)
Cyber Law (1)
Perl (3)
Java (1)
Artificial Intelligence (1)
Stock (1)

태그목록

달력

«   2024/04   »
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30

링크

  • Total :
  • Today :
  • Yesterday :
tistory 티스토리 가입하기!
rss

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

티스토리툴바