Welcome to the AusCERT web log, where AusCERT will informally discuss current activity and interesting developments in the area of information security, Internet security and computer network attacks.
This is a channel for the timely release of unstructured information which may not be suited to our standard bulletins or other publications. A trade off of providing timely information is that it may be unverified or contain inaccuracies. However, if the accuracy of information changes or new information comes to light about an issue, we will always endeavour to update our web log.
We welcome comments and corrections of any of the information contained in the blog. Please contact firstname.lastname@example.org to provide feedback.
Block list available for the MS08-067 (Downadup/Conflicker) worm
- F-Secure have produced a list of domains used by the MS08-067 (Downadup/Conflicker) worm
Infections and Patches
- A week for Linux updates and some heavy hitting banking malware.
The Year Begins
- A quiet Christmas, A New Year
Twas the day before Christmas...
- Bugs, cut cables and a Happy New Year, oh my!
Browser Bugs Galore!
- A busy week for security professionals everywhere as multiple vulnerabilities are identified in web browsers everywhere!
Those bugs breed like rabbits!
- With multiple bugs and/or patches from Apple and Microsoft this is defiantly an interesting week from a vulnerability researchers perspective.
Mac, Windows and a little Malware
- It looks like it is that time of year again. The time where Apple users
feel smug about not having to use any AV software. After all, we know that
Max OSX is secure...
ARM, WPA cracking and more goodness
- Well the biggest news this week is that all your problems are solved!
However that may mean that some of you would be out of a job. So we decided
not to solve ALL your problems, just part of one problem.
Free AV and Computer Security Day a Success
- Microsoft announces plans for free AV and CSD 2008.
- New Microsoft initiative to clean up PCs.
Patches all round and +1 to AusCERT
- Another month of Microsoft patches done and new Linux Kernels.
Adobe vulnerabilities and a friendly reminder
- Numerous Adobe vulnerabilities were identified this week, along with continued MS08-067 activity.
Obama new President and new malware
- Malware using social engineering techniques around the US Presidential election have been reported.
ICANN cans EstDomains
- Two brief news items.
MS08-067 and the rest of the week
- I will give everyone one guess as to the first topic that I want to talk
Microsoft and Oracle with a dash of Adobe
- This week Microsoft and Oracle decided to release all their patches and
vulnerabilities on the same day. Unfortunately that means lots of bulletins
for me, and lots of patching for you :(
Are YOU LinkedIn?
- If you are LinkedIn (and of course I am talking about the social networking site www.linkedin.com) then you may have received a phishing email recently.
Malware with smaller targets
Cisco's half yearly flood of advisories, updates to Mozilla software and Kiwicon
- We didn't see much out of the ordinary in terms of incident reports this week. But Cisco have given people something with releasing 12 advisories, 11 of which for IOS issues. The Mozilla project also released versions of Firefox and SeaMonkey. And finally, Kiwicon is on this weekend.
Apple updates, more targeted phishing and another new team member.
- Apple has continued on from last week pushing updates for OSX and the iPhone.
Why Automatic Updates could be bad!
Major updates and an Aussie radiation scare?
- Patches released from the major vendors and an email claiming nuclear contamination on Australian soil.
An exploit for the CitectSCADA vulnerability has been posted on Milw0rm
- An exploit for the CitectSCADA vulnerability that AusCERT helped to co-ordinate the release of earlier this year, has been posted on Milw0rm. The module has been created to be included in the Metasploit framework.
The week that was...
- A new staff member and new vulnerabilities.
Google Chrome - How shiny is it?
- Google has today released the first public beta of their new web browser, known as Google Chrome, as an alternative to other popular browsers. Chrome introduces a number of new and innovative features, but with these new features come some potential security concerns.
Malicious Flash Sites Taking Over the Clipboard
- Through the use of a standard flash function attackers are attempting to lead viewers to malicious sites.
A new threat
Somebody hit the internet 'snooze' button
Fedora infrastructure issue
- Fedora are currently recommending that "you not
download or update any additional packages on your Fedora systems" at the moment.
To Patch or Not to Patch
- I am sure you are all expecting me to mention something about Microsoft
and how you should patch your systems now. And then I would go on to say
how you should patch all systems with patches as soon as you can. After
all I am a good little security professional.
Friday - at least for now...
- We are still seeing DNS patches coming out - so for the last time (now
that the BlackHat presentation has come and gone) check your DNS are belong
to us - I mean are patched.
An unquiet week
Active Exploitation of...
- We just discovered exploitation of recent vulnerability of a popular media program.
Delivering Bad Packages
- Another trojan mail run was made this week - this time claiming to be a message regarding a package that could not be delivered
A slower week that was!
- The AusCERT week in review for week ending 18/07/2008.
Previous 1, 2, 3 ... 10, 11, 12, 13, 14 Next
denotes AusCERT member only content.