Welcome to the AusCERT web log, where AusCERT will informally discuss current activity and interesting developments in the area of information security, Internet security and computer network attacks.
This is a channel for the timely release of unstructured information which may not be suited to our standard bulletins or other publications. A trade off of providing timely information is that it may be unverified or contain inaccuracies. However, if the accuracy of information changes or new information comes to light about an issue, we will always endeavour to update our web log.
We welcome comments and corrections of any of the information contained in the blog. Please contact firstname.lastname@example.org to provide feedback.
Apple updates, more targeted phishing and another new team member.
- Apple has continued on from last week pushing updates for OSX and the iPhone.
Why Automatic Updates could be bad!
Major updates and an Aussie radiation scare?
- Patches released from the major vendors and an email claiming nuclear contamination on Australian soil.
An exploit for the CitectSCADA vulnerability has been posted on Milw0rm
- An exploit for the CitectSCADA vulnerability that AusCERT helped to co-ordinate the release of earlier this year, has been posted on Milw0rm. The module has been created to be included in the Metasploit framework.
The week that was...
- A new staff member and new vulnerabilities.
Google Chrome - How shiny is it?
- Google has today released the first public beta of their new web browser, known as Google Chrome, as an alternative to other popular browsers. Chrome introduces a number of new and innovative features, but with these new features come some potential security concerns.
Malicious Flash Sites Taking Over the Clipboard
- Through the use of a standard flash function attackers are attempting to lead viewers to malicious sites.
A new threat
Somebody hit the internet 'snooze' button
Fedora infrastructure issue
- Fedora are currently recommending that "you not
download or update any additional packages on your Fedora systems" at the moment.
To Patch or Not to Patch
- I am sure you are all expecting me to mention something about Microsoft
and how you should patch your systems now. And then I would go on to say
how you should patch all systems with patches as soon as you can. After
all I am a good little security professional.
Friday - at least for now...
- We are still seeing DNS patches coming out - so for the last time (now
that the BlackHat presentation has come and gone) check your DNS are belong
to us - I mean are patched.
An unquiet week
Active Exploitation of...
- We just discovered exploitation of recent vulnerability of a popular media program.
Delivering Bad Packages
- Another trojan mail run was made this week - this time claiming to be a message regarding a package that could not be delivered
A slower week that was!
- The AusCERT week in review for week ending 18/07/2008.
DNS Spoofing means war! or not!
- Big week, big vuls lots of crappy emails.
AusCERT Coffee Machine and the rest of the week
- Thankfully our coffee machine at AusCERT is one of those old fashioned, NON Internet connected ones. So our coffee will remain strong.
- While looking over the long list of vulnerabilities that were reported to
us today - one of them came across as slightly amusing, but put a new
spin on the idea of whitelisting.
Storm Hooks China and Browser Releases
- Another large spam run has seen the Storm malware using the Chinese earthquake and Beijing Olympics as hooks.
Zero day Firefox vulnerability
- A zero day vulnerability has been announced in Firefox.
Port Scanning increase
- Massive increase in some ports.
- For a while now we have seen some malware authors attempt to use digital
certificates to help the infection process. Looking further this could
have larger consequences. However I am rushing forward a little too fast,
so let me start from the beginning...
Microsoft Patch Week
- A quick discussion about one of the Microsoft patches.
[OFF-TOPIC] Feeling Green?
- So not really security related...
When an upgrade downgrades and patches for all
- Turns out Windows XP Service Pack 3 was installing a older vulnerable version of Flash Player.
- An interesting insight into where the Bad Guys want to go.
Useful information regarding the recent and ongoing sql injection attacks
- Over the past months we have seen a rise in sql injection attacks, particularly in reference to asp pages.
Checked your domain registration details lately?
- Recent reports indicate that U.S ISP Comcast had a major web outage recently due to a registration hijack...
Microsoft investigating possible vulnerability in Safari on Windows
- A report has been made public on a vulnerability in Apple Safari on Windows that can result in unauthorised code execution.
Vulnerability in Adobe Flash Player being actively exploited
- This week has seen widespread exploitation of a vulnerability in
Adobe Flash Player.
AusCERT2008 comes to a close
- AusCERT2008 has been another success and generated lots of media interest, he's a quick wrap up of the event and some of those articles.
Theres patches and then theres PATCHES
- Some vulnerabilities are not as easy to fix as others, as we have seen this week.
Corporate data protection and peer-to-peer threats
- Recent media reports again highlight the need for protection of corporate data and the risks associated with peer to peer software.
One vulnerability, hundreds of thousands of compromises.
- Many thousand sites compromised with iframes.
Previous 1, 2, 3 ... 10, 11, 12, 13 Next
denotes AusCERT member only content.