Current Activity Calendar
| July 31, 2008 - Current ActivityThis is an archived copy of current activity, if you would like to see the most recent version, please click here.Airline E-ticket Email Attackadded July 31, 2008 at 09:15 am
US-CERT is aware of public reports indicating that a new email attack is circulating. This attack uses email messages that appear to be from legitimate airlines and contain information about a bogus e-ticket. These email messages instruct the user to open the attachment to obtain the e-ticket. If a user opens this attachment, a file may be executed to infect the user's system with malicious code.
AVG Releases Updateadded July 31, 2008 at 08:06 am
AVG has released version 8.0.156 to address multiple issues. Some of these issues could allow an attacker to cause a crash, resulting in a denial-of-service condition. This version also reduces the amount of incidental traffic generated by the program when searching on particular websites. New Storm Worm Activity Spreadingadded July 29, 2008 at 09:41 am
US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file "fbi_facebook.exe" to infect the user's system with malicious code.
Oracle Releases Security Advisory for WebLogic Plug-in Vulnerabilityadded July 29, 2008 at 07:52 am
Oracle has released a Security Advisory to address a vulnerability in the WebLogic plug-in for Apache. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to compromise the confidentiality or integrity of WebLogic Server applications or cause a denial-of-service condition. The advisory indicates that exploit code for this vulnerability is publicly available. RealPlayer Releases Updateadded July 28, 2008 at 07:52 am
RealNetworks has released an update to address multiple vulnerabilities in RealPlayer. These vulnerabilities may allow an attacker to execute arbitrary code or obtain sensitive information. RealNetworks identifies the vulnerabilities as the following:
U.S. Customs and Border Protection Email Attackadded July 25, 2008 at 03:09 pm
US-CERT is aware of public reports of an attack circulating via bogus email messages that claim to be from "US Customs Service." The messages may contain the subject line "Parcel requires declaration" and indicate that a parcel has been received addressed to the recipient of the email. These messages may also encourage users to open an attachment to the message that may contain malicious code.
DNS Cache Poisoning Public Exploit Code Availableadded July 24, 2008 at 10:00 am
US-CERT is aware of publicly available exploit code for a cache poisoning vulnerability in common DNS implementations. Exploitation of this vulnerability may allow an attacker to cause a nameserver's clients to contact the incorrect, and possibly malicious hosts for particular services. As a result, web traffic, email and other important network data could be redirected to systems under the attacker's control.
NAT/PAT Affects DNS Cache Poisoning Mitigationadded July 23, 2008 at 02:13 pm
US-CERT released a Current Activity entry and a Vulnerability Note on July 8, 2008 regarding deficiencies in DNS implementations. These deficiencies could leave an affected system vulnerable to cache poisoning. Technical details regarding this vulnerability have been posted to public websites. Attackers could use these details to construct exploit code. Users are encouraged to patch systems or apply workarounds immediately.
More information will be provided as it becomes available. DNS Implementations Vulnerable to Cache Poisoningadded July 8, 2008 at 03:37 pm | updated July 22, 2008 at 07:50 am
US-CERT is aware of deficiencies in the DNS protocol. Implementations of this protocol may leave the affected system vulnerable to DNS cache poisoning attacks. If an attacker can successfully conduct a cache poisoning attack, they may be able to cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. This may allow an attacker to obtain sensitive information or mislead users into believing they are visiting a legitimate website. BlackBerry Security Advisoryadded July 16, 2008 at 10:46 am | updated July 18, 2008 at 10:06 am
Research In Motion has released a Security Advisory to address a vulnerability in the BlackBerry Enterprise Server. This vulnerability is due to the improper processing of PDF files within the distiller component of the BlackBerry Attachment Service. By convincing a user to open a maliciously crafted PDF attachment on a BlackBerry smartphone, an attacker may be able to execute arbitrary code on the system running the BlackBerry Attachment Service. |
Information For
Sign Up
Reporting
DHS Threat Advisory
The threat level in the airline sector is High or Orange. Read more