Current Activity Calendar

	April 2008
Su	M	Tu	W	Th	F	Sa
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Please click on a date above to see current activity for that day.

April 16, 2008 - Current Activity

This is an archived copy of current activity, if you would like to see the most recent version, please click here.

*April 16*	Federal Subpoena Spear-Phishing Attack
*April 15*	Oracle Releases Critical Patch Update for April 2008
*April 15*	Multiple ClamAV Vulnerabilities
*April 14*	Oracle Issues Pre-Release Announcement for April Critical Patch Update
*April 14*	EMC DiskXtender Vulnerabilities
*April 11*	Active Exploitation of GDI Vulnerabilities
*April 9*	Email Attack Circulating
*April 9*	Adobe Flash Player Vulnerabilities
*April 9*	IBM Lotus Notes Vulnerabilities
*April 8*	Microsoft Releases April Security Bulletin

Federal Subpoena Spear-Phishing Attack

added April 15, 2008 at 08:31 am | updated April 16, 2008 at 09:34 am

US-CERT is aware of public reports of a spear-phishing attack circulating via email messages that claim to be federal subpoenas. These messages appear to be legitimate because they can contain very specific information about the message recipient. The message requests that the user follow a link to download additional information about the case, but if a user clicks on this link, malicious code may be installed on the system.

US-CERT encourages users to do the following to help mitigate the risk:

Review the alert posted by the U.S. Courts regarding this issue.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
Install anti-virus software and keep virus signature files up to date.

Oracle Releases Critical Patch Update for April 2008

added April 15, 2008 at 04:30 pm

Oracle has released their Critical Patch Update for April 2008 to address 41 vulnerabilities across several products. This update contains the following security fixes:

17 updates for Oracle Database
3 updates for Oracle Enterprise Manager
11 updates for Oracle E-Business Suite
1 update for the Oracle Enterprise Manager
3 updates for Oracle PeopleSoft Enterprise products
6 updates for Oracle Siebel SimBuilder products

US-CERT encourages users to review the April Critical Patch Update and apply any necessary updates.

Multiple ClamAV Vulnerabilities

added April 14, 2008 at 03:32 pm | updated April 15, 2008 at 12:45 pm

Clam AntiVirus has released ClamAV 0.93 to address multiple vulnerabilities. Two of these vulnerabilities are due to buffer overflow conditions in the handling of Upack executables in libclamav/pe.c and PeSpin packed executables in libclamav/spin.c. There are two additional vulnerabilities due to improper handling of ARJ and RAR archives. Exploitation of these vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users to review the changelog and update to ClamAV 0.93 to help mitigate the risks.

Oracle Issues Pre-Release Announcement for April Critical Patch Update

added April 14, 2008 at 03:17 pm

Oracle has issued a Pre-Release Announcement indicating that its April Critical Patch Update (CPU) will contain 41 new security fixes across hundreds of products.

The announcement further states that there are:

17 updates for Oracle Database
3 updates for Oracle Enterprise Manager
11 updates for Oracle E-Business Suite
1 update for the Oracle Enterprise Manager
3 updates for Oracle PeopleSoft Enterprise products
6 updates for Oracle Siebel SimBuilder products

The release is scheduled for Tuesday, April 15, 2008.

We will provide additional information as it becomes available.

EMC DiskXtender Vulnerabilities

added April 14, 2008 at 03:17 pm

US-CERT is aware of reports of vulnerabilities in EMC DiskXtender. These vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code or bypass security restrictions on an affected system.

US-CERT encourages registered EMC Powerlink users to visit EMC's website for additional information regarding these vulnerabilities.

Active Exploitation of GDI Vulnerabilities

added April 11, 2008 at 02:03 pm

US-CERT is following public reports indicating that attackers are attempting to exploit vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable.

Additional information about these vulnerabilities is available in the Vulnerability Notes Database. More information about the exploit attempts is available from Symantec.

US-CERT encourages users to review MS08-021 and apply the patch or workarounds to help mitigate the risks.

Email Attack Circulating

added April 9, 2008 at 03:06 pm

US-CERT has seen reports of an email attack that is circulating. This attack is in the form of an email message with the subject line "Evacuation process has been started due to radiation leaks at San Clemente Nucklear Power Station." The message body states that the information is from a trusted news source and encourages users to follow a link to view a video. This link may direct users to a website hosting malicious code.

US-CERT encourages users to do the following to help mitigate the risk:

Install anti-virus software and keep its virus signature files up to date.
Do not follow unsolicited web links received in email messages.
Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

US-CERT will provide more information as it becomes available.

Adobe Flash Player Vulnerabilities

added April 9, 2008 at 07:34 am | updated April 9, 2008 at 10:36 am

Adobe has released Flash Player 9.0.124.0 to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code or conduct cross-site scripting attacks.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-100A.

US-CERT encourages users to review Adobe Security Bulletin APSB08-11 and upgrade to Flash Player 9.0.124.0 to help mitigate the risks.

IBM Lotus Notes Vulnerabilities

added April 9, 2008 at 08:57 am

IBM has released Technote 1298453 to address multiple vulnerabilities in Lotus Notes. These vulnerabilities are due to improper handling of the following file types:

Applix Presents (.ag)
Folio Flat File (.fff)
HTML speed reader (.htm)
KeyView document viewing engine
Text mail (MIME)

By convincing a user to open a specially crafted file attachment, an attacker may be able to execute arbitrary code.

US-CERT encourages users to review IBM Technote 1298453 and apply the appropriate updates or workarounds.

Microsoft Releases April Security Bulletin

added April 8, 2008 at 02:33 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for April 2008. These vulnerabilities could allow an attacker to execute arbitrary code, access the system with elevated privileges, or redirect internet traffic.

More information about these vulnerabilities can be found in Technical Cyber Security Alert TA08-099.

US-CERT encourages user to review the bulletins and follow best-practice security policies to determine which updates should be applied.

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory