Blog: IT Security Alerts

An issue has been identified in the Symantec Endpoint Protection Manager (SEPM) which causes Security Content newer than 12/31/2009 11:59 PM to be considered older than content previous to that date/time. As a temporary workaround, Symantec is currently not incrementing the date on Symantec Endpoint Protection (SEP) Security Content and instead is only incrementing the revision number of the content. A message from Symantec provides this more detailed explanation: "As of early Sunday, January 3, 2010, the Symantec Endpoint Protection antivirus definition version "12/31/2009 rev. 114" has been published. Rev 114 includes all the latest definitions through Jan-2-2010."

As of today, January 5, 2010, CoNetrix definitions are showing a revision number of 116. The revision number should continue to increase as evidence of ongoing updates. [more]

This issue has been identified in the Symantec Endpoint Protection Manager (SEPM) and effects the following products:

  • Symantec Endpoint Protection v11.x Product Line
  • Symantec Endpoint Protection Small Business Edition v12.x Product Line
  • Products which rely on Symantec Endpoint Protection for definition updates (e.g. Symantec Mail Security for Microsoft Exchange or Symantec Mail Security for Domino)

There are no required customer actions for this issue. More specifically, there are no changes an administrator needs to apply in order for the above mitigation to be successful.

For more information, see the following Symantec Knowledge Base article: http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010308571348


 

Many people received a phishing e-mail with the Subject "FDIC has officially named your bank a failed bank" yesterday appearing to come from the FDIC.  The text from the fraudulent e-mail would appear something like:

You have received this message because you are a holder of a FDIC-insured bank account.
Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.

You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage:
  • Visit FDIC website: (a fraudulent link was provided here)
  • Download and open your personal FDIC Insurance File to check your Deposit Insurance Coverage

It appears this is a new phishing attack where the intent is to attempt to collect personal or confidential inforamtion.  Recipients of this e-mail should be warned of its nature and encouranged NOT to follow any of the links from the e-mail.

Here is the link to the FDIC Consumer Alert published October 26, 2009 - http://www.fdic.gov/consumers/consumer/alerts/


 

From Adobe:

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe states that no update is currently available, but they expect to have an update released by March 11th, 2009. In the mean time, customers are encouraged to keep their virus definitions current and real-time scanning active.

For more information about specific vulnerabilities, please refer to the following websites: [more]
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.kb.cert.org/vuls/id/905281


 

On Thursday, October 23 2008, Microsoft released a critical out-of-cycle security update. This update addresses a vulnerability in the Windows server service that could allow remote code execution. Microsoft has rated this vulnerability Critical for all supported editions of Microsoft Windows 2000, Windows XP, and Windows Server 2003. This vulnerability has been rated Important for all supported editions of Windows Vista and Windows Server 2008.

The update addresses the vulnerability by correcting the way that the Server service handles RPC requests. Additional technical details on the vulnerability and update can be accessed at:
http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

As a best practice, RPC functionality should not be exposed directly to the Internet. However as a precaution, CoNetrix recommends applying the update available from Microsoft as soon as possible.

If you have any questions or need assistance with this update, please contact CoNetrix at support@conetrix.com or call (800) 356-6568.


 

Google released a beta version of its new web browser "Chrome" last week. Since its release, several vulnerabilities have been discovered including drive-by software installs and buffer overflows.

Google has released updates to address several current issues, but more vulnerabilities will probably be discovered over the next several weeks and months as the product is refined. [more]

CoNetrix recommends customers avoid installing Chrome, or any other beta application, in production environments due to the potentially high risk of exposure.

For more information about individual issues in Google's Chrome, refer to the following link: http://code.google.com/p/chromium/issues/list


 

Multiple vulnerabilities have been discovered in Cisco ASA and PIX devices running version 7.x and 8.x software. Cisco has released free software updates to address the vulnerabilities. Installation of updates will require after hours work and device reboots.

For more information about individual vulnerabilities, refer to the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20080604-asa.shtml

[more] If you'd like help updating your Cisco ASA and PIX devices, please contact CoNetrix at support@conetrix.com or call (800) 356-6568.


 

On February 12, Microsoft plans to make an updated Internet Explorer 7 installation package available via Windows Server Update Services (WSUS). The installation will be released as an Update Rollup package. Customers that require IE6 and have WSUS configured to auto-approve critical updates will need to disable the auto-approval feature before February 12 to ensure the rollup package is not released to clients.

Once the Update Rollup package for IE7 has synchronized with the WSUS server, the auto-approval feature can be turned back on and installation of the IE7 update can be managed manually. [more]

Please note that if you have previously deployed the Blocker Toolkit to restrict automatic installation if IE7, Microsoft has not yet announced if this will continue to prevent the installation of the new IE7 update.

For more information about the Blocker Toolkit, refer to the following link:
http://go.microsoft.com/fwlink/?linkid=65788

If you need help planning for and testing Internet Explorer 7, please contact us.

For more information regarding automatic delivery of Internet Explorer 7, please visit:
http://technet.microsoft.com/en-us/updatemanagement/bb226738.aspx


 

In a bulletin released October 22, 2007, Adobe announced a critical vulnerability in its Acrobat and Reader programs. This vulnerability could allow a successful attacker to take control of the affected system. In order for the attacker to compromise the system, they must get you to open a malicious file in Adobe Reader or Acrobat.

This vulnerability affects users running Windows XP or Windows 2003 with Internet Explorer 7 installed. Vista users are not affected. Adobe versions 8.1 and earlier are susceptible to this vulnerability. Adobe categorizes this as a critical issue and recommends that affected users update their product installations.  [more]

For Adobe versions 8.1, Adobe strongly recommends that you upgrade to Adobe Reader 8.1.1 or Acrobat 8.1.1. Users can utilize the product’s automatic update feature or manually activate the update by choosing Help > Check for Updates Now from the program's menu. You can also find update files here:
•  Adobe Acrobat: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

•  Adobe Reader: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

For Adobe versions 7.09 or earlier, Adobe will release an update in the near future, so you should continue to check the Adobe support site for available updates.

For more information about this vulnerability, please refer to the following article on Adobe's website:
http://www.adobe.com/support/security/bulletins/apsb07-18.html

For help applying this critical security update to your Adobe applications, please contact us.


 

There has been a recent increase in “greeting-card spam” that tries to compromise users by getting them to visit malicious websites. The subject line most often states, “You've received a postcard from a family member!” Within the message body, users are given options on how to retrieve their “postcard”. Links in the message direct users to malicious websites where their browsers may be attacked, or they may be prompted to download and execute malicious software. Attacks are directed at both Microsoft Internet Explorer and Mozilla Firefox browsers.

Users should be very cautious when following links in e-mail messages. Links to foreign domains (e.g. http://someaddress.hk in Hong Kong) or directly to IP addresses (e.g. http://123.123.123.123) should almost always be avoided.

Also, it is important to keep operating systems and software up-to-date with the latest security patches, as well as keep antivirus software virus definitions current. [more]

For more information about this attack, please refer to the following article:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9025898

For information and guidance on protecting your organization from these types of attacks, please contact contact us.


 

As of yesterday (May 28, 2007) it appears more than 1,400 executives (from various companies) had been infected by an e-mail attack that dresses itself up as a complaint filed with the Better Business Bureau.

The phishing attack uses details apparently culled from public sources to tailor the e-mail message with a company's name, the name of a senior executive and the executive's e-mail address in an attempt to convince the person to open a malicious attachment.

As with all such attacks, it is wise to never open unsolicited attachments. Up-to-date antivirus software and Intrusion Detection/Prevention systems also provide layers of protection from such attacks. [more]

For more information about this attack, please refer to the following article:
http://www.securityfocus.com/brief/511

For help protecting your business against these types of attacks, please contact us.