US-CERT Current Activity

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

Last reviewed: September 15, 2008 08:45:11 EDT

*September 15*	Apple Addresses Issues with iTunes 8.0
*September 12*	TWiki Releases Security Alert
*September 12*	Apple Releases iPhone v2.1
*September 11*	DHS Email Scam
*September 10*	U.S. Presidential Election and Phishing Scams
*September 10*	Apple Releases Security Updates
*September 9*	Microsoft Releases September Security Bulletin
*September 9*	Google Releases Chrome Version 0.2.149.29
*September 9*	WordPress Releases Version 2.6.2
*September 8*	Exploit Code Available for CitectSCADA Vulnerability

Apple Addresses Issues with iTunes 8.0

added September 15, 2008 at 08:25 am

Apple has released an article to address issues with their recent iTunes 8.0 release. The article indicates that Windows Vista users who have installed iTunes 8.0 may be seeing a blue screen error message when connecting an iPhone or iPod to their computer.

US-CERT encourages users to review Apple article TS2280 and apply one of the solutions listed in the article to fix the issue.

TWiki Releases Security Alert

added September 12, 2008 at 12:38 pm | updated September 12, 2008 at 03:37 pm

TWiki has released a Security Alert to address a vulnerability. This vulnerability is due to the way TWiki processes the "image" variable in URLs. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the TWiki Security Alert and apply the workaround listed in the Countermeasures section of the document or upgrade to version 4.2.3 to help mitigate the risks.

Additional information regarding this vulnerability can be found in the Vulnerability Notes Database.

Apple Releases iPhone v2.1

added September 12, 2008 at 01:46 pm

Apple has released iPhone v2.1 to address multiple vulnerabilities in Application Sandbox, CoreGraphics, mDNSResponder, Networking, Passcode Lock, and Webkit. These vulnerabilities may allow an attacker to execute arbitrary code, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, bypass Passcode Lock, obtain sensitive information, or cause a denial-of-service condition.

US-CERT encourages users to review Apple document HT3129 and upgrade to iPhone v2.1.

DHS Email Scam

added September 11, 2008 at 04:42 pm

US-CERT is aware that spam email messages are being sent that appear to come from high-level DHS officials, some of which attempt to entice the user into an advance fee fraud scam. In some cases, the sender's address has been spoofed so that the email appears to come from a legitimate dhs.gov address.

US-CERT encourages users to do the following to help mitigate the risks:

Do not open attachments contained in unsolicited email messages.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

U.S. Presidential Election and Phishing Scams

added September 10, 2008 at 09:18 am

Throughout the United States presidential election campaigns, US-CERT has received reports of phishing scams and email attacks related to the upcoming election. US-CERT reminds users to remain cautious when receiving unsolicited email messages that are related to the presidential election and presidential candidates because the messages may be part of a phishing scam.

US-CERT encourages users to do the following to help mitigate the risks:

Use caution when opening unsolicited email messages.
Do not follow unsolicited web links found in email messages.
Use caution when entering sensitive information online.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Apple Releases Security Updates

added September 10, 2008 at 09:11 am

Apple has released four security updates to address multiple vulnerabilities in iTunes, QuickTime, iPod touch, and Bonjour for Windows. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct DNS cache poisoning attacks, spoof or hijack TCP sessions, access the system with escalated privileges, or obtain sensitive information.

US-CERT encourages users and administrators to review the following Apple Security Articles and apply any necessary updates:

iTunes 8.0 (Article: HT3025)
QuickTime 7.5.5 (Article: HT3027)
iPod Touch v2.1 (Article: HT3026)
Bonjour for Windows 1.0.5 (Article: HT2990)

Microsoft Releases September Security Bulletin

added September 9, 2008 at 01:10 pm

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, and Visual Studio as part of the Microsoft Security Bulletin Summary for September 2008. These vulnerabilities may allow an attacker to execute arbitrary code.

US-CERT encourages users to review the bulletins and follow best-practice security policies to determine which updates should be applied.

Google Releases Chrome Version 0.2.149.29

added September 9, 2008 at 09:14 am

Google has released Chrome version 0.2.149.29 to address multiple vulnerabilities. The four vulnerabilities are due to the following:

a buffer overflow condition in the handling of filenames displayed in the "Save As" dialog
a buffer overflow condition in the handling of link targets displayed in the status area when a user hovers over a link
an out-of-bounds memory read error when parsing URLs ending with :%
a default configuration that allows files to be downloaded to the desktop without prompting the user first

Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

Google has indicated that the fixed version is being applied to all users through automatic updates. US-CERT encourages users to review the Chrome 0.2.149.29 release notes and upgrade if the newest version has not been automatically applied.

WordPress Releases Version 2.6.2

added September 9, 2008 at 08:47 am

WordPress has released version 2.6.2 to address multiple vulnerabilities. These vulnerabilities are due to SQL column truncation and weaknesses in random number generation. Combined, these vulnerabilities may allow an attacker to reset a user's password and possibly predict the newly generated password. Exploitation of these vulnerabilities could permit an attacker to gain access to a system running WordPress with open registration enabled under the context of a legitimate user.

US-CERT encourages users to review the WordPress Blog entry related to these issues and upgrade to version 2.6.2 as necessary.

Exploit Code Available for CitectSCADA Vulnerability

added September 8, 2008 at 04:15 pm

In June, US-CERT published Vulnerability Note VU#476345 to alert users of a vulnerability affecting Citect CitectSCADA. This vulnerability is due to a buffer overflow condition in the handling of ODBC requests from clients. Exploit code for this vulnerability is publicly available and exploitation may allow an attacker to execute arbitrary code.

US-CERT encourages users to review Vulnerability Note VU#476345 and apply the patch as described in the document.

Additional Information

Current Activity Archive

National Cyber Alert System

Technical Cyber Security Alerts
Cyber Security Alerts
Cyber Security Bulletins
Cyber Security Tips

General Tips

Apply vendor-supplied software patches in a timely manner

Disable features/services that are not explicitly required

Install anti-virus software and keep it up to date

Use caution when opening email attachments and following URLs

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory