SECURITY WARNINGS & Notices - Please post them here

Dwarden · 2011-09-29T15:56:02.000Z

the simple solution is use RS4 istead CBS, the problem here is … i can’t switch it manually in the policy editor because some idiot on Microsoft decided 1024 characters is maximum for that line
yet the DEFAULT value uses 1080 characters lol

Asyn · 2011-10-01T15:22:04.000Z

Chrome: Problems with Microsoft Security Essentials
http://chrome.blogspot.com/2011/09/problems-with-microsoft-security.html

Edit: Chrome updates to repair Microsoft false alarm damage
http://www.h-online.com/security/news/item/Chrome-updates-to-repair-Microsoft-false-alarm-damage-1353162.html

Asyn · 2011-10-04T16:35:07.000Z

Cisco patch day closes critical vulnerabilities
http://www.h-online.com/security/news/item/Cisco-patch-day-closes-critical-vulnerabilities-1354156.html
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html

Asyn · 2011-10-04T16:37:34.000Z

Security Advisory for Adobe Photoshop Elements 8
http://www.adobe.com/support/security/advisories/apsa11-03.html

Asyn · 2011-10-06T08:07:59.000Z

Firefox and SeaMonkey users warned to disable McAfee ScriptScan
http://www.h-online.com/security/news/item/Firefox-and-SeaMonkey-users-warned-to-disable-McAfee-ScriptScan-1355098.html
https://addons.mozilla.org/en-US/firefox/blocked/i42/

Asyn · 2011-10-06T08:11:32.000Z

VMware hosted products address remote code execution vulnerability
http://www.vmware.com/security/advisories/VMSA-2011-0011.html

DavidR · 2011-10-06T18:28:32.000Z

Scum sucking, pond life, bottom feeding scammers have jumped on this news of the death Steve Jobs.

http://uk.news.yahoo.com/facebook-scammers-prey-on-steve-jobs-death.html

Facebook scammers have seized on the death of Apple co-founder and visionary Steve Jobs by posting malicious content claiming to be giving away free iPads ‘in memory of Steve’.

Not sure if you will be able to access this link or not, but I’m sure this news will be out in other media outlets. Suffice to say this may spread the the usual social engineering attacks/emails, etc. trying to trick the unwary.

Pondus · 2011-10-07T07:47:52.000Z

more on the above…

Cybercriminals Remember Steve Jobs Through Facebook Scam
http://blog.trendmicro.com/cybercriminals-remember-steve-jobs-through-facebook-scam/

DavidR · 2011-10-07T10:48:12.000Z

Yes it doesn’t take these scum sucking, leaches long to latch on to the next big social event.

Asyn · 2011-10-07T11:28:12.000Z

Asyn post:1603:

Cisco patch day closes critical vulnerabilities
http://www.h-online.com/security/news/item/Cisco-patch-day-closes-critical-vulnerabilities-1354156.html
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html

More patches from Cisco
http://www.h-online.com/security/news/item/More-patches-from-Cisco-1356415.html

Asyn · 2011-10-07T11:33:56.000Z

Microsoft Security Bulletin Advance Notification for October 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-oct

Pondus · 2011-10-07T18:01:40.000Z

Malicious images (codes)
http://www.norman.com/security_center/security_center_archive/2011/malicious_images_or_codes/en-uk

Malicious QR Codes Pushing Android Malware
http://www.securelist.com/en/blog/208193145/Its_time_for_malicious_QR_codes

Lisandro · 2011-10-07T18:28:45.000Z

Pondus post:1612:

Malicious images (codes)
http://www.norman.com/security_center/security_center_archive/2011/malicious_images_or_codes/en-uk

Malicious QR Codes Pushing Android Malware
http://www.securelist.com/en/blog/208193145/Its_time_for_malicious_QR_codes

I wish we had avast for Blackberry… I wish avast mobile detects such malwares…
But it is only a wish, further from reality. The reality is the malware in the other side of the bar code…

Asyn · 2011-10-12T10:30:15.000Z

WineHQ database compromise
http://www.winehq.org/pipermail/wine-users/2011-October/097753.html

Asyn · 2011-10-15T16:32:47.000Z

Fedora Project: Mandatory password and ssh key change by 2011-11-30
http://lists.fedoraproject.org/pipermail/devel-announce/2011-October/000840.html

Asyn · 2011-10-18T07:08:55.000Z

Critical security hole in current version of Opera
http://www.h-online.com/security/news/item/Critical-security-hole-in-current-version-of-Opera-1362504.html
http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html

Asyn · 2011-10-18T10:04:30.000Z

Oracle Critical Patch Update Pre-Release Announcement - October 2011
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html

Oracle Java SE Critical Patch Update Pre-Release Announcement - October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html

system · 2011-10-19T09:32:24.000Z

Asyn post:1616:

Critical security hole in current version of Opera
http://www.h-online.com/security/news/item/Critical-security-hole-in-current-version-of-Opera-1362504.html
http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html

Opera 11.52 is available for download/upgrade today.

Asyn · 2011-10-19T11:08:36.000Z

W32.Duqu: The Precursor to the Next Stuxnet
http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

polonus · 2011-10-19T11:33:54.000Z

Hi Asyn,

The C-media Certificate was apparently stolen: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
And here F-Secure’s Mikko states that w32_duqu was made by the same makers of the previous Stuxnet malware: http://www.f-secure.com/weblog/archives/00002255.html

polonus

Announcements