Kerio Personal Firewall Engine Denial of Service

Affected Software: Kerio Personal Firewall 4.x David Matousek has discovered a vulnerability in Kerio Personal Firewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a logic error in the kpf4ss.exe service in the “CreateRemoteThread()” API hook. This can be exploited to cause a runtime error via a “CreateRemoteThread()” API call. The vulnerability has been confirmed in version 4.3.246. Other versions may also be affected. Solution:  Grant only trusted users access to affected systems. http://secunia.com/advisories/21060/ Update:  Sunbelt released an update to its firewall software to fix the above issue.  … Continue reading Kerio Personal Firewall Engine Denial of Service

Adobe 6.0.5 addressed security issue

Adobe released v6.0.5 of its Acrobat Reader.  It’s a security update so users should update soon.  Download from Adobe website (for Windows, for Mac) or use the built-in updater to get the update. Difference of Adobe Acrobat v6.x and v7.x? The version 6.x can be installed in earlier Operating Systems i.e. Windows 98 while v7.x requires newer and supported Operating Systems. CoU

Beware of Vishing Attacks

Symantec blogs today on phishers using 1-800 phone numbers to steal information instead of malicious URLs. In this new type of attack, phishers send an e-mail posing as your bank. The e-mail attempts to trick you into dialing a malicious “1-800” phone number to “verify your account status”. Upon calling the number, you are directed to enter personal information to validate your account. These sound very official, and since many of us have been trained to enter items like social security numbers and bank account numbers when calling our banks, its very easy to get fooled by such a scam. … Continue reading Beware of Vishing Attacks

SecureWorks Finds SQL Injection Hacker Attacks on the Rise against Banks, Credit Unions and Utilities

SecureWorks Finds SQL Injection Hacker Attacks on the Rise against Banks, Credit Unions and Utilities SecureWorks announced that it has seen a dramatic increase in the number of hacker attacks attempted against its banking, credit union and utility clients in the past three months using SQL Injection (a type of Web application attack). “From January through March, we blocked anywhere from 100 to 200 SQL Injection attacks per day,” said SecureWorks CTO Jon Ramsey. “As of April, we have seen that number jump from 1,000 to 4,000 to 8,000 per day,” said Ramsey. “The majority of the attacks are coming … Continue reading SecureWorks Finds SQL Injection Hacker Attacks on the Rise against Banks, Credit Unions and Utilities

McAfee, Inc. Debuts Security Research Journal ‘Sage’

McAfee today unveiled the debut issue of Sage, a semi-annual security journal designed to update and inform technical personnel and security executives on cutting-edge security topics to help them make more informed security decisions. The premier issue of Sage includes feature articles, op-eds and in-depth technical pieces by respected industry experts discussing compelling security topics, including the role of financial incentives in malware, the widespread adoption of open source philosophy and practices in malware development, and the effects of increasingly professional-grade malware. Sage is available for download through the McAfee® Threat Center: http://www.mcafee.com/us/threat_center/default.asp More on the above at http://www.mcafee.com/us/about/press/corporate/2006/20060717_174026_r.html

Kerio Announces Universal Mail Server for Mac OS X

Kerio Technologies today announced it has launched a Universal version of Kerio MailServer 6.2, a groupware mail server for Mac OS X version 10.4 “Tiger”. The powerful combination of email, contacts, calendars and tasks is ideal for small and mid-sized businesses and now it can be installed on both Power PC and Intel-based Macs. More in http://www.kerio.com/kerio-pr-us-2006-3870.html

Lavasoft Personal Firewall Privilege Escalation Vulnerability

Affected Software: Lavasoft Personal Firewall 1.x Description:Ben Goulding has discovered a vulnerability in Lavasoft Personal Firewall, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running. This can be exploited to launch explorer.exe with SYSTEM privileges by terminating it and then using the “open folder” option in e.g. the “Shared Components” window. The vulnerability has been confirmed in version 1.0.543.5722 (433). Other versions may also be affected. Solution:  Enable password protection. http://secunia.com/advisories/21088/

Outpost Firewall Pro FILTNT.SYS Denial of Service

Affected Software: Outpost Firewall Pro 3.x Description:Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g. passing an overly long string as command line argument to mshta.exe. The vulnerability has been reported in version 3.5.631. Other versions may also be affected. Solution: Update to version 3.51.759.6511 (462) or later. http://secunia.com/advisories/21089/

Outpost Firewall Pro Privilege Escalation Vulnerability

Affected Software: Outpost Firewall Pro 3.x Description:Ben Goulding has discovered a vulnerability in Outpost Firewall Pro, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running. This can be exploited to launch explorer.exe with SYSTEM privileges by terminating it and then using the “open folder” option in e.g. the “Shared Components” window. The vulnerability has been confirmed in version 3.51.759.6511 (462). Other versions may also be affected. Solution: Enable password protection. http://secunia.com/advisories/21089/