Apple updates Airport Drivers
The full advisory notes 3(!) arbitrary code execution issues fixed by this patch. The advisory mentions that there is no known exploit, and does not give credit to anyone for discovering the vulnerability.
I recommend applying the patch ASAP. However, you will only be able to download the full patch "as is". Patches for the individual vulnerabilities are not provided. Interestingly, OS-X update labels the patch a "wireless network reliability fix".
For more background from Brian Krebs, see his latest blog.
2222/tcp Probes
In yesterday's diary Jim showed Dshield data pointing to a drastic increase in probes to tcp port 2222.Today, the data drops back down to 'normal' levels
We did recieve quite a few e-mails listing applications that use tcp 2222 by default including, Allen-Bradley SLC-505 PLCs, Direct Admin, Ethernet connected Allen Bradley Programmable Logic Controllers, and the pubcookie key server among them.
That port is also a known to be used by a couple of trojans.
We've also received a few packets, and based on what we can see, it is a syn packet that may be crafted. One of the handlers noticed some irregularities in the source port and sequence numbers.
I'll post the packets as soon as I can properly anonymize them to protect the innocent. ;)
We'll keep an eye on this over the next few days.
More 'sploit code released
The site contains a modified version of the code that was originally released on Tuesday that has now been tested on:
- Windows XP SP1 + IE6 SP1
- Windows XP SP0 + IE6
- Windows 2000 SP4 + IE6 SP1
- Windows 2000 SP4 + IE6
He also mentions that exploit code for the Windows Kernel Privilege Escalation vilnerability fixed by MS06-049 has been been released.
This code is said to have been tested on:
- Windows 2000 PRO SP4 Chinese
- Windows 2000 PRO SP4 Rollup 1 Chinese
- Windows 2000 PRO SP4 English
- Windows 2000 PRO SP4 Rollup 1 English
MS Desktop Search add-on vulnerabilities - Trustworty Computing gone too far
MS's KB "Best practices and security issues to consider when you use FolderShare" is weak, it's only useful recommendation is;
"you can effectively block outgoing traffic to FolderShare. To permanently block the FolderShare satellite from running in a particular environment, block access to the following host name on port TCP/443:
redir1.foldershare.com ".
The folks at NISCC credit "Ben Rexworthy of Securinet UK and white-hats.co.uk for reporting these issues to NISCC".
Comments
www
Nov 17th 2022
4 months ago
EEW
Nov 17th 2022
4 months ago
qwq
Nov 17th 2022
4 months ago
mashood
Nov 17th 2022
4 months ago
isc.sans.edu
Nov 23rd 2022
3 months ago
isc.sans.edu
Nov 23rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
isc.sans.edu
Dec 3rd 2022
3 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
2 months ago
isc.sans.edu
Dec 26th 2022
2 months ago