Welcome to January's edition of Internet Security News, the monthly risks bulletin detailing the latest Internet software and system vulnerabilities from NTA Monitor, a leading Internet security testing company. It provides a convenient way to keep up to date with the fast changing world of Internet security; this month's edition includes a total of 9 risk issues: 2 High, 4 Medium, 2
Low and 1 Informational.
January 2006
Criminals target viruses for cash
(Informational)
At first glance, 2005 looks like it was a quiet year for computer security because there were far fewer serious Windows virus outbreaks than in 2004
Read More
|
Security hole claimed for BlackBerrys
(Medium risk)
BlackBerry handsets appear to be vulnerable to a security hole that could let attackers break into the gadgets by convincing users to open a specially crafted image file attached to an email
Read More
|
Communique "query" cross-site scripting vulnerability
(Low risk)
A vulnerability in Communique can be exploited by malicious people to conduct cross-site scripting attacks
Read More
|
Hitachi Business Logic multiple vulnerabilities
(Medium risk)
Some vulnerabilities have been reported in Hitachi Business Logic, which can be exploited by malicious people to conduct cross-site scripting, HTTP response splitting, and SQL injection attacks
Read More
|
LAND attacks against network devices
(Medium risk)
A "LAND" attack involves IP packets where the source and destination address are set to address the same device
Read More
|
Microsoft Windows WMF "SETABORTPROC" arbitrary code execution
(High risk)
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system
Read More
|
Virus disguises itself as MSN Messenger beta
(Medium risk)
A virus masquerading as a new beta version of Microsoft's MSN Messenger has begun circulating
Read More
|
PHP-based web applications
(Low risk)
There is a lot of scanning activity looking for vulnerabilities in PHP or web applications that are written in PHP
Read More
|
Symantec AntiVirus decomposition buffer overflow
(High risk)
Symantec is aware of a buffer overflow in its AntiVirus component used to decompose RAR (Roshal Archive). A specially crafted RAR file could potentially cause this buffer overflow to occur and possibly execute hostile content from the RAR file on the targeted system
Read More
|
About NTA Monitor
This bulletin is produced as a by-product of ongoing research carried out to develop NTA Monitor's Internet security
testing service, Regular Monitor. NTA are a full-service Internet security testing company with a comprehensive range of
testing services including:
- VPN Testing
- Onsite Auditing
- Web Application Test
- War Dialling
- Wireless Infrastructure Testing
- RM Vulnerability Testing
For more information on the above services please see our
services page.