Daily Report Thursday, November 16, 2006

Daily Highlights


WZZM−13 reports there is more concern after the security breach and identity theft problems at Wesco gas stations across West Michigan, and thousands of Fifth Third Bank customers will have their debit cards re−issued as a precautionary measure. (See item 6)
·
The Anderson Independent−Mail reports that after an outbreak of whooping cough at a school in Anderson, South Carolina, health officials warn that one vaccination in a person’s lifetime is not enough to guard against the disease. (See item 29)
·
The Department of Homeland Security and the Advertising Council have unveiled new public service advertisements to support the Ready Campaign, a national public service advertising campaign designed to educate and empower Americans to prepare for and respond to emergencies. (See item 32)

Information Technology and Telecommunications Sector

36. November 15, VNUNet — Windows use could boost mobile malware. A security expert has warned that the increasing use of Microsoft code in mobile applications could lead to a rise in mobile malware activity. Kevin Hogan, senior manager at Symantec Security Response said that, while very little malware activity is aimed at mobile phones, the situation could change as Microsoft's influence grows. Hogan cited two large Japanese telecoms companies which are actively evaluating Windows CE devices. "If Windows CE is taken up in a big way in a large market we may see some increased malware activity," he warned. "There is not a lot of functionality built in that will stop attacks on that platform, so there could be a problem if it takes off."
Source: http://www.vnunet.com/vnunet/news/2168653/windows−boost−mobi le−malware

37. November 15, SearchSecurity — SANS: VoIP, zero−day threats surge. Since attacks are no longer tied solely to a set of software flaws, the SANS Institute has renamed its annual Top 20 vulnerabilities list this year to the "Top 20 Internet Security Attack Targets." Among this year's top 20 are six major attack trends: 1) A surge in zero−day attacks that go beyond Internet Explorer to target other Microsoft software; 2) A rapid growth in attacks exploiting vulnerabilities in ubiquitous Microsoft Office products such as PowerPoint and Excel; 3) A continued growth in targeted attacks; 4) Increased phishing attacks against military and government contractor sites; 5) A surge in Voice over Internet Protocol (VoIP) attacks in which attackers can intercept and sell company meeting minutes, inject misleading messages or create massive outages in the old phone network; 6) Ever−increasing attacks against Web application flaws.
SANS Institute's Top 20 vulnerabilities list: http://www.sans.org/top20/?ref=1487
Source: http://searchsecurity.techtarget.com/originalContent/0,28914
2,sid14_gci1230095,00.html


38. November 14, U.S. Computer Emergency Readiness Team — US−CERT Technical Cyber Security Alert TA06−318A: Microsoft security updates for Windows, Internet Explorer, and Adobe Flash. Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial−of−service on a vulnerable system. Systems affected: Microsoft Windows, Microsoft Internet Explorer, and Adobe Flash. Further information is available in the US−CERT Vulnerability Notes Database: http://www.kb.cert.org/vuls/byid?searchview&query=ms06−nov
Solution: Microsoft has provided updates for these vulnerabilities in the November 2006 Security Bulletin. The Security Bulletin describes any known issues related to the updates. Note any known issues described in the Bulletin and test for any potentially adverse affects in your environment. Microsoft Security Bulletin: http://www.microsoft.com/technet/security/bulletin/ms06−nov.mspx
System administrators may wish to consider using Windows Server Update Services: http://www.microsoft.com/windowsserversystem/updateservices/ default.mspx
Source: http://www.us−cert.gov/cas/techalerts/TA06−318A.html