- Home
- Cyber Security Alert
New Storm Worm Variant Spreading
- By Grey McKenzie
- Published 06/19/2008
- Cyber Security Alert
- Unrated
US-CERT has received reports of new Storm Worm related activity. Thelatest activity is centered around messages related to the recent
earthquake in China and the upcoming Olympic Games. This Trojan is
spread via an unsolicited email message that contains a link to a
malicious website. This website contains a video that when opened may
run the executable file "beijing.exe" to infect the user's system with
malicious code.
Subject lines can change at any time, but the following subject lines
are noted as being used:
* The most powerful quake hits China
* Countless victims of earthquake in China
* Death toll in China is growing
* Recent earthquake in china took a heavy toll
* Recent china earthquake kills million
* China is paralyzed by new earthquake
* Death toll in China exceeds 1000000
* A new powerful disaster in China
* A new deadly catastrophe in China
* 2008 Olympic Games are under the threat
* China's most deadly earthquake
US-CERT encourages users and administrators to take the following
preventative measures to mitgate the security risks:
* Install anti-virus software, and keep its virus signature files
up-to-date.
* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
Vulnerability Summary for the Week of May 19, 2008
- By Grey McKenzie
- Published 05/28/2008
- Cyber Security Alert
- Unrated
The US-CERT Cyber Security Bulletin
provides a summary of new vulnerabilities that have been recorded by
the National Institute of Standards and Technology (NIST) National
Vulnerability Database (NVD) in the past week. The NVD is sponsored by
the Department of Homeland Security (DHS) National Cyber Security
Division (NCSD) / United States Computer Emergency Readiness Team
(US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
Vulnerability Summary for the Week of May 12, 2008
- By Grey McKenzie
- Published 05/19/2008
- Cyber Security Alert
- Unrated
Vulnerability Summary for the Week of May 12, 2008
The US-CERT Cyber Security Bulletin provides a summary of new
vulnerabilities that have been recorded by the National Institute of
Standards and Technology (NIST) National Vulnerability Database (NVD)
in the past week. The NVD is sponsored by the Department of Homeland
Security (DHS) National Cyber Security Division (NCSD) / United States
Computer Emergency Readiness Team (US-CERT). For modified or updated
entries, please visit the NVD, which contains historical vulnerability information.
Vulnerability Summary for the Week of March 31, 2008
- By Grey McKenzie
- Published 04/8/2008
- Cyber Security Alert
- Unrated
The US-CERT Cyber Security Bulletin
provides a summary of new vulnerabilities that have been recorded by
the National Institute of Standards and Technology (NIST) National
Vulnerability Database (NVD) in the past week. The NVD is sponsored by
the Department of Homeland Security (DHS) National Cyber Security
Division (NCSD) / United States Computer Emergency Readiness Team
(US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
Cyber Security Vulnerability Summary for the Week of March 10, 2008
- By Grey McKenzie
- Published 03/17/2008
- Cyber Security Alert
- Unrated
The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard.
Entries
may include additional information provided by organizations and
efforts sponsored by US-CERT.
This information may include identifying
information, values, definitions, and related links.
Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
Cyber Security Alert: Vulnerability Summary for the Week of March 3, 2008
- By Grey McKenzie
- Published 03/10/2008
- Cyber Security Alert
- Unrated
Cyber Security Bulletin SB08-070
Vulnerability Summary for the Week of March 3, 2008
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.Cyber Security Vulnerability Summary for the Week of January 28, 2008
- By Grey McKenzie
- Published 02/4/2008
- Cyber Security Alert
- Unrated
Vulnerability Summary for the Week of January 28, 2008
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
Vulnerability Summary for the Week of January 7, 2008
- By Grey McKenzie
- Published 01/14/2008
- Cyber Security Alert
- Unrated
This bulletin provides a summary of new vulnerabilities that have
beenrecorded by the National Institute of Standards and Technology
(NIST) National Vulnerability Database (NVD) the week of January 7, 2008.
New iPhone Trojan Spreading
- By Grey McKenzie
- Published 01/9/2008
- Cyber Security Alert
- Unrated
US-CERT has received reports of a new Trojan horse program that affects the
Apple iPhone. This Trojan claims to be a tool used to prepare the device for
an upgrade to firmware version 1.1.3. When a user installs the Trojan, other
application components are altered. If the Trojan is uninstalled, the
affected applications may also be removed.
Trojan Steals Hundreds of Thousands From Biggest Banks in the U.S., the U.K., Spain and Italy,
- By Grey McKenzie
- Published 12/14/2007
- Cyber Security Alert , Cyber Security Industry Watch , Cyber Phishing Alerts
- Unrated
December 13, 2007 (Computerworld) -- A German hacker crew is looting commercial bank accounts in four countries using a custom-built Trojan put in place by expertly crafted and extremely focused phishing attacks, a security researcher said today.
The malware's most distinguishing feature, said Don Jackson, a senior security researcher with SecureWorks Inc., is its ability to mimic the steps the human account owner would take to move money.

Cyber Security Alert