Other patches and updates du jour...
AREVA e-terrahabitat SCADA systems vulnerabilities, US-CERT Vulnerability Note VU#337569
HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code SSRT080100
Sysinternals updates for Process Explorer v11.33, Autoruns v9.39, and ZoomIt v3.02 here.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Time to patch your HP printers
HP have released a security bulletin for certain LaserJet printers. They require firmware updates. It is a directory traversal issue in the web admin interface. The vulnerability leads to unauthorized access to arbitrary files stored on the printer(s). The bulletin SSRT080166 is here. The CVE is CVE-2008-4419. Printers tend to be low on the priority list of systems or devices to be patched, this one will likely linger for years to come. The impact might not seem severe, as in the attacker can view the printer configuration, however viewing cached versions of printed documents can be.Other than patching, disallowing access to the web admin interface is likely the only other mitigation.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Fake stimulus payments
Amy sent us in a note regarding an email she had received. It had a subject line of "Economic Stimulus Payment form ID: [SP-251.9475]" and an attachment. The contents were:
"After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a Stimulus Payment.
Please submit the Stimulus Payment form in order to process it.
A Stimulus Payment can be delayed for a variety of reasons.
For example submitting invalid records or applying after the deadline.
To submit your Stimulus Payment form, please download the attached document.
Note: If filing or preparation fees were deducted from your 2007 Refund or you received a refund anticipation loan, you will be receiving a check instead of a direct deposit.
Regards,
Internal Revenue Service"
Hmm, look fake?
The attachment was a HTML document named: "Economic Stimulus Payment.htm", the contents of which were:
"<scr1pt language="JavaScr1pt">
<!--
w1ndow.location="http://bagatela. com /carrostunados/ wp-content/upgrade";
// -->
</scr1pt>
When we retrieve that page we get:
<scr1pt language="JavaScr1pt">
<!--
w1ndow.location="http://hawsedc. com /thomas/stimulus.refund/0,, id=181665,00.html";
// -->
</scr1pt>
Which gave me a 404 when I attempted to grab a copy.
Moral of the story, if it looks too good to be true, it is. The IRS will hopefully not be emailing out forms for economic stimulus payments any time soon.
Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago