 |
 |
Sun today released VirtualBox 3.1.0, a major update introducing teleportation, branched snapshots, 2D video acceleration for Windows guests, more flexible storage management and much more. See the ChangeLog for details.
The Koobface Web site offers a video posted by ‘SantA’. The usual ruse of requiring a codec to watch the video is used, to encourage the user to install and run a file called setup.exe (SHA1:a2046fc88ab82abec89e150b915ab4b332af924a). This file is currently detected by 16 out of 41 antivirus products according to VirusTotal.
On the compromised Facebook page the user is presented with a link to ch[removed]cher.ch which is a compromised site in Switzerland. The user is redirected to one of several Koobface Web sites through a malicious Flash movie file hosted on the compromised site. If the user runs the infected file, the worm will automatically login to their Facebook, Myspace, and several other social networking sites and send messages to all their friends.
Source:
http://securitylabs.websense.com/content/Alerts/3505.aspx
VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter. Most of the vulnerabilities are in Java, Tomcat and the kernel and have been known for some time. Some of them can be exploited to compromise a system, however, the advisory notes that flaws in the Service Console kernel and JRE can only be exploited when an attacker has access to the Service Console network.
Currently, updates have only been released for some of the affected products, such as ESX 4.0 and vCenter 4.0. According to VMware, security updates for the other products are pending completion.
Source:
http://www.h-online.com/security/news/item/Numerous-vulnerabilities-in-VMware-products-867427.html
I’ve been using SyncToy to back up data to an external USB drive and then using Jungle Disk to back up the data to Amazon S3. With the newest version of SyncToy (2.1) they fixed a bug for EFS and now files retain their encryption when copied to an NTFS drive. This all of a sudden was causing errors (“Access is Denied”, of course) in Jungle Disk and it stopped backing up my files. After snooping around a bit, I saw that the service runs as the “Local Service” account and this account obviously will not have your certificate in it’s Store to be able to access the files. There’s a quick and easy solution and that is to change the account that the service logs in with to the account that has the files encrypted:
(Start -> Run -> services.msc -> Find the Jungle Disk service, double-click, go to the Log On tab)
Apply and restart the service and you should now be able to back up your encrypted files.
Nearly one year after the release of Metasploit 3.2, the Metasploit Project developers have announced the availability of version 3.3 of the Metasploit Framework. The comprehensive programming framework for developing exploits for vulnerabilities is used by security researchers, penetration testers and black hat crackers alike. The latest release includes a number of updates, improvements and new features.
In addition to more than 180 bug fixes and “major” start up speed improvements, Metasploit 3.3 features 445 exploit modules (up from 320), 216 auxiliary modules (up from 99), support for Ruby 1.9.1 and support for new operating systems, including Windows Vista and Windows 7. Windows payloads now support NX, DEP and IPv6. The Linux installers are now available for 32 and 64-bit systems and include everything most users would need to run the framework.
Source:
http://www.h-online.com/open/news/item/Metasploit-3-3-released-862458.html
