Content-Type: text/html

---------- Forwarded message ----------
From: Kym Patterson
Date: Friday, September 16, 2011
Subject: [Security] Open Source Report - Sept. 16
To: "[log in to unmask]">ssoco[log in to unmask]" <[log in to unmask]">[log in to unmask]>, "[log in to unmask]">[log in to unmask]" <[log in to unmask]">[log in to unmask]>

Information Technology Sector

38. September 15, H Security – (International) Cisco patches critical vulnerabilities. Cisco published two advisories September 14 related to a flaw that allows remote code execution on systems where its Unified Service Monitor (USM), Unified Operations Manager (UOM), and LAN Management Solution (LMS) software packages are in use. The flaw allows an unauthenticated remote attacker to execute code on servers running the packages, and is exposed by sending crafted packets to the server over port 9002. Cisco said it is unaware of any exploitation of the vulnerability in the wild. All versions of USM and UOM prior to version 8.6 are vulnerable. LMS versions 3.1, 3.2, and 4.0 are also affected by the vulnerability, although 3.1 and 3.2 are only vulnerable when the Device Fault Management component is installed. All installations of 4.0 are vulnerable. Source: 39. September 15, threatpost – (International) Dutch regulator bars DigiNotar from issuing qualified certificates. A Dutch agency that regulates the actions of telecommunications providers revoked DigiNotar's ability to issue certificates for digital signatures September 14. The agency said that because of the way that DigiNotar behaved during the attack on its certificate authority infrastructure, the company no longer has the authority to issue so-called qualified certificates. In a report released September 14, the board of the independent post and telecommunications authority said that because there was evidence of an attacker having compromised the server that was used to issue qualified certificates, the agency could not allow DigiNotar to continue issuing those certificates. Source:

40. September 14, threatpost – (International) Trojan makes child-porn accusation, locks computer, requests $17. A new ransomware scam locks down its victims' computers, attempting to convince them that child pornography has been found therein, and informs users that their machine will be unlocked only after paying a $17 fine, according to a BitDefender analysis reported by MalwareCity September 5. The trojan, Trojan.Agent.ARVP, is currently targeting users in Russia, but a quick translation could change that, according to the report. The malware is currently spreading through malicious links on social networking sites. Source:


Kym Patterson: State Chief Security Officer, State Cyber Security Office <>, Arkansas Department of Information Systems | Phone: 501.682.4550 <tel:501.682.4550> | Fax: 501.682.9465 <tel:501.682.9465>  |  Email: [log in to unmask]">[log in to unmask] | <>