SecurityFocus has posted a report about NukeSentinel™ 2.1.3/2.1.4 . While this does affect the older versions it does not affect 2.2.0 and 2.2.1 . These versions, which were released long before the reported issue, have a builtin filter to work with the hex intrusion.

UPGRADE TODAY if you are using the versions below 2.2.x.

Acyd Burn writes "phpBB Group announces the release of phpBB 2.0.15, the 'summer needs to be hot' release. This release addresses some bugfixes and addressing some security issues, one being serious. To fix the serious issue, please apply the code changes found at Serious Security Update - phpBB 2.0.15"

Gunter Ollman, Professional Services Director, NGS, has written a very informative white paper on Stopping Automated Attack Tools. The following is an abstract of the paper.

An almost infinite array of automated tools exist to spider and mirror application content, extract confidential material, brute force guess authentication credentials, discover code-injection flaws, fuzz application variables for exploitable overflows, scan for common files or vulnerable CGI's, and generally attack or exploit web-based application flaws. While of great value to security professionals, the use of these tools by attackers represents a clear and present danger to all organisations. These automated tools have become increasingly popular for attackers seeking to compromise the integrity of online applications, and are used during most phases of an attack. Whilst there are a number of defence techniques which, when incorporated into a web-based application, are capable of stopping even the latest generation of tools, unfortunately most organisations have failed to adopt them. This whitepaper examines techniques which are capable of defending an application against these tools; providing advice on their particular strengths and weaknesses and proposing solutions capable of stopping the next generation of automated attack tools.

Copyright © April 2005, Gunter Ollman. All rights reserved worldwide.

From Security Focus BugTraq

There is a high risk SQL Injection issue in the phpBB notes module that allows for malicious users to pull sensitive data from the underlying database and possibly compromise the affected phpBB installation.

Read the full post on phpBB Notes Mod SQL Injection Vulnerability

franko writes:  

Sometime during the early morning of Sunday 1 May 2005 (USA TIME) a massive attack against some 5000 php based sites across Texas and Californian servers occured. The source of this attack is believed to be from a group in Brazil using the domain www.outlawgroup.cjb.net

The attack as far as we are aware has affected at the least high bandwidth servers in Texas and California (Siteground being one we know of as we use them). Has anyone else been affected by this group ? The attack resulted in the index.php file and other files being replaced and other files deleted. In addition logs appear o have been flushed as well in an attempt to cloak their origins. Reports have gone to Cert regarding this attack which is believed to have affected over 5000 sites.

Frank & Mark in Australia (now u very very late restoring sites)

Updated: Security researchers warn that a one-letter typo in Google's domain name could lead to a massive virus- and spyware-infection attack.

A simple misspelling of Google's domain name could lead to a Web surfer's worst nightmare.

In a new twist to the old practice of "typosquatting," virus writers have registered a slight variation of Google Inc.'s popular search-engine site to take advantage of any users who botch the spelling of the google.com URL.

Read the full article at eWeek about Beware How You Google.