Check Point to acquire NFR Security
Check Point Software Technologies has signed a definitive agreement
to acquire NFR Security for approximately $20 million. With the
acquisition of NFR, Check Point will enhance its technology
leadership and raise the security bar in defending enterprise
networks against today's most dynamic threats.
In a statement, the company said Check Point's SmartDefense and
NFR's Hybrid Detection Engine (HDE) will offer customers "precise,
real-time attack prevention" by combining pre-emptive type-based
protection from SmartDefense with the "highly granular and accurate
attack detection" provided by the HDE.
"This acquisition is an important step in Check Point's
leadership strategy to continuously raise the level of security
available to enterprises for protecting their mission-critical
networks. It is part of our focus on two primary layers: network
security as our core platform and our recently announced expansion
into data security," Gil Shwed, founder and chief executive officer
of Check Point, said in the statement.
The price tag for the deal is approximately $20 million
including acquisition-related expenses. NFR, established in 1996,
is based in Rockville, Md. and has 22 employees.
Worm exploits Symantec flaw
A worm is using an older flaw in Symantec's Client Security and
AntiVirus Corporate Edition software to spread, according to Aliso
Viejo, Calif.-based eEye Digital Security. But Symantec said the
worm, named Big Yellow by eEye, has not spread very far. Symantec
released a patch for the flaw back in May.
The worm scans port 2967 for unpatched clients and drops
malicious software on the machines it finds. In published reports,
Symantec Security Response Senior Director Vincent Weafer said the
company first noticed the scanning activity Wednesday. "Since then
it's gone to a background level," he told the IDG News Service. "We
have had three submissions locally from our customers."
But eEye said the infections are a lot worse than what
Symantec's data suggests. Since Thursday, eEye had counted about
70,000 infected systems, eEye CTO Marc Maiffret told the news
service.
New flaws affect Microsoft
The French Security Incident Response Team (FrSIRT) is warning of
two new security flaws affecting Microsoft products.
The first flaw is a "division-by-zero" error that
surfaces in Windows Media Player when the program handles a
specially crafted MIDI file with a header chunk containing
malformed fields. Attackers could exploit the flaw to crash a
vulnerable application via a specially crafted file.
The second flaw is in Microsoft Project Server
2003. "This issue is due to an error when handling HTTP POST
requests passed to the 'logon/pdsrequest.asp' script, which could
be exploited by authenticated attackers to disclose the username
and password of the 'MSProjectUser' SQL account," FrSIRT said in
its advisory.
Flaw found in McAfee VirusScan for Linux
Attackers could gain extra network privileges by exploiting a flaw
in McAfee VirusScan for Linux, the French Security Incident
Response Team (FrSIRT) warned in an
advisory.
"This issue is due to an error where the current working
directory is included in the 'DT_RPATH' environment variable rather
than 'ORIGIN,'" FrSIRT said in its advisory. Attackers could
exploit this to execute malicious code with the privileges of the
application by tricking the dynamic loader into loading an
untrusted ELF DSO. FrSIRT said the flaw was discovered by Gentoo
Linux researcher Jakub Moc.
Yahoo warns of Messenger flaw
Yahoo fixed a flaw in its Messenger IM program last week, but the
company is asking users to hold off on installing the update until
it completes some further testing on the fix. Yahoo spokeswoman
Terrell Karlsten told CNET News.com that the company has stopped
prompting customers to update the software until it can do more
testing to ensure the update works properly. "We're testing the fix
until we can get it behaving the way we want it to behave," she
told the news organization.
Yahoo had alerted 73 million users worldwide -- specifically
those using its IM service before Nov. 2 -- to download the latest
version of Yahoo Messenger to correct an ActiveX control error
attackers could exploit to cause a buffer overflow. Yahoo said the
flaw could cause other applications like Internet Explorer to
crash, or cause users to be logged out. The new version fixes the
problem and adds new features like compatibility with Windows Live
Messenger.
Vista exploits on sale for $50,000?
Researchers at Tokyo-based security firm Trend Micro say someone in
the digital underground is selling what they claim to be a zero-day
exploit for Microsoft's new Windows Vista for $50,000.
The Vista exploit, which has not been independently verified,
was one of many zero-day exploits for sale at an auction-style site
that Trend Micro said it infiltrated.
Trend Micro CTO Raimund Genes told eWeek that prices for various
exploits were also listed in the $20,000 to $30,000 range. Bots and
Trojans designed to attack Windows machines were being sold for
about $5,000, he said.