Archived Alerts

­

Transport Layer Security (TLS) Man-In-The-Middle (MITM) Vulnerability CVE-2009-3555

ICASI is releasing this alert to provide guidance on a protocol-level design flaw allows for an attacker to perform a man-in-the-middle (MITM) attack on sessions protected by Transport Layer Security (TLS) and Secure Sockets Layer (SSL). This vulnerability could allow an attacker who is able to successfully leverage a MITM attack to prepend data to [...]

ICASI Members Release Domain Name System (DNS) Advisories

ICASI is aware of an industry-wide vulnerability regarding the Domain Name System (DNS). ICASI members have released advisories for their affected products, and ICASI encourages customers to review those advisories and deploy any necessary updates or mitigations in a timely manner. For more information on our members' products, or to report potential security vulnerabilities, please [...]

Wi-Fi Protected Access (WPA) Encryption Vulnerability

ICASI is aware of reports that describe a way to partially crack the Wi-Fi Protected Access (WPA) encryption standard used to protect data on many wireless networks. The documented issue affects encryption solutions that implement WPA-TKIP and allows an attacker to inject network traffic between an access point and a client if multimedia extensions are [...]

Conficker Malware Threat

ICASI is releasing this alert to provide clarity and guidance on issues that have been raised regarding the change to Conficker malware. This alert provides a consolidated view and information from ICASI member companies. The Conficker worm has grown to be a large active botnet. At this time Conficker affects a variety of Windows operating [...]

Updated Conficker Malware Threat

ICASI is releasing this alert to provide guidance on issues that have been raised regarding the behavior of the Conficker malware threat. Historically, once botnets reach a sufficient size, their purposes tend to evolve and change organically to meet the needs of the owners. This trend is likely to also occur with Conficker, and many [...]

Vulnerabilities in Microsoft Active Template Library (ATL)

The Industry Consortium for Advancement of Security on the Internet (ICASI) is releasing this alert to provide guidance on issues that have been raised regarding vulnerabilities in Microsoft’s Active Template Library (ATL). These vulnerabilities could result in information disclosure or remote code execution attacks for controls and components built using vulnerable versions of the ATL.