Friday, June 5, 2009

Around The Horn vol.1,115

Microsoft Patch Tuesday for June 2009: 10 bulletins

By emil.protalinski@arstechnica.com (Emil Protalinski) on Patch Tuesday

According to the Microsoft Security Response Center, Microsoft will issue 10 Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (June 10 at 11:00am PST, if you're interested). Six of the vulnerabilities are rated "Critical," three are marked as "Important," and the last one is considered "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least seven of the 10 patches will require a restart.

PayPal Software Security Podcast

By Robert A. on SDL

Gary McGraw posted the following to the secure coding mailing list today. "Episode 6 of the Reality Check security podcast features our own Andy Steingruebl chatting with me about Paypal's software security initiative. This was a fun episode for me, because though I have known Andy for a while I had...

Federal Trade Commission shuts down rogue ISP

By Dong Ngo

The Internet might just have gotten a little safer.

The Federal Trade Commission announced Thursday that it had Pricewert shut down by the U.S. District Court for the Northern District of California, San Jose Division.

Pricewert is a San Jose,...

Microsoft to plug holes in Windows, IE, Word, Office, and Excel

By Elinor Mills

Updated 3:30 p.m. PDT with Adobe update due on Tuesday.

Microsoft will release 10 security updates on Patch Tuesday next week, including critical patches for holes in Windows, Internet Explorer, Word, Office, and Excel.

In addition, Adobe said it will provide security updates for Adobe Reader and Acrobat ...

ATM malware lets criminals steal data and cash

By Elinor Mills

Malware has been found on ATMs in Eastern Europe and elsewhere that allows criminals to steal account data and PINs and even empty the machine of its cash, a computer forensics expert said.

About 20 ATMs have been compromised in that manner, mostly in Russia and the Ukraine, but there ...

Scammers using search optimization on Twitter, Google

By Elinor Mills

Online scammers are targeting people looking for popular topics on Twitter and Google to lure them to Web sites that display fake security warnings and try to sell them antivirus products, PandaLabs said on Wednesday.

This technique isn't new, but seems to be widening on Google and is particularly ...

Microsoft Outlook users targeted in phishing attempt

By Elinor Mills

Trend Micro is warning about a phishing attempt that targets users of Microsoft Outlook.

The phishing e-mail arrives in Outlook e-mail in-boxes and looks like it comes from Microsoft. It prompts recipients to reconfigure their Outlook by clicking on a link that leads to a Web site that asks for ...

WEPBuster - Wireless Security Assessment Tool - WEP Cracking

By Darknet on wireless-security

WEPBuster basically seems to be a toolkit that attempts to automate the tasks done by the various parts of the aircrack-ng suite. The end goal of course is to crack the WEP key of a given Wireless network. Features The main part of this is the autonomous nature of the toolkit, it can crack all access points within [...]

Hackers Arrested In China After Feud Causes Major Outage

Police in China arrest four after feud between underground gaming services leads to nationwide Internet outage

Hacking Tool Lets A VM Break Out And Attack Its Host

'Cloudburst' memory-corruption exploit released with Immunity Inc.'s new version of Canvas penetration testing software

Report: Cybercime Riches Are Hard To Come By

Researchers from Microsoft's research arm say stolen goods offered for sale in IRC channels are tough to monetize, and industry estimates of underground profits are "exaggerated"

Study: Web Trackers Systematically Compromise Users' Privacy

Current Website monitoring practices violate users' privacy rights on a broad scale, UC-Berkeley study says

NSA-Funded 'Cauldron' Tool Goes Commercial

Vulnerability analysis tool aggregates, correlates, and visually maps attack patterns and possibilities

Tech Insight: How To Protect Your Organization From Malicious Insiders

New report offers insights on how to prevent malicious insiders from stealing or damaging enterprise data

New Fake Banking Cert Attacks In Play

In Virus and Spyware

A new round of attacks are using phony BoA banking certificates to lure users into downloading malware.

Cyber leader powers still unknown

President Barack Obama received widespread praise for his recent decision to create a cybersecurity coordinator, but some observers say it remains to be seen whether the position has enough authority.

Napolitano backs E-Verify

Homeland Security Secretary Janet Napolitano said she is a big supporter of E-Verify, the Web-based employment eligibility verification tool.

DHS' IG reports millions recovered from fraud

The Homeland Security Department's inspector general has recovered $228 million in fines and other payments by investigating complaints of alleged waste, fraud and abuse.

FTC Shuts Down 'Worst ISP In U.S.'

Pricewert LLC is accused of hosting and actively distributing child pornography, malware, and spam.

Federal CIO, Kundra Looks Forward To Data.Gov 2.0

The upgrades to the site, which will be available in a few months, will feature new ways to find and use data, including the ability to tag data sets.

Google Widens Its Gaze In Street View

Google's continuous corridor of 3-D space with building facades and roadway geometry is generated virtually using laser landscape measurements and picture difference comparisons.

Verizon Business Unveils 'Computing As A Service'

The company's CaaS users will be able to access a real-time self-service portal to manage physical and virtual servers, network devices, storage, and backup services.

RIM Issues Patch For BlackBerry Vulnerability

Enterprise BlackBerry smartphone users could be at risk if they open a maliciously crafted PDF, Research In Motion says.

Homeland Security Keeping Central Cybersecurity Role

The department's operational responsibility won't be undercut by the cybersecurity coordinator, a DHS undersecretary nominee says.

Government Accidently Posts Sensitive Nuclear Documents Online

The 267-page document contains addresses and descriptions of civilian nuclear sites around the country.

Homeland Security Names New Cybersecurity Officials

Philip Reitinger, who worked in cybersecurity for Microsoft and fought cybercrime for the Department of Justice, will help to coordinate cybersecurity efforts across the government.

Mobile Phones Face Hacking Threat, Experts Say

A flaw -- which enables criminals to access a cellphone data connection, steal data or install or remove programs -- gained wider attention at the BlackHat Europe security conference.

Rolling Review Wrap-Up: Smartphone Security

Each product we looked at showed different core strengths. Know your environment to find the best tool for your mobile device fleet.

Google Executive To Become Federal Deputy CTO

Andrew McLaughlin will find that he isn't the only ex-Google employee serving the Obama administration.

Cybersecurity Review Finds U.S. Networks 'Not Secure'

The report dovetails with President Obama's call for the creation of a cybersecurity coordinator who will orchestrate and integrate federal cybersecurity policies and agendas.

Obama Announces White House Cybersecurity Position

Names that have been bandied about include acting White House cybersecurity chief Melissa Hathaway and Microsoft VP Scott Charney.

Microsoft Warns Of 'Browse-And-Get-Owned' DirectX Flaw

The flaw could allow a remote attacker to execute malicious code by convincing or duping a user to open a specially crafted QuickTime media file.

Government Wrestles With Social Media Records Retention Policies

The National Archives is trying to navigate complex regulations that require capturing and storing all sorts of content in the age of social media, cloud computing, and seemingly endless storage.

White House Launching Transparency Blog

In a nod to openness and citizen participation in government, the Obama administration also will open White House blogs to public comments.

Obama Should Scrap Cybersecurity Czar, Analyst Says

Gartner expert says president's plan to protect nation's computing infrastructure won't work.

Anti-U.S. Hackers Infiltrate Army Servers

Exclusive: Defense Department investigators subpoena records from Google, Microsoft, and Yahoo in connection with ongoing probe.

Government Panel Calls For Privacy Policy Overhaul

Report to OMB outlines the creation of a chief privacy officer role and chief privacy officers at every federal agency that already has a CFO.

VMware Invests $20 Million In Terremark Cloud Services

The virtualization giant will own 5% of Terremark, which produces cloud and managed IT services for large companies and government agencies.

Department Of The Interior Can't Locate Many PCs

The federal agency can't locate 20% of its computers and, because it has no encryption requirements, the missing PCs could be vulnerable to data theft or loss.

Obama, White House To Oversee Cybersecurity Leadership

The national security staff will include new positions for addressing cybersecurity, information sharing on terrorism, border security, and preparedness and response.

Firefox Extension Malware Raises Security Questions

Mozilla's diligent cleanup rather than catching malicious add-ons before they reach the public has rankled some in the security community.

Rolling Review: Trust Digital Enterprise Mobility Management

Platform centralizes management for diverse smartphone environments.

Tech Road Map: 3G Security Is Getting Better, But It's Still Incomplete

Safeguarding wireless traffic in transit is only part of the equation. Pay attention to devices and endpoints, too.

Army Deploying Vista On Hundreds Of Thousands Of Computers

The migration is driven by the better security offered in Windows Vista and Office 2007.

President Clinton Data On Hard Drive Lost By National Archives

The drive contains snapshots of the hard drives of departing administration officials, information that had been stored on 113 4-mm tape cartridges.

Verizon Beefs Up Handset Security

The over-the-air authentication service enables workers to securely access business networks from handsets nearly anywhere in the world.

YouTube Launches U.S. Government Portal

The channel aggregates videos from the White House, CDC, NASA, and other federal agencies using a player that complies with government privacy regulations.

Mac OS X Users Warned About Java Vulnerability

SoyLatte, an X11-based port of the FreeBSD Java 1.6 "patchset" to Mac OS X Intel machines, is also reportedly vulnerable.

Interop 2009 Show Winners

This year's champs come from every corner of IT -- cloud computing, virtualization, network management, security, wireless -- and more. Judges also handed out a green award, and picked a favorite startup before announcing the coveted Best Of Interop winner.

New McAfee Whitepaper on Browser Attacks

By David Marcus on Zero-Day

Today we at McAfee Avert Labs released an excellent paper on browser attacks. Written by Christoph Alme, this paper deals with the many complexities of browser security and attacks. From the paper: Web Browsers: An Emerging Platform Under Attack “The widespread use of highly interactive “rich client” web applications for e-commerce, business networking, and online collaboration [...]

Lawmakers question whether DHS cybersecurity role will be undercut by White House appointment

Just days after President Obama announced his plan to appoint a new White House cybersecurity coordinator, lawmakers are questioning the impact the move might have on the U.S. Department of Homeland Security's role in cybersecurity.

Security in a virtual world

Virtualization of the data center is provoking fundamental questions about the proper place for network security services. Will they simply disappear into the One True Cloud, dutifully following applications as they vMotion about the computing ether? Will they remain as a set of modular appliances physically separate from the server computing blob? Should everything be virtualized because it can be?

Court shuts down 'rogue' ISP after FTC complaint

A U.S. judge has ordered that an Internet service provider be shut down after the U.S. Federal Trade Commission complained that the company recruits and hosts spammers, child pornographers and other criminals.

Sears settles online tracking complaint from FTC

Sears Holdings Management has agreed to settle a complaint from the U.S. Federal Trade Commission that it failed to tell customers about the wide range of their personal information, including bank statements and prescription records, it collected through a downloadable software application, the FTC said.

Judge dismisses NSA wiretap civil liberties suits

A federal judge on Wednesday threw out 46 civil lawsuits filed against telecommunications companies for allowing the National Security Agency to probe their networks for terrorist communications without approval from a court.

Cybercriminals refine data-sniffing software for ATM fraud

Cybercriminals are improving a malicious software program that can be installed on ATMs running Microsoft's Windows XP operating system that records sensitive card details, according to security vendor Trustwave.

Judge sides with UK bank in 'phantom withdrawal' case

A U.K. judge ruled Thursday in favor of U.K. bank Halifax after it was sued by a man who claims he did not make eight ATM withdrawals from his account.

HMRC recruit Phil Pavitt as CIO

Phil Pavitt, CIO of Transport for London is moving to HMRC, the two public sector bodies have confirmed. Pavitt has been an instrumental CIO at Transport for London (TfL), reducing spending, vendor numbers and re-motivating the IT team. He faces a challenging task at HMRC, which is bruised from the loss of CDs containing the personal details of 25 million British people.

Forrester: Deep Packet Inspection As An Enabling Technology

Deep packet inspection (DPI) is a technique that has seen success in traffic management, security, and network analysis. It is a technology that performs content analysis of network packets at line speed but is different from header or metadata-based packet inspection, which is typically performed by switches, firewalls, and IDS/IPS devices. A general DPI solution provides deep packet inspection for different applications.

U.S. accidentally releases list of civilian nuclear sites

A document listing all U.S. civilian nuclear sites became available on whistleblower Web site Wikileaks.org days after a government Web site publicly posted the data by accident.

Phorm fights back with new Discover software

Phorm has been called many unpleasant things in its time, but now the controversial behavioural advertising-based company seems determined to add the word 'useful' to the list.

iTunes, QuickTime Get Security Fixes

Apple yesterday released updates to close a number of security holes in its QuickTime player, as well as a bug in iTunes. Both Mac and Windows versions received the update.

Opting out of targeted ads too hard, privacy advocates say

The online advertising industry and U.S. policy makers need to give online users more control over the collection of personal data and surfing habits beyond the traditional opt-out approach, some privacy advocates said Wednesday.

Microsoft reveals some of its cloud security measures

Microsoft has published security policies it applies to its cloud services, and sheds some light on what might ultimately develop as industry standards for securing these services.

Colleges give themselves C+ for network security

Colleges give themselves modest marks in network security and fear malware the most among a long list of potential threats, according to a survey of university technology executives.

Security vendor ferrets out who's a human and who's a bot

An Atlanta security company has come up with a technology it says can block automated programs responsible for perpetuating nuisances such as spam, fake e-mail registrations and click fraud.

Judge sides with Halifax in Chip and PIN clone case
Phantom withdrawal verdict may go to appeal

Halifax, the UK retail bank, has scored a victory in a closely-watched 'phantom withdrawal' case that put the security of Chip and PIN on trial.…

US mega retailer settles spyware charges
Sears promises to spy no more

One of the biggest US retailers has agreed to settle charges brought by federal authorities that it snuck privacy-stealing software from ComScore onto customers' machines.…

US Federal Trade Commission shuts down ISP
Provider accused of harboring malware, child porn

Federal authorities have shut down what they said was the worst US-based web hosting provider after convincing a judge it actively participated in the distribution of child pornography, spam, malware, and other net-based menaces.…

Twitter Trends exploited to promote scareware
Malign micro-blogging madness

Hackers are manipulating a hot topics feature of Twitter to promote malware-infected websites. The gaming of the Twitter Trends feature recalls the manipulation of Google search results using black-hat search engine optimisation techniques.…

Tories, LibDems under election day cyberattack?
DDoS crosses boxes

The website of the Conservative Party was hit by a denial of service attack early on Thursday morning, just as Britons went to the polls for the most closely-watched European elections for years.…

At long last, internet's root zone to be secured
VeriSign and ICANN to share DNSSEC duties

The US government said Wednesday it plans to digitally sign the internet's root zone by the end of the year, a move that would end years of inaction securing the internet's most important asset.…

Data-sniffing trojans burrow into Eastern European ATMs
Professionally written, rapidly developed

Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.…

Hacker disrupts economy of annoying Twitter-based game
Spymaster gets Twoted

An annoying Twitter-based game has been exploited through a Robin Hood-style attack involving the transfer of imaginary funds.…

Insurance giant coughs to malware-related data breach
This is not business as usual

The US arm of insurance giant Aviva has blamed a computer virus infection for the potential disclosure of sensitive personal information.…

Cambridge hospital cleans up after mystery malware infection
Patients unaffected after PCs get the pox

An unnamed computer virus infection forced a UK hospital to temporarily shut down part of its network earlier this week.…

Targeted e-mail attacks asking to verify wire transfer details, (Thu, Jun 4th)

There is a new e-mail wave doing the rounds (we have reports from June 3 4). It is a very targ ...(more)...

Malware targetting banks ATM's, (Thu, Jun 4th)

Interesting recent article (June 2009), thanks Martin, about evolving malware specimens targeting an ...(more)...

New version (v 1.4.3.1) of BASE available, (Thu, Jun 4th)

A new version of BASE (v.1 ...(more)...

Cyber Security Review Report Response (May 30/June 2009)

The release of the report on the 60-day cyber security review has generated copious response.......

Czartalk (May 28 & 30 & June 1, 2009)

National cyber security would be better served by a federal chief information security office rather than a cyber security czar, according to Gartner VP and analyst John Pescatore.......

Man Who Created Clandestine Database to Get Harsh Punishment (May 27 & June 1, 2009)

Magistrates in Macclesfield, Cheshire, UK, have sent the case of Ian Kerr, who compiled a construction worker blacklist database, to crown court for sentencing.......

Former Employee Arrested in Connection With Cyber Intrusion (May 29, 2009)

FBI agents arrested Dong Chul Shin, a former Texas power company employee who is a suspect in a computer intrusion at his former employer's network.......

Cyclist and Coach Fail to Appear in Court Over Hacking Allegations (May 29, 2009)

Competitive cyclist Floyd Landis and his coach, Arnie Baker, were no-shows at a scheduled May 5 court appearance in France regarding allegations of hacking.......

Apple Releases QuickTime Update (June 1, 2009)

Apple has released QuickTime version 7.......

Windows Update Installs Firefox Add-on Surreptitiously (May 29 & June 1, 2009)

Firefox users are unhappy that a recent Windows Update installed the .......

Microsoft Office 2000 Support Will Expire This Summer (June 1, 2009)

Microsoft has announced that after July 2009, it will issue no more security patches for Office 2000.......

Microsoft Developing Patch for DirectShow Vulnerability (June 1, 2009)

Microsoft now says it is developing a patch for a vulnerability in the Windows DirectShow platform.......

Twitter Scareware Attack (June 1, 2009)

A scareware scam is spreading through Twitter.......

British MP's Facebook Account Hit By Spam Scam (June 1, 2009)

A British MP has expressed dismay that his Facebook account was hijacked and used to send spam messages to 1,500 contacts.......

Stolen Laptop Recovered Thanks to Internet-Based Backup Service (May 29, 2009)

A California man's stolen laptop computer was found when he discovered self-portraits of the thief on his Internet-based backup service.......

FTC shuts down rogue ISP for hosting malicious content, botnets

By Robert Westervelt

Executives at Triple Fiber Network are suspected of recruiting bot herders and hosting botnet command and control servers.

Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities

By SearchSecurity Staff

The software giant plans to issue six critical bulletins repairing flaws in Internet Explorer, Word, Excel and Office.

DHS fills National Cybersecurity Center post

By Robert Westervelt

Former Microsoft executive Philip Reitinger will lead the DHS' cybersecurity operations, filling a post vacated by Rod Beckstrom.

Banks using Twitter need to proceed with caution, experts say

By Marica Savage

ATM malware lets attackers take over machines

By Marcia Savage

Trustwave investigators say sophisticated malware used in Eastern Europe allows attackers to steal track data, PINs and cash from infected ATMs.

Stolen FTP credentials likely in massive website attacks

By Robert Westervelt

The latest website attack techniques use stolen user credentials instead of website vulnerabilities to crack websites and spread malware.

Examining Conficker: When a worm becomes a botnet

By Brian Sears

Conficker may be backed by a well funded group or government intending to silently collect information. Though the hype has waned, Conficker could lead to a much larger threat.

IT pros can detect, prevent website vulnerabilities, thwart attacks

By Eric Ogren

Until vendors release a cohesive set of tools to protect against website attacks, IT security pros have a number of ways to detect vulnerabilities.

Court Shuts Down 'Rogue' ISP

Agreeing with a complaint from the Federal Trade Commission, a district judge orders Pricewert, an ISP that the FTC says actively recruits and colludes with online criminals, to cease and desist operations.
- The Federal Trade Commission won an injunction June 4 that shuts down what the agency calls a quot;rogue quot; ISP that the FTC says recruits, knowingly hosts and actively participates in the distribution of spam, child pornography and other harmful electronic content. In the FTC complaint (P...

Microsoft Plans Hefty Patch Tuesday

Microsoft is prepping the largest Patch Tuesday release of 2009 so far. The June release will feature 10 security bulletins, including bulletins covering critical vulnerabilities affecting Microsoft Windows and Internet Explorer.
- Microsoft has 10 security bulletins coming June 9, its biggest Patch Tuesday release of 2009 so far. Of the bulletins, six have the highest rating of quot;critical. quot; Two of those six address remote code execution vulnerabilities in the Windows operating system. The other critical bulletin...

ATM Malware Surfaces as Hackers Target Banks in Eastern Europe

Trustwave uncovers malware on 20 ATM machines in Russia and Ukraine designed to allow hackers to swipe everything from cash to PIN codes. Officials at Trustwave advise merchants to take steps to ensure their ATM environment is secure.
- Security researchers at Trustwave have uncovered an effort by cyber-thieves to use malware to infect and loot ATM machines in Eastern Europe . Trustwave, which focuses on security and compliance for the payment card industry, discovered the malware while investigating ATM breaches in ...

U.S. Nuclear Information Leaked on GPO Web site

Sensitive, but not classified, information on U.S. nuclear sites was posted to the Government Printing Office Web site. The information, now removed, included maps of locations of stockpiles of fuel for nuclear weapons.
- Days after U.S. President Barack Obama declared cyber-security a national security priority in a speech, reports are circulating that potential sensitive information on the country's nuclear facilities leaked out onto the Internet. The 260-plus page document, which featured maps showing...

Microsoft Bing Security Covers Familiar Ground

Microsoft's new Bing search engine may not break new ground when it comes to safe search, but the company is largely in line with efforts by Yahoo and Google to combat phishing and other malicious sites.
- A search engine isnt worth much if the results it produces lead users to malware. An obvious statement no doubt, but one Microsoft kept in mind with its new `Bing search engine. Following the footsteps of other search engines, Bing may not break new ground when it comes to security, but it doesn...

Cyber-Security Should Not Limit Enterprise Privacy

NEWS ANALYSIS: Cyber-security is a hot-button issue on Capitol Hill right now. And as President Obama unveils his direction going forward, it is enterprise privacy that could take the biggest hit.
- President Barack Obama unveiled a cyber-security plan last week that he hopes will ensure the United States is kept secure from cyber-threats going forward. He plans to find a cyber-security coordinator to oversee those efforts. The cyber-security plan will revolve around a few key initiatives....

FTC Sues, Shuts Down N. Calif. Web Hosting Firm

In U.S. Government

In an unprecedented move, the Federal Trade Commission has taken legal steps to shut down a Web hosting provider in Northern California that the agency says was directly involved in managing massive global spam operations. Sometime on Tuesday, more than 15,000 Web sites connected to San Jose, Calif., based Triple Fiber Network (3FN.net) went dark. 3FN's sites were disconnected after a Northern California district court judge approved an FTC request to have the company's upstream Internet providers stop routing traffic for the provider. In its civil complaint, the FTC names 3FN and its various monikers, including Pricewert LLC -- the business entity named on the 3fn.net Web site registration records. The FTC alleges that Pricewert/3FN operates as a "'rogue' or 'black hat' Internet service provider that recruits, knowingly hosts, and actively participates in the distribution of illegal, malicious, and harmful content," including botnet control servers, child pornography and rogue antivirus

Brief: Microsoft warns of DirectX attacks

Microsoft warns of DirectX attacks

Cyber Security Coordinator

By Richard Bejtlich

The article Obama's likely pick for cybersecurity head remains murky by Doug Beizer and Alice Lipowicz in FCW caught me off guard:


There is surprisingly little buzz circulating about who President Barack Obama might choose to lead cybersecurity policy.

FTC shuts allegedly rogue Internet provider (AP)

In technology

AP - The federal government has severed the Internet connection of a company accused of helping criminals serve up a "witches' brew" of nasty content online, from computer viruses to child pornography.

Botnet, spam provider unplugged at FTC's request (Reuters)

In technology

Reuters - An Internet service provider with links to Eastern Europe has been unplugged after it was suspected of being behind computer intrusions at NASA and sending massive amounts of malicious spam, the Federal Trade Commission said on Thursday.

Court Shuts Down 'rogue' ISP After FTC Complaint (PC World)

In technology

PC World - A U.S. judge has ordered that an Internet service provider be shut down after the U.S. Federal Trade Commission complained that the company recruits and hosts spammers, child pornographers and other criminals.

June 2009 Advance Notification

By MSRCTEAM

Advance Notification for the June 2009 Security Bulletin Release

Today, we published our Advance Notification indicating that next Tuesday, June 9 at 10:00 a.m. PDT (UTC -8), we will be releasing a total of 10 security bulletins consisting of:

· Six updates affecting Windows. Two Critical, three Important, and one Moderate.

· One Critical update affecting Internet Explorer.

· One Critical update affecting Word.

· One Critical update affecting Excel.

· One Critical update affecting Office.

You may have noticed that we are not announcing an update for the DirectShow vulnerability addressed in Security Advisory 971778. Our security teams are working hard on a security update that addresses this issue to protect customers, but we do not yet have an update that has reached the appropriate level of quality for broad distribution. We continue to monitor the situation closely and suggest customers follow the guidance provided in the advisory. This includes the “Fix It For Me” solution in the associated Knowledge Base article, which provides a quick and easy workaround to protect customers from possible attacks. If this doesn’t work in your environment, please reference the KB article for several other possible workarounds.

In addition to the new bulletins, we will also release updates for the remaining affected products in security bulletin MS09-017. In May, we released this bulletin with updates for the Windows platform due to active attacks and available updates for the entire platform to protect customers immediately. Updates for affected versions of Office for Mac and Microsoft Works had not yet reached the quality bar for release but will be ready to go on Tuesday. For more information on this decision, please reference last month’s MSRC and SRD blogs.

On release day, look for additional information on both this blog and the Security Research and Defense blog.  If you have questions or would like more information about this month’s release, please plan to attend our regularly scheduled security bulletin webcast on Wednesday, June 10, 2009, at 11:00 a.m. PDT (UTC –7). Click HERE to register.  

As always, this preliminary information is subject to change.

Thanks!

Jerry Bryant

Feds Shutter Black Hat ISP

By David Kravets

For the first time, U.S. officials shutter a rogue ISP that knowingly hosts botnets, phishing scams and child porn.

Is Hacking Threat To Nation Overblown?

By Ryan Singel

Are hackers really the newest threat to national security or are the current stories in the media just hype designed to sell papers and increase government budgets? A panel of experts at the Computers, Freedom and Privacy conference in D.C. tries to figure it out.

Oh, You Vulnerable Twit! Why Twitter Needs Security

The phenomenon known as Twitter continues to grow at a rapid pace. Here's why you need to beware of "twishing"—that would be Twitter phishing—and other Twitter security issues.

FTC Shutters Nefarious Underworld ISP

FTC says company actively recruited and colluded with criminals seeking to distribute everything from child pornography to spyware and viruses.

Hackers Claim $10,000 Prize for Breaking Into StrongWebmail

Hackers are caliming to have won a $10,000 prize for hacking secure mail provider StrongWebmail.

US Gov't Knocks Out Black Hat ISP

Score one for the good guys: The FTC today announced it has taken down a California-based service that helped distribute malware, child porn and spam.

Court Shuts Down 'rogue' ISP After FTC Complaint

A U.S. court has ordered the shutdown of an ISP for allegedly hosting spammers and other criminals.

RIM Patches BlackBerry PDF Flaw

Research in Motion has issued a new security patch for BlackBerry Enterprise Server to fix vulnerabilities in its PDF distiller program.

Cybercriminals Refine Data-sniffing Software for ATM Fraud

Cybercriminals are improving a malcious software program that can be installed on ATMs and steal card data, according to security vendor Trustwave.

Judge Dismisses NSA Wiretap Civil Liberties Suits

A federal judge on Wednesday threw out 46 civil lawsuits filed against telecommunications companies for allowing the NSA to probe their networks.

No comments:

Post a Comment

My Blog List