Here is an abbreviated feed. Regular feed will resume Monday.
May 2008 Monthly Release
Posted Tuesday, May 13, 2008 9:20 AM by MSRCTEAM
This is Tami Gallupe, MSRC Release Manager, and I want to let you know that we just posted our May 2008 Bulletins. We released four bulletins today, which include three bulletins with severity rating of critical and one with the severity rating of moderate. We also re-released MS06-069 to add XP SP3 as an affected version.
Here is a summary of what we released:
MS08-026 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
MS08-027 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution
MS08-028 Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution
MS08-029 Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service
I think it is also worth noting that MS08-026 includes additional security mitigations against attacks as identified in Microsoft Security Advisory 950627. We recommend that customers install the updates provided in both MS08-026 and MS08-028 for the most up to date protection against these types of attacks.
Our Security Vulnerability Research & Defense blog this month discusses MS08-026. You can find a post discussing built-in functionality to turn off the vulnerable parsing code for one of the fixed vulnerabilities at http://blogs.technet.com/swi/archive/2008/05/13/file-block-and-ms08-026.aspx
The FBI says:
Read about our top ten news stories of the week, including the multi-million dollar settlement paid by Lockheed Martin to the U.S., the cyberstalking indictment of a Missouri man, and the indictments of a California mother and son on charges of sex trafficking of a minor.
This information has recently been updated, and is available at http://www.fbi.gov/pressrel/pressrel08/topten_051608.htm.
Five IRS employees charged with snooping at tax records Five employees in a California office of the Internal Revenue service have been charged with illegally accessing files of taxpayers. Read more...
Microsoft ballyhoos Vista's lower patch count
Nation States' Espionage and Counterespionage
An overview of the 2007 Global Economic Espionage Landscape
» full story
NATO to set up cyberwarfare center
Seven NATO countries have signed a deal to create a research center to protect the alliance against cyber crime. The center will be based in the Estonian capital of Tallinn.It will carry out research into computer warfare, and help NATO members respond to any cyber attacks against their networks. The agreement involves the three Baltic nations - Lithuania, Latvia and Estonia - plus Germany, Italy, Spain and Slovakia. The United States will join as an observer.The NATO deal reflects concern across the EU that attacks on the Internet could paralyze civilian and military networks worldwide. Computer specialists from the seven NATO countries involved in the research center will be spending the summer in Estonia preparing to launch the project.The center is due be operational in August, with a formal opening planned for 2009.
Incident Detection, Response, and Forensics: The Basics
How to build an effective cyberincident detection and response mechanism in your organization.
» full story
Non-tech criminals can now 'rent a botnet'
Oklahoma State breach points to ongoing higher-ed security challenges
Oregon man admits selling pirated software on eBay
Study shows software piracy declining in many countries
Study: Comcast, Cox slowing P2P traffic around the clock
Tools circulate that crack Debian, Ubuntu keys
Papa Gino’s Goes Biometric - 5/16/2008 1:50:00 PM Password nightmares led fast food chain to convert to Trusted Computing fingerprint scans
Hackers Sniff Their Way Into Data From Restaurant Chain - 5/14/2008 6:00:00 PM Thieves collected 5,000 credit cards – and hundreds of thousands of dollars – from 11 Dave & Buster's locations
Domestic Spying by US Far Outpaces Actual Terrorism Prosecutions
The number of Americans being secretly wiretapped or having their financial and other records reviewed by the government has continued to increase as officials aggressively use powers approved after the Sept. 11 attacks. But the number of terrorism prosecutions ending up in court -- one measure of the effectiveness of such sleuthing -- has continued to decline, in some cases precipitously. The trends, visible in new government data and a private analysis of Justice Department records, are worrisome to civil liberties groups and some legal scholars. They say it is further evidence that the government has compromised the privacy rights of ordinary citizens without much to show for it. The emphasis on spy programs also is starting to give pause to some members of Congress who fear the government is investing too much in anti-terrorism programs at the expense of traditional crime-fighting. Other lawmakers are raising questions about how well the FBI is performing its counter-terrorism mission.
Domestic spying far outpaces terrorism prosecutions, Los Angeles Times, May 12, 2008.
Posted by EPIC on May 12, 2008.Permanent link to this item. --> -->
Hacker Reveals 6M Chileans' Data
A hacker broke into Chile's government sites mining data from six million people which he then posted on the Internet on two popular servers for several hours, the El Mercurio daily have said. The personal data included names, street and email addresses, telephone numbers, social and educational background, and was taken from Education Ministry, Electoral Service and state-run telephone companies' websites from late Saturday to early Sunday.
Hacker splashes data from six million Chileans on Internet: report, Agence France Presse, May 11, 2008.
Posted by EPIC on May 12, 2008.Permanent link to this item.
http://blogs.washingtonpost.com/securityfix/
Posted at 03:50 PM ET, 05/15/2008
Gov't Secrecy and the Mysterious Cyber Initative
The secrecy surrounding the Bush administration's updated National Cyber Security Initiative -- designed to improve the government's digital defenses and put forth an offensive information warfare doctrine -- is endangering the deterrent value of the project and appears to be aimed chiefly at supporting spying operations abroad, a key U.S. Senate committee concludes in a new report.
The Senate Armed Services Committee said a major thrust of the initiative was to inform our adversaries as to the range of potential consequences of a cyber attack on U.S. strategic or national assets. But so far only three of the 18 goals spelled out in the cyber initiative have been discussed publicly; the rest remain classified.
Legal experts wary of MySpace hacking charges Robert Lemos, 2008-05-16 Federal prosecutors charge the parent who allegedly badgered a girl to suicide with three counts of computer crime, but law experts worry about a dangerous precedent.
MySpace spammers given largest fine in CAN-SPAM history
Two individuals responsible for using MySpace accounts to spam other users failed to show up in court this week to fight the CAN-SPAM charges. The result was a default judgment of $234 million against the dynamic duo—the largest judgment so far in CAN-SPAM history.
May 16, 2008 - 11:40AM CT - by Jacqui Cheng
Safari 'Carpet Bomb' attack information released
Nate McFeters: Nitesh Dhanjani released research potential flaws on the Safari Web browser, and interestingly enough, Apple has decided NOT to fix some of the issues he presented.
Latest Study Confirms Cox Traffic Shaping; Comcast Misleading Again
SQL Injection AttacksMay 7, 2008A mass SQL injection attack has left malicious JavaScript embedded in over 6000 websites.
more
Are You Relaying NDR Spam?
NDR Spam a.k.a. Backscatter has been around for years but has only recently hit the radar as a major spam issue mainly due to the rise of the botnet and spammers desperation to get messages through to the end user.
Microsoft investigates new Internet Explorer zero-day
Dan Kaplan May 16, 2008
A security researcher said he has located a zero-day vulnerability in a printing feature on Internet Explorer that could allow remote attackers to execute malicious code.
Can Charter Broadband Customers Really Opt-Out of Spying? Maybe Not
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment