[IS&T Security-FYI] SFYI Newsletter, May 18, 2009

Monique Yeaton myeaton at MIT.EDU
Mon May 18 12:50:40 EDT 2009 

In this issue:

1. May 2009 Security Updates
2. Event: Boston Tech-Security Conference
3. Search Engines: A New Malware Delivery Technique


--------------------------------------
1. May 2009 Security Updates
--------------------------------------

  ---- Microsoft ----

Microsoft has released updates in the Security Bulletin Summary for  
May 2009 that addresses one critical vulnerability in Microsoft Office  
PowerPoint that could allow remote code execution. Systems affected  
include computers running Microsoft Office suites. The update is now  
approved for deployment via MIT WAUS. The update can also be obtained  
through Microsoft Update, Windows Update, or Office Update, or can be  
downloaded from the Microsoft Download Center <http://www.microsoft.com/downloads/ 
 >.

Read the bulletin in full here:
  <http://www.microsoft.com/technet/security/bulletin/ms09-may.mspx>


  ---- Apple ----

Apple has released Security Update 2009-002 to correct multiple  
vulnerabilities affecting Mac OS X 10.4 and 10.5, Mac OS X Server 10.4  
and 10.5, and the Safari 3 web browser. Attackers could exploit these  
vulnerabilities to execute arbitrary code, gain access to sensitive  
information, or cause a denial of service. Mac users can install the  
2009-002 update via Software Update. Windows users can download Safari  
updates from Apple Downloads <http://support.apple.com/downloads/>.

Read the bulletin in full here:
<http://support.apple.com/kb/HT3549>


  ---- Adobe ----

Adobe has released a security bulletin to address updates for two  
JavaScript vulnerabilities that could allow a remote attacker to  
execute arbitrary code. The upcoming release of this patch was  
announced in last week's SFYI Newsletter. Systems affected include  
Adobe Reader versions 9.1 and earlier and Adobe Acrobat Standard, Pro  
and Pro Extended versions 9.1 and earlier. The update can be obtained  
through Software Updates, Adobe Updater, or from the Adobe downloads  
page.

Windows: <http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows 
 >
Mac: <http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh 
 >'
Unix: <http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix 
 >

Read the bulletin in full here:
<http://www.adobe.com/support/security/bulletins/apsb09-06.html>


-------------------------------------------------------
2. Event: Boston Tech-Security Conference
-------------------------------------------------------

Date/time: Thursday, 4-Jun-2009,  8:15AM - 4:00PM
Location:  The Westin Copley Place, 10 Huntington Avenue, Boston, MA

The Boston Tech-Security Conference brings together private industry,  
government decision makers and technical enthusiasts in the fields of  
Information and Network Security. This conference format will provide  
several interactive high intensity sessions as well as networking  
opportunities.

See the full agenda at:
<http://www.dataconnectors.com/events/2009/06Boston/agenda.asp>


----------------------------------------------------------------------
3. Search Engines: A New Malware Delivery Technique
----------------------------------------------------------------------

Sean-Paul Correll, researcher and security evangelist for Panda Labs  
warns against custom search engines that present valid links but which  
use a redirection script to send all clicks to malware downloads. "The  
link would go to a theoretically valid site, but in fact it redirects  
to wherever they [the hackers] want it to go," he explained. Often  
these search engines install rogue antivirus software, also known as  
scareware, on victims' machines.

Correll said that his lab has seen more binaries (individual pieces of  
scareware) in the first quarter of 2009 than it recorded in all of  
2008. Using sophisticated search engine optimization (SEO) practices,  
the criminals would position these dangerous links in the search  
engines of legitimate Web sites, especially Google.

You won't know you clicked a dangerous link until it's too late. That  
is why it is important to install antivirus software on your computer  
and keep it updated with the latest virus definitions, and to keep  
your browsers updated with the latest patches.

Read the full story here:
<http://www.internetnews.com/security/article.php/3819356/Panda+Security+Beware+Black+Hat+SEO.htm 
 >

To learn more about malware:
<http://web.mit.edu/ist/topics/security/protect/malware.html>




= 
= 
= 
========================================================================

Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB 
 >

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090518/07f7044d/attachment.htm

More information about the ist-security-fyi mailing list