[IS&T Security-FYI] SFYI Newsletter, October 13, 2009
Monique Yeaton
myeaton at MIT.EDU
Tue Oct 13 12:35:06 EDT 2009
In this issue:
1. October 2009 Security Patches
2. FBI Rounds Up Phishing Criminals
3. Microsoft Blocks Hacked Hotmail Accounts
4. Is Phishing Really Declining?
-------------------------------------------
1. October 2009 Security Patches
-------------------------------------------
---- Microsoft ----
Systems affected:
Microsoft Office
Internet Explorer
SQL Server
Windows and Windows Server (all supported versions)
Various Developer Tools and Software
Forefront Security
According to its Security Bulletin Advance Notification for October
2009, Microsoft plans to release 13 security bulletins on Tuesday,
October 13 (today) to address various vulnerabilities. Eight of the
bulletins are rated critical, five are rated important. This is the
largest number of bulletins Microsoft has issued at one time since it
began its scheduled monthly security updates.
For details:
<http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx>
---- Adobe ----
Systems affected:
Adobe Reader
Adobe Acrobat 9.1.3
Adobe is warning that attackers are exploiting an unpatched flaw in
Reader and Acrobat 9.1.3 that could allow them to take control of
vulnerable computers. Adobe plans to issue a fix for the vulnerability
on Tuesday, October 13. Attackers can exploit the flaw by tricking
users into opening maliciously crafted PDF files. The limited targeted
attacks affect users running the vulnerable programs on Windows
machines.
For details:
<http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
>
-----------------------------------------------
2. FBI Rounds Up Phishing Criminals
-----------------------------------------------
In one of the biggest international cybercrime cases, known as
Operation Phish Phry, the FBI and Egyptian authorities managed to net
100 suspects involved in online banking fraud. Defendants are from
California, Nevada and North Carolina, as well as Egypt. They face a
maximum of 20 years in prison for bank fraud, aggravated identity
theft, conspiracy to commit computer fraud, and domestic and
international money laundering.
The phishing scheme used by the criminals siphoned at least $1.5
million from thousands of accounts belonging to Bank of America and
Wells Fargo customers.
The case reflects the disturbing growing trend of international crime
groups recruiting skilled computer hackers with a common greed and
willingness to victimize unsuspecting people. What makes the job of
preventing these crimes difficult is the number of criminals who can
get away with it and the amount of money they can make doing it.
Hopefully the FBI and other international investigative groups will
continue to successfully close in on these criminals and shut them
down, but they still have a lot of work ahead of them.
Read the full story:
<http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301571
>
---------------------------------------------------------
3. Microsoft Blocks Hacked Hotmail Accounts
---------------------------------------------------------
Microsoft has blocked access to all the Hotmail accounts that were
recently compromised. Usernames and passwords for several thousand
accounts were posted to the Internet last week.
Microsoft has indicated it believes the data were obtained through a
phishing attack, but a researcher says that because the attack also
affected Gmail, Yahoo mail, and other accounts, and because so many
accounts were compromised overall, it bears characteristics suggesting
the data were stolen through surreptitiously installed keystroke
logging programs.
It was also found that many of the accounts had weak passwords. The
most popular password was "123456" for example.
Read the full story:
<http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=220301340
>
<http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=220301344
>
----------------------------------------
4. Is Phishing Really Declining?
----------------------------------------
The two stories above seem to be a clear indication that phishing
attacks are still happening in full force.
Recent reports by IBM and Symantec claimed phishing attacks are
decreasing. But according to the CEO of PacketFocus, Joshua Perrymon,
"Phishing attacks are not on the decline. Phishing attacks are
definitely on the rise and will continue to be a problem. One issue is
that people don't know that they are being phished, so most of the
reports will not reflect all the attacks."
Can you recognize a phishing attack? Test your skills with these 2
games:
<http://www.onguardonline.gov/games/phishing-scams.aspx> (this link
goes to an auto-play enabled embedded video)
<http://cups.cs.cmu.edu/antiphishing_phil/new/index.html>
Or with this quiz:
<http://www.sonicwall.com/phishing/>
=
=
=
========================================================================
Find current and older issues of Security FYI Newsletter: <http://kb.mit.edu/confluence/x/ehBB
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
===============================
October is National Cybersecurity Awareness Month.
Stay Safe Online!
Visit http://www.staysafeoneline.org for the latest cybersecurity tips.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091013/585e659a/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091013/585e659a/attachment.bin
More information about the ist-security-fyi
mailing list