[IS&T Security-FYI] SFYI Newsletter, November 22, 2011

[Monique Yeaton]

In this issue:

1. Spam Traffic Hits Record High
2. Apple Issues Updates to Safari
3. Adobe Patches Critical Reader and Acrobat Flaws


------------------------------------------
1. Spam Traffic Hits Record High
------------------------------------------

In the third quarter of this year, spam of all types represented an average of 82.3 percent of all email traffic and malicious spam surged to a record high of 4.6 percent of all email, up from 1.9 percent last quarter, according to a report from security software vendor Kaspersky Lab.

Kaspersky Lab and other security software vendors are warning Internet users to be on the lookout for a variety of increasingly sophisticated malware traps that will use the upcoming holiday season to lure people into clicking on the tainted links. Similar scams using Facebook, eBay and Apple gift cards are among the most successful and damaging malware campaigns this quarter.

One highly used scam is the spoofing of web addresses. An email is used with an html attachment, which if clicked, takes the user to a bogus bank or e-payment site that asks for log-in credentials and other personal information. Those who fall for it end up having their most sensitive data forwarded to cybercrooks that attempt to steal their funds. What makes the scam hard to recognize is that the browser does not show the true web address to which the user will be redirected, but shows a fake address that looks just like the official website's address. The Anti-Phishing Working Group has recently identified more than 126,000 fake websites created solely for the purpose of snaring unsuspecting users' banking information.

The best advice is to never click on attachments in emails that come from an unknown address. Also, legitimate businesses will NEVER send an email with an attachment. If there is a link embedded in the body of the email, don't click on it. Instead, type the official URL of the business in your browser's address bar. If you have any doubts as the legitimacy of an email, check with the business by calling their customer service phone number.

Read the story in the news: <http://www.esecurityplanet.com/features/article.php/3913116/article.htm>


------------------------------------------
2. Apple Issues Updates to Safari
------------------------------------------

Apple has fixed 27 vulnerabilities in its Safari web browser for Mac OS X and Windows. 

Systems affected:

Safari 5.0.3 and earlier for Windows and Mac OS X 10.5 or later
Safari 4.1.2 and earlier for Mac OS X 10.4

Twenty-four of the flaws could allow an attacker to remotely execute code on a targeted system. The patched WebKit items include components to handle images, scroll bars and editing commands. Other flaws include possible data disclosure vulnerabilities in the handling of JavaScript information, and a flaw in the handling of images which could allow a third party to view image data.

Users are urged to upgrade to Safari version 4.1.3. for Mac OS X 10.4 or version 5.0.3 for Mac OS X 10.5 and 10.6 or Windows computers. Users can obtain the patch through Apple's Software Update tool or from the Apple Downloads page.

Read the story in the news: <http://reviews.cnet.com/8301-13727_7-20023278-263.html>


-------------------------------------------------------------------
3. Adobe Patches Critical Reader and Acrobat Flaws
-------------------------------------------------------------------

Adobe released another out-of-band patch to fix critical flaws in Reader and Acrobat last week. 

Systems affected:

Adobe Reader 9.4 and earlier
Adobe Acrobat 9.4 and earlier

The flaws could cause the application to crash or, more seriously, allow hackers to take control of the affected systems. The out-of-band updates also resolve a memory corruption vulnerability that could lead to code execution. The Reader flaw has been known about since the end of October and had already been exploited in the wild.

Read the story in the news: <http://www.computerworld.com/s/article/9196818/Adobe_patches_under_attack_Reader_bug>

===========================================================================================

To read all current and archived articles online, visit the Security-FYI Blog at <http://securityfyi.wordpress.com/>


Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20101122/f4a653f1/attachment.htm