[IS&T Security-FYI] SFYI Newsletter, June 25, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Jun 25 17:04:13 EDT 2012
In this issue:
1. Microsoft XML Vulnerability
2. AutoCAD Worm
3. What is Smishing And Why Should You Care?
--------------------------------------
1. Microsoft XML Vulnerability
--------------------------------------
Attackers are actively exploiting a vulnerability in Microsoft XML Core Services (MSXML) 3.0, 4.0, and 6.0. The flaw was disclosed earlier this month when Microsoft issued its scheduled security update. The company did not provide a patch, but did suggest workarounds<http://technet.microsoft.com/en-us/security/advisory/2719615>, including a "Fix it" solution<http://support.microsoft.com/kb/2719615> to prevent the flaw from being exploited on user's computers.
The flaw, which is exploited through Internet Explorer (IE), is particularly dangerous because users need only visit compromised websites to become infected. At least two compromised sites have been detected<http://www.computerworld.com/s/article/9228301/Unpatched_Microsoft_XML_Core_Services_flaw_increasingly_targeted_in_attacks_researchers_say>: an aeronautical parts supplier and a medical company. Both are European companies.
-----------------------
2. AutoCAD Worm
-----------------------
A worm that steals AutoCAD drawings has been detected. The industrial espionage malware has appeared mainly in Peru and neighboring countries where it appears to have infected more than 10,000 computers. The firm that first detected the malware is calling it ACAD/Medre.A; it appears to have stolen tens of thousands of drawings, sending them to an email address registered with a Chinese provider. The email accounts that were being used in the attack have been closed.
Read the story in the news.<http://www.theregister.co.uk/2012/06/21/autocad_worm/>
-------------------------------------------------------------
3. What is Smishing And Why Should You Care?
-------------------------------------------------------------
Smishing is a form of criminal activity using social engineering techniques similar to phishing. The name is derived from "SMS phishing." Similar to phishing, smishing uses cell phone text messages to deliver "bait" to get you to divulge your personal information. The "hook" in the text message may be a web site URL, however, it has become more common to see a phone number that connects to an automated voice response system. If you fall for the bait, the criminal gains access to your financial information.
Learn how to protect yourself from Smishing attacks.<http://netsecurity.about.com/od/secureyouremail/a/Protect-Yourself-From-Smishing-Attacks.htm>
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120625/17244575/attachment.htm
More information about the ist-security-fyi
mailing list