[IS&T Security-FYI] SFYI Newsletter, December 10, 2013
Monique Yeaton
myeaton at MIT.EDU
Tue Dec 10 13:52:37 EST 2013
In this issue:
1. December 2013 Security Updates from Microsoft
2. The Notorious ZeroAccess Botnet Disrupted
3. Widespread Attacks on Online Bankers Predicted
---------------------------------------------------------------------
1. December 2013 Security Updates from Microsoft
---------------------------------------------------------------------
Today, Tuesday December 10, Microsoft is releasing eleven new security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-dec>. Five of the bulletins are rated critical. Microsoft systems affected are:
* Windows operating systems
* Office
* Lync
* Internet Explorer
* Exchange
* Windows Server operating systems
* Developer Tools
It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility. Installing the bulletins manually may require a restart.
This is the last update of the year, finishing the 10th anniversary of Microsoft’s formularized process for security updates. Six of this month’s bulletins close potential remote code execution holes. All Windows platforms are affected, from XP to 8.1 and from Server 2003 to 2012. In addition, this month’s Internet Explorer update covers IE 6 through 11.
--------------------------------------------------------------
2. The Notorious ZeroAccess Botnet Disrupted
--------------------------------------------------------------
According to Microsoft’s official blog<http://blogs.technet.com/b/microsoft_blog/archive/2013/12/05/microsoft-europol-fbi-and-industry-partners-disrupt-notorious-zeroaccess-botnet-that-hijacks-search-results.aspx>, their Digital Crimes unit successfully disrupted a botnet that has impacted millions of innocent people. Microsoft, in conjunction with Europol’s European Cybercrime Center (EC3), the FBI and technology leaders, has taken action against the botnet known as ZeroAccess. The botnet has infected nearly two million computers all over the world and cost online advertisers upwards of US $2.7 million each month.
Read the full story online<http://blogs.technet.com/b/microsoft_blog/archive/2013/12/05/microsoft-europol-fbi-and-industry-partners-disrupt-notorious-zeroaccess-botnet-that-hijacks-search-results.aspx>.
---------------------------------------------------------------------
3. Widespread Attacks on Online Bankers Predicted
---------------------------------------------------------------------
Kaspersky Lab has recorded several thousand attempts to infect computers used for online banking with a malicious program (a Trojan called Neverquest) that its creators claim can attack “any bank in any country.” The Trojan uses every trick to bypass online security banking systems, including web injection, remote system access and social engineering. Due to the Trojan’s self-replication capabilities, Kaspersky Lab is warning that a sharp rise in attacks can be expected, resulting in financial losses for users all over the world.
Read the full story online<http://www.net-security.org/malware_news.php?id=2638>.
=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20131210/9f662ff8/attachment.htm
More information about the ist-security-fyi
mailing list