[IS&T Security-FYI] SFYI Newsletter, June 10, 2013

Mon Jun 10 16:37:41 EDT 2013

In this issue:

1. June 13: The IT Partners Conference

2. Microsoft Security Updates for June 2013

3. Apple Releases Mac OS X 10.8.4

4. NetTraveler Espionage Malware

-----------------------------------------------------

1. June 13: The IT Partners Conference

-----------------------------------------------------

This coming Thursday, June 13, IT Partners is holding its annual IT Partners Conference, covering wide-ranging topics in network and computer technology. As every year, one of the tracks focusses on Security. Those presentations include:

  *   Security Changes / Security Policies, covering the latest and upcoming technology and policy changes to secure the MITnet infrastructure
  *   Sophos, an overview of the new malware protection software replacing McAfee
  *   Securing the Human, a demo and overview of security awareness training focussed on end-user protection
  *   The State of MITnet, hosted by Mark Silas, Associate Director of Operations & Infrastructure
  *   TSM, covering the desktop backup system provided by IS&T

Keynote speaker at the conference is Mike Howard, Vice President of Finance and the closing talk is by Jeff Schiller. Food is provided for registrants. If you want to register, now is the time! Register at rsvp-itpartners at mit.edu<mailto:rsvp-itpartners at mit.edu>.

----------------------------------------------------------

2. Microsoft Security Updates for June 2013

----------------------------------------------------------

Tomorrow, Tuesday June 11, Microsoft plans to release five security bulletins<http://technet.microsoft.com/en-us/security/bulletin/ms13-jun> for 23 newly discovered vulnerabilities in the following systems:

  *   Internet Explorer
  *   Windows and Windows Server
  *   Microsoft Office

It is recommended to accept the updates if you are running Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.

It is also recommended to accept updates if you are using Office 2003, Office for Mac 2011 and Internet Explorer 6 through 10.

MIT WAUS subscribers will receive the updates after they have been tested in the MIT environment.

As usual, Microsoft is also releasing an updated version of the Microsoft Windows Malicious Software Removal Tool.

------------------------------------------------

3. Apple Releases Mac OS X 10.8.4

------------------------------------------------

[Thanks to Justin Fleming for this update.]

Last week, Apple publicly released Security Update 2013-002 which includes OS X 10.8.4 via the Mac App Store.  It addresses 31 security issues. Apple has also issued an updated version of its Safari browser (Safari 6.0.5) that fixes 26 flaws.

Here is Apple's description of this update:

  *   Compatibility improvements when connecting to certain enterprise Wi-Fi networks
  *   Microsoft exchange compatibility improvements in Calendar
  *   A fix for an issue that prevented FaceTime calls to non-U.S. phone numbers
  *   A fix for an issue that may prevent scheduled sleep after using Boot Camp
  *   Improved VoiceOver compatibility with text in PDF documents

For detailed information about this update, please visit: http://support.apple.com/kb/HT5730

For detailed information about the security content of this update, please visit: http://support.apple.com/kb/HT1222

You can download the security update through the App Store or by using the links below:

OS X Lion

• Security Update 2013-002 (OS X 10.7 Lion): http://support.apple.com/kb/DL1661

• Security Update 2013-002 Server (OS X 10.7 Lion): http://support.apple.com/kb/DL1662

OS X Snow Leopard

• Security Update 2013-002 (OS X 10.6 Snow Leopard): http://support.apple.com/kb/DL1660

• Security Update 2013-002 Server (OS X 10.6 Snow Leopard): http://support.apple.com/kb/DL1663

----------------------------------------------

4. NetTraveler Espionage Malware

----------------------------------------------

Malware known as NetTraveler has infiltrated more than 350 companies in 40 countries over the past eight years, according to researchers at Kaspersky Lab. The victims of the malware include organizations in the energy industry, military contractors, scientific research facilities and universities.

The malware harvests data, logs keystrokes, and gathers file system listings and Office and PDF documents. The malware gains a foothold in targeted organizations through spear phishing campaigns and exploits a pair of known vulnerabilities in Microsoft Word. Fixes for the flaws were released in 2010 and 2012.

Read the full story in the news online<http://arstechnica.com/security/2013/06/espionage-malware-infects-raft-of-governments-industries-around-the-world/>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130610/e42d9ddf/attachment.htm