[2344] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, November 22, 2011
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Nov 22 12:29:16 2010
From: Monique Yeaton <myeaton@MIT.EDU>
Date: Mon, 22 Nov 2010 12:28:21 -0500
Message-Id: <647EFC3E-646B-435E-A861-70C018DC8159@mit.edu>
To: ist-security-fyi@MIT.EDU
Mime-Version: 1.0 (Apple Message framework v1082)
Cc: itss@MIT.EDU
Content-Type: multipart/mixed; boundary="===============1746114803=="
Errors-To: ist-security-fyi-bounces@MIT.EDU
--===============1746114803==
Content-Type: multipart/alternative; boundary=Apple-Mail-8-754572248
--Apple-Mail-8-754572248
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
In this issue:
1. Spam Traffic Hits Record High
2. Apple Issues Updates to Safari
3. Adobe Patches Critical Reader and Acrobat Flaws
------------------------------------------
1. Spam Traffic Hits Record High
------------------------------------------
In the third quarter of this year, spam of all types represented an =
average of 82.3 percent of all email traffic and malicious spam surged =
to a record high of 4.6 percent of all email, up from 1.9 percent last =
quarter, according to a report from security software vendor Kaspersky =
Lab.
Kaspersky Lab and other security software vendors are warning Internet =
users to be on the lookout for a variety of increasingly sophisticated =
malware traps that will use the upcoming holiday season to lure people =
into clicking on the tainted links. Similar scams using Facebook, eBay =
and Apple gift cards are among the most successful and damaging malware =
campaigns this quarter.
One highly used scam is the spoofing of web addresses. An email is used =
with an html attachment, which if clicked, takes the user to a bogus =
bank or e-payment site that asks for log-in credentials and other =
personal information. Those who fall for it end up having their most =
sensitive data forwarded to cybercrooks that attempt to steal their =
funds. What makes the scam hard to recognize is that the browser does =
not show the true web address to which the user will be redirected, but =
shows a fake address that looks just like the official website's =
address. The Anti-Phishing Working Group has recently identified more =
than 126,000 fake websites created solely for the purpose of snaring =
unsuspecting users' banking information.
The best advice is to never click on attachments in emails that come =
from an unknown address. Also, legitimate businesses will NEVER send an =
email with an attachment. If there is a link embedded in the body of the =
email, don't click on it. Instead, type the official URL of the business =
in your browser's address bar. If you have any doubts as the legitimacy =
of an email, check with the business by calling their customer service =
phone number.
Read the story in the news: =
<http://www.esecurityplanet.com/features/article.php/3913116/article.htm>
------------------------------------------
2. Apple Issues Updates to Safari
------------------------------------------
Apple has fixed 27 vulnerabilities in its Safari web browser for Mac OS =
X and Windows.=20
Systems affected:
Safari 5.0.3 and earlier for Windows and Mac OS X 10.5 or later
Safari 4.1.2 and earlier for Mac OS X 10.4
Twenty-four of the flaws could allow an attacker to remotely execute =
code on a targeted system. The patched WebKit items include components =
to handle images, scroll bars and editing commands. Other flaws include =
possible data disclosure vulnerabilities in the handling of JavaScript =
information, and a flaw in the handling of images which could allow a =
third party to view image data.
Users are urged to upgrade to Safari version 4.1.3. for Mac OS X 10.4 or =
version 5.0.3 for Mac OS X 10.5 and 10.6 or Windows computers. Users can =
obtain the patch through Apple's Software Update tool or from the Apple =
Downloads page.
Read the story in the news: =
<http://reviews.cnet.com/8301-13727_7-20023278-263.html>
-------------------------------------------------------------------
3. Adobe Patches Critical Reader and Acrobat Flaws
-------------------------------------------------------------------
Adobe released another out-of-band patch to fix critical flaws in Reader =
and Acrobat last week.=20
Systems affected:
Adobe Reader 9.4 and earlier
Adobe Acrobat 9.4 and earlier
The flaws could cause the application to crash or, more seriously, allow =
hackers to take control of the affected systems. The out-of-band updates =
also resolve a memory corruption vulnerability that could lead to code =
execution. The Reader flaw has been known about since the end of October =
and had already been exploited in the wild.
Read the story in the news: =
<http://www.computerworld.com/s/article/9196818/Adobe_patches_under_attack=
_Reader_bug>
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
To read all current and archived articles online, visit the Security-FYI =
Blog at <http://securityfyi.wordpress.com/>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--Apple-Mail-8-754572248
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=us-ascii
<html><head></head><body style=3D"word-wrap: break-word; =
-webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">In =
this issue:</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Spam Traffic Hits Record High</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">2. Apple Issues Updates to =
Safari</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">3. Adobe Patches Critical Reader and Acrobat =
Flaws</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">1. =
Spam Traffic Hits Record High</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">In the third quarter of this =
year, spam of all types represented an average of 82.3 percent of all =
email traffic and malicious spam surged to a record high of 4.6 percent =
of all email, up from 1.9 percent last quarter, according to a report =
from security software vendor Kaspersky Lab.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Kaspersky Lab and other security =
software vendors are warning Internet users to be on the lookout for a =
variety of increasingly sophisticated malware traps that will use the =
upcoming holiday season to lure people into clicking on the tainted =
links. Similar scams using Facebook, eBay and Apple gift cards are among =
the most successful and damaging malware campaigns this =
quarter.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">One highly used scam is the spoofing of web addresses. An email is =
used with an html attachment, which if clicked, takes the user to a =
bogus bank or e-payment site that asks for log-in credentials and other =
personal information. Those who fall for it end up having their most =
sensitive data forwarded to cybercrooks that attempt to steal their =
funds. What makes the scam hard to recognize is that the browser does =
not show the true web address to which the user will be redirected, but =
shows a fake address that looks just like the official website's =
address. The Anti-Phishing Working Group has recently identified more =
than 126,000 fake websites created solely for the purpose of snaring =
unsuspecting users' banking information.</div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">The best advice is to never click on =
attachments in emails that come from an unknown address. Also, =
legitimate businesses will NEVER send an email with an attachment. If =
there is a link embedded in the body of the email, don't click on it. =
Instead, type the official URL of the business in your browser's address =
bar. If you have any doubts as the legitimacy of an email, check with =
the business by calling their customer service phone number.</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Read the story in the news: =
<<a =
href=3D"http://www.esecurityplanet.com/features/article.php/3913116/articl=
e.htm">http://www.esecurityplanet.com/features/article.php/3913116/article=
.htm</a>></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">2. =
Apple Issues Updates to Safari</div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; =
">------------------------------------------</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Apple has fixed 27 =
vulnerabilities in its Safari web browser for Mac OS X and =
Windows. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Systems affected:</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Safari 5.0.3 and earlier for Windows and Mac OS X 10.5 or =
later</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Safari 4.1.2 and earlier for Mac OS X 10.4</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Twenty-four of the flaws could =
allow an attacker to remotely execute code on a targeted system. The =
patched WebKit items include components to handle images, scroll bars =
and editing commands. Other flaws include possible data disclosure =
vulnerabilities in the handling of JavaScript information, and a flaw in =
the handling of images which could allow a third party to view image =
data.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Users are urged to upgrade to Safari version 4.1.3. for Mac OS X 10.4 =
or version 5.0.3 for Mac OS X 10.5 and 10.6 or Windows computers. Users =
can obtain the patch through Apple's Software Update tool or from the =
Apple Downloads page.</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the story in the news: <<a =
href=3D"http://reviews.cnet.com/8301-13727_7-20023278-263.html">http://rev=
iews.cnet.com/8301-13727_7-20023278-263.html</a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------------------------------------</div=
><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; ">3. =
Adobe Patches Critical Reader and Acrobat Flaws</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">-------------------------------------------------------------------</div=
><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; ">Adobe released another =
out-of-band patch to fix critical flaws in Reader and Acrobat last =
week. </div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Systems affected:</div><div style=3D"margin-top: 0px; margin-right: =
0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div>
<ul style=3D"list-style-type: disc">
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Adobe Reader 9.4 and earlier</li>
<li style=3D"margin: 0.0px 0.0px 0.0px 0.0px; font: 14.0px =
Helvetica">Adobe Acrobat 9.4 and earlier</li>
</ul><div style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: =
0px; margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; ">The flaws could cause the application to crash =
or, more seriously, allow hackers to take control of the affected =
systems. The out-of-band updates also resolve a memory corruption =
vulnerability that could lead to code execution. The Reader flaw has =
been known about since the end of October and had already been exploited =
in the wild.</div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Helvetica; min-height: 17px; "><br></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
">Read the story in the news: <<a =
href=3D"http://www.computerworld.com/s/article/9196818/Adobe_patches_under=
_attack_Reader_bug">http://www.computerworld.com/s/article/9196818/Adobe_p=
atches_under_attack_Reader_bug</a>></div><div style=3D"margin-top: =
0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: =
normal normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; font: normal normal normal =
14px/normal Arial; =
">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Arial; =
min-height: 16px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Arial; ">To read all current and archived =
articles online, visit the Security-FYI Blog at <<a =
href=3D"http://securityfyi.wordpress.com/"><span style=3D"text-decoration:=
underline ; color: =
#3369b5">http://securityfyi.wordpress.com/</span></a>></div><div =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; font: normal normal normal 14px/normal Helvetica; =
min-height: 17px; "><br></div><div style=3D"margin-top: 0px; =
margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal =
normal normal 14px/normal Helvetica; min-height: 17px; =
"><br></div><div><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: medium; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; =
white-space: normal; widows: 2; word-spacing: 0px; =
-webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: =
0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><span class=3D"Apple-style-span" =
style=3D"border-collapse: separate; color: rgb(0, 0, 0); font-family: =
Calibri; font-size: 14px; font-style: normal; font-variant: normal; =
font-weight: normal; letter-spacing: normal; line-height: normal; =
orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; =
widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; =
-webkit-border-vertical-spacing: 0px; =
-webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: =
auto; -webkit-text-stroke-width: 0px; "><div style=3D"word-wrap: =
break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space; "><div><div><div>Monique Yeaton</div><div>IT Security =
Awareness Consultant</div><div>MIT Information Services & Technology =
(IS&T)</div><div>(617) 253-2715</div><div><a =
href=3D"http://ist.mit.edu/security">http://ist.mit.edu/security</a></div>=
<div><br></div><br></div></div><br></div></span><br =
class=3D"Apple-interchange-newline"></span><br =
class=3D"Apple-interchange-newline">
</div>
<br></body></html>=
--Apple-Mail-8-754572248--
--===============1746114803==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1746114803==--
