[7728] in Security FYI


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[IS&T Security-FYI] SFYI Newsletter, June 10, 2013

daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 10 16:39:47 2013

Resent-From: ist-security-fyi@MIT.EDU
From: Monique Yeaton <myeaton@MIT.EDU>
To: ist-security-fyi <ist-security-fyi@MIT.EDU>
Date: Mon, 10 Jun 2013 20:37:41 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F2F2C8009@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1523967359=="
Errors-To: ist-security-fyi-bounces@MIT.EDU

--===============1523967359==
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2C8009OC11EXPO24excha_"

--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2C8009OC11EXPO24excha_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable


In this issue:


1. June 13: The IT Partners Conference

2. Microsoft Security Updates for June 2013

3. Apple Releases Mac OS X 10.8.4

4. NetTraveler Espionage Malware



-----------------------------------------------------

1. June 13: The IT Partners Conference

-----------------------------------------------------


This coming Thursday, June 13, IT Partners is holding its annual IT Partner=
s Conference, covering wide-ranging topics in network and computer technolo=
gy. As every year, one of the tracks focusses on Security. Those presentati=
ons include:


  *   Security Changes / Security Policies, covering the latest and upcomin=
g technology and policy changes to secure the MITnet infrastructure
  *   Sophos, an overview of the new malware protection software replacing =
McAfee
  *   Securing the Human, a demo and overview of security awareness trainin=
g focussed on end-user protection
  *   The State of MITnet, hosted by Mark Silas, Associate Director of Oper=
ations & Infrastructure
  *   TSM, covering the desktop backup system provided by IS&T


Keynote speaker at the conference is Mike Howard, Vice President of Finance=
 and the closing talk is by Jeff Schiller. Food is provided for registrants=
. If you want to register, now is the time! Register at rsvp-itpartners at =
mit.edu<mailto:rsvp-itpartners@mit.edu>.



----------------------------------------------------------

2. Microsoft Security Updates for June 2013

----------------------------------------------------------


Tomorrow, Tuesday June 11, Microsoft plans to release five security bulleti=
ns<http://technet.microsoft.com/en-us/security/bulletin/ms13-jun> for 23 ne=
wly discovered vulnerabilities in the following systems:


  *   Internet Explorer
  *   Windows and Windows Server
  *   Microsoft Office


It is recommended to accept the updates if you are running Microsoft Window=
s XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, W=
indows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT.


It is also recommended to accept updates if you are using Office 2003, Offi=
ce for Mac 2011 and Internet Explorer 6 through 10.


MIT WAUS subscribers will receive the updates after they have been tested i=
n the MIT environment.


As usual, Microsoft is also releasing an updated version of the Microsoft W=
indows Malicious Software Removal Tool.



------------------------------------------------

3. Apple Releases Mac OS X 10.8.4

------------------------------------------------


[Thanks to Justin Fleming for this update.]


Last week, Apple publicly released Security Update 2013-002 which includes =
OS X 10.8.4 via the Mac App Store.  It addresses 31 security issues. Apple =
has also issued an updated version of its Safari browser (Safari 6.0.5) tha=
t fixes 26 flaws.


Here is Apple's description of this update:


  *   Compatibility improvements when connecting to certain enterprise Wi-F=
i networks
  *   Microsoft exchange compatibility improvements in Calendar
  *   A fix for an issue that prevented FaceTime calls to non-U.S. phone nu=
mbers
  *   A fix for an issue that may prevent scheduled sleep after using Boot =
Camp
  *   Improved VoiceOver compatibility with text in PDF documents


For detailed information about this update, please visit: http://support.ap=
ple.com/kb/HT5730

For detailed information about the security content of this update, please =
visit: http://support.apple.com/kb/HT1222


You can download the security update through the App Store or by using the =
links below:


OS X Lion

=95 Security Update 2013-002 (OS X 10.7 Lion): http://support.apple.com/kb/=
DL1661

=95 Security Update 2013-002 Server (OS X 10.7 Lion): http://support.apple.=
com/kb/DL1662


OS X Snow Leopard

=95 Security Update 2013-002 (OS X 10.6 Snow Leopard): http://support.apple=
.com/kb/DL1660

=95 Security Update 2013-002 Server (OS X 10.6 Snow Leopard): http://suppor=
t.apple.com/kb/DL1663



----------------------------------------------

4. NetTraveler Espionage Malware

----------------------------------------------


Malware known as NetTraveler has infiltrated more than 350 companies in 40 =
countries over the past eight years, according to researchers at Kaspersky =
Lab. The victims of the malware include organizations in the energy industr=
y, military contractors, scientific research facilities and universities.


The malware harvests data, logs keystrokes, and gathers file system listing=
s and Office and PDF documents. The malware gains a foothold in targeted or=
ganizations through spear phishing campaigns and exploits a pair of known v=
ulnerabilities in Microsoft Word. Fixes for the flaws were released in 2010=
 and 2012.


Read the full story in the news online<http://arstechnica.com/security/2013=
/06/espionage-malware-infects-raft-of-governments-industries-around-the-wor=
ld/>.



=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D

Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D



Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security



--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2C8009OC11EXPO24excha_
Content-Type: text/html; charset="Windows-1252"
Content-ID: <165DF5EDFD332D468776F1DB76B33F29@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">In this issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. June 13: The IT Partn=
ers Conference</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Microsoft Security Up=
dates for June 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Apple Releases Mac OS=
 X 10.8.4</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. NetTraveler Espionage=
 Malware</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. June 13: The IT Partn=
ers Conference&nbsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">This coming Thursday, Ju=
ne 13, IT Partners is holding its annual IT Partners Conference, covering w=
ide-ranging topics in network and computer technology. As every year, one o=
f the tracks focusses on Security.
 Those presentations include:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Security Changes / Secu=
rity Policies, covering the latest and upcoming technology and policy chang=
es to secure the MITnet infrastructure
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Sophos, an overvie=
w of the new malware protection software replacing McAfee
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Securing the Human=
, a demo and overview of security awareness training focussed on end-user p=
rotection
</li><li style=3D"margin: 0px; font-family: Helvetica; ">The State of MITne=
t, hosted by Mark Silas, Associate Director of Operations &amp; Infrastruct=
ure
</li><li style=3D"margin: 0px; font-family: Helvetica; ">TSM, covering the =
desktop backup system provided by IS&amp;T
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Keynote speaker at the c=
onference is Mike Howard, Vice President of Finance and the closing talk is=
 by Jeff Schiller. Food is provided for registrants. If you want to registe=
r, now is the time! Register at
<a href=3D"mailto:rsvp-itpartners@mit.edu">rsvp-itpartners at mit.edu</a>.&=
nbsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Microsoft Security Up=
dates for June 2013</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Tomorrow, Tuesday June 1=
1, Microsoft plans to release five
<a href=3D"http://technet.microsoft.com/en-us/security/bulletin/ms13-jun">s=
ecurity bulletins</a> for 23 newly discovered vulnerabilities in the follow=
ing systems:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Internet Explorer </li>=
<li style=3D"margin: 0px; font-family: Helvetica; ">Windows and Windows Ser=
ver </li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft Offi=
ce </li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">It is recommended to acc=
ept the updates if you are running Microsoft Windows XP, Windows Server 200=
3, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, W=
indows 8, Windows Server 2012, and
 Windows RT.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">It is also recommended t=
o accept updates if you are using Office 2003, Office for Mac 2011 and Inte=
rnet Explorer 6 through 10.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">MIT WAUS subscribers wil=
l receive the updates after they have been tested in the MIT environment.</=
p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">As usual, Microsoft is a=
lso releasing an updated version of the Microsoft Windows Malicious Softwar=
e Removal Tool.&nbsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Apple Releases Mac OS=
 X 10.8.4</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">[Thanks to Justin Flemin=
g for this update.]</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Last week, Apple publicl=
y released Security Update 2013-002 which includes OS X 10.8.4 via the Mac =
App Store.&nbsp; It addresses 31 security issues. Apple has also issued an =
updated version of its Safari browser (Safari
 6.0.5) that fixes 26 flaws.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Here is Apple's descript=
ion of this update:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Compatibility improveme=
nts when connecting to certain enterprise Wi-Fi networks
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Microsoft exchange=
 compatibility improvements in Calendar
</li><li style=3D"margin: 0px; font-family: Helvetica; ">A fix for an issue=
 that prevented FaceTime calls to non-U.S. phone numbers
</li><li style=3D"margin: 0px; font-family: Helvetica; ">A fix for an issue=
 that may prevent scheduled sleep after using Boot Camp
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Improved VoiceOver=
 compatibility with text in PDF documents
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For detailed information=
 about this update, please visit:
<a href=3D"http://support.apple.com/kb/HT5730"><span style=3D"color: rgb(4,=
 46, 238); ">http://support.apple.com/kb/HT5730</span></a></p>
<p style=3D"margin: 0px; font-family: Helvetica; ">For detailed information=
 about the security content of this update, please visit:
<a href=3D"http://support.apple.com/kb/HT1222"><span style=3D"color: rgb(4,=
 46, 238); ">http://support.apple.com/kb/HT1222</span></a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">You can download the sec=
urity update through the App Store or by using the links below:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">OS X Lion</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">=95 Security Update 2013=
-002 (OS X 10.7 Lion):
<a href=3D"http://support.apple.com/kb/DL1661"><span style=3D"color: rgb(4,=
 46, 238); ">http://support.apple.com/kb/DL1661</span></a></p>
<p style=3D"margin: 0px; font-family: Helvetica; ">=95 Security Update 2013=
-002 Server (OS X 10.7 Lion):
<a href=3D"http://support.apple.com/kb/DL1662"><span style=3D"color: rgb(4,=
 46, 238); ">http://support.apple.com/kb/DL1662</span></a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">OS X Snow Leopard</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">=95 Security Update 2013=
-002 (OS X 10.6 Snow Leopard):
<a href=3D"http://support.apple.com/kb/DL1660"><span style=3D"color: rgb(4,=
 46, 238); ">http://support.apple.com/kb/DL1660</span></a></p>
<p style=3D"margin: 0px; font-family: Helvetica; ">=95 Security Update 2013=
-002 Server (OS X 10.6 Snow Leopard):
<a href=3D"http://support.apple.com/kb/DL1663"><span style=3D"color: rgb(4,=
 46, 238); ">http://support.apple.com/kb/DL1663</span></a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">4. NetTraveler Espionage=
 Malware</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Malware known as NetTrav=
eler has infiltrated more than 350 companies in 40 countries over the past =
eight years, according to researchers at Kaspersky Lab. The victims of the =
malware include organizations in the
 energy industry, military contractors, scientific research facilities and =
universities.&nbsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">The malware harvests dat=
a, logs keystrokes, and gathers file system listings and Office and PDF doc=
uments. The malware gains a foothold in targeted organizations through spea=
r phishing campaigns and exploits
 a pair of known vulnerabilities in Microsoft Word. Fixes for the flaws wer=
e released in 2010 and 2012.&nbsp;</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://arstec=
hnica.com/security/2013/06/espionage-malware-infects-raft-of-governments-in=
dustries-around-the-world/">Read the full story in the news online</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
 separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments&nbsp;online&nbsp;at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services &amp; Technology (IS&amp;T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>

--_000_3ACED3B2A8CEFB4598A845F07FD4A05F2F2C8009OC11EXPO24excha_--

--===============1523967359==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1523967359==--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[7728] in Security FYI

[IS&T Security-FYI] SFYI Newsletter, June 10, 2013

daemon@ATHENA.MIT.EDU (Monique Yeaton)Mon Jun 10 16:39:47 2013

daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Jun 10 16:39:47 2013
