Do you know the latest information security (infosec) buzz? If not, you’ve found the right weekly vlog. Every Friday we post a short video sharing the latest network and information security highlights for your consideration. Today’s episode comes to you from the beautiful Australian Gold Coast, which is why I’ve had to post it a bit late due to travel.

In this episode I share a few highlights from the AusCERT security conference, update you on the old Google Aurora attack, warn about new vulnerabilities affecting many FPS engines, and much more. If you want to stay abreast of the latest network security news, in eight minutes or less, watch the video below.

As always, you can find more detail about the stories from this week’s episode in the Reference section, as well as a few extras.

(Episode Runtime: 7:41)

Direct YouTube Link: http://www.youtube.com/watch?v=JLbzY_i8TIc

Episode References:

• AusCERT 2013 Security Conference - AusCERT
• Audio recording of HD Moore’s AusCERT presentation - Risky Business
• Chrome 27 security update - Google Chrome Blog
• Apple Quicktime security update - Apple
• Chinese Aurora hackers may have stolen government surveillance info - The Washington Post
• Reporters accused of hacking for Google searches - Ars Technica
• Researchers find flaws in most popular FPS engines - Computer World
• Twitter finally offers two-factor authentication - Tech Crunch
•  

Extras:

• Chinese state-sponsered hackers are still at work - CSO Online
• Syrian Electronic Army hijacks The Telegraph Twitter feed - The Register
  
• NYPD Detective arrested for hacking - Information Week
• DDoS service site claims DDoS are legal - Krebs on Security
• 22 million user IDs stolen from Yahoo Japan - Computer World

— Corey Nachreiner, CISSP (@SecAdept)

WatchGuard is pleased to announce the release of Fireware XTM v11.7.3 and WatchGuard System Manager v11.7.3. This maintenance release includes a large number of bugfixes and some enhancements. For full information on the issues fixed in v11.7.3, see the Resolved Issues section of the Release Notes. Enhancements are outlined in the release notes and also covered in  What’s New in Fireware XTM v11.7.3 [PPT file].

Some of the enhancements include:

• Ability to set the source IP address in Static NAT and server load balancing actions
• Modem support for three USB 3G/4G modems
• Ability to change the port used for connections to a syslog server

There are some notable updates for the new Wireless Access Points and the Gateway Wireless Controller.

• MAC access control whitelist
• Station isolation
• No automatic AP device reboot after AP configuration change

The 11.7.3 release also provides significant improvements in spam detection based on feedback received since the 11.7.2 release. The release notes also provide some guidance on setting appropriate spam threshold settings with for the new Mailshell engine. Some customers have preferred to set the suspect spam threshold to 80 to reduce the amount of legitimate email that gets categorized as suspect spam.

Fireware XTM 11.7.3 enables XTMv support for the Microsoft Hyper-V hypervisor. The virtual appliance (in VHD format) for Hyper-V is not available at initial v11.7.3 release, but will be released in one to two weeks.

Does This Release Pertain to Me?

Fireware XTM 11.7.3 includes many improvements and fixes. If you have a XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 800 Series, 1500 Series, 2500 Series, 1050 or 2050 device and wish to take advantage of the updates mentioned in the Release Notes, you should upgrade to version 11.7.3. Please read the Release Notes before you upgrade to understand what’s involved.

Note: This update does not apply to XTM 21/22/23 appliance owners, or Firebox X e-Series owners.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

• U.S. End Users: 877.232.3531
• International End Users: +1.206.613.0456
• Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller »

Ready for a dose of InfoSec news? Your weekly security highlights reel is spooled up and ready to go.

This week was all about software updates. Not only did Microsoft and Adobe’s monthly Patch Day bring us patches for critical zero day vulnerabilities, but we saw security updates for Firefox and iTunes as well. In today’s video, I talk about all those updates, as well as two new interesting malware variants, and the sentencing and jailing of a team of well-known hackers. View the video for all the details.

A quick note… Next week I’ll be attending the AusCERT security conference in Australia. Though I still expect to bring you a weekly video, I may post it earlier or later than normal due to travel and the time zone differences. Keep safe out there and see you next week.

(Episode Runtime: 7:17)

Direct YouTube Link: http://www.youtube.com/watch?v=gjAx6PdFY0k

Episode References:

• Microsoft Patch Day, May 2013
  • Microsoft May Patch Day Summary - WGSC
  • Microsoft Patches 0day IE vulnerability and more - WGSC
  • Microsoft’s Windows updates for May - WGSC
  • Microsoft’s Office updates for May - WGSC
  • Minor Microsoft Essentials update - WGSC
• Adobe fixes Reader, Flash, and ColdFusion flaws - WGSC
• Mozilla releases Firefox 21 to fix eight vulnerabilities – Mozilla
• Latest version of Apple iTunes fixes 41 vulnerabilities - Apple
• New Mac malware leverages valid developer ID – The Register
• New Dorkbot variant spreads via Facebook chat and MediaFire - PC Magazine
• Four members of Lulzsec sentenced and Jailed – Wired

Extras:

• Linux kernal exploit in circulation - The H Open
• Breaking: Syrian Electronic Army hijacks The Financial Times web site and Twitter - The Register
  
• Auto regulators thinking about car hacking (one of my predictions last year) - Bloomberg
• Cyber fraud campaign discovered targeting Australian banks - ComputerWorld
• Software vulnerabilities found in Skyrim and Fallout 3 (fairly benign, but interesting) - The Inquirer

— Corey Nachreiner, CISSP (@SecAdept)

Summary:

• These vulnerabilities affect: Adobe Reader and Acrobat, Flash Player, and ColdFusion
• How an attacker exploits them: Multiple vectors of attack, including enticing your users to open malicious files or visit specially crafted web sites
• Impact: Various results; in the worst case, an attacker can gain complete control of your computer
• What to do: Install the appropriate Adobe patches immediately, or let Adobe’s updater do it for you.

Exposure:

Yesterday, Adobe released three security bulletins describing vulnerabilities in Reader and Acrobat, Flash Player, and ColdFusion. A remote attacker could exploit the worst of these flaws to gain complete control of your computer. Attackers have been exploiting one of the ColdFusion issues in the wild, so we recommend you patch quickly.

The summary below details some of the vulnerabilities in these popular software packages.

• APSB13-15: Multiple Reader and Acrobat  Memory Corruption Vulnerabilities

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Adobe’s bulletin describes 27 vulnerabilities that affect Adobe Reader and Acrobat X 11.0.2 and earlier, running on any platform (Windows, Mac, Linux).  Adobe’s alert only describes the flaws in minimal detail, but the majority of them involve memory corruption-related vulnerabilities, such as buffer overflows,  integer overflows, use-after-free issues, and so on. For the most part, they share the same scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit many of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Adobe Priority Rating: 2 (Patch within 30 days) for most, though 1 for Windows systems with 9.x and below

• APSB13-14: Multiple Flash Player Memory Corruption Flaws
  

Adobe’s bulletin describes 13 vulnerabilities in Flash Player running on all platforms (including Linux and Android). More specifically, the flaws consist of various memory corruption flaws. If an attacker can lure you to a web site, or get you to open a document containing specially crafted Flash content, he could exploit these flaws to execute code on your computer, with your privileges. If you have administrative or root privileges, the attacker could gain full control of your computer.

Adobe rates these flaws with their highest severity rating for Windows computers, but a lesser severity for Mac and Linux machines.

Adobe Priority Rating: 1 for Windows (Patch within 72 hours)

• APSB13-13: Critical Zero Day ColdFusion Vulnerability Patched

Solution Path:

Adobe has released updates for all their affected software. If you use any of the software below, we recommend you download and deploy the corresponding updates as soon as possible, or let Adobe’s automatic updater do it for you:

• APSB13-15: 
  • Adobe Reader X 11.0.3
    • For Windows
    • For Mac
  • Adobe Acrobat X 11.0.2
    • Standard and Pro for Windows
    • Pro Extended for Windows
    • Pro for Mac
  • Adobe Reader 9.5.4 for Linux
• APSB13-14: Upgrade to the latest Flash Player (11.7.700.202 for Windows)
  • Note: Android users should update via Google Play. Both Chrome and Internet Explorer (IE) 10 have Flash built in. You need to update these browsers separately. Find more details about the IE10 update here.
• APSB13-13: Apply the corresponding ColdFusion hotfix. More details in this Adobe technote.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. However, WatchGuard’s XTM appliances can help in many ways. First, our IPS and AV services are often capable of detecting the malicious Flash or Reader files attackers are actually using in the wild. If you’d like, you can also configure our proxies to block Reader or Flash content. This, however, blocks both legitimate and malicious content. If you do want to block this Flash or Reader via the Web or email, see our manual for more details on how to configure our proxy policies’ content-filtering.

Status:

Adobe  has released patches correcting these issues.

References:

• Adobe Security Update APSB13-13
• Adobe Security Update APSB13-14
• Adobe Security Update APSB13-15

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept)

Along with their nine other Patch Day bulletins, Microsoft released a less significant software update for Windows Essentials; a suite of free and optional  productivity applications for Windows. Essentials consists of a menagerie of applications, including basic photo gallery, blogging, email, instant messenger, and movie editing software. Many of the applications are cloud-based.

In any case, according to one of today’s bulletins, Windows Essentials suffers from a relatively minor information disclosure vulnerability. If an attacker can get a Windows Live Writer (the blogging app) user to click a specially crafted link, he can leverage this flaw to overwrite some of that user’s files. Certainly not a good thing, but also not the worst flaw in the world.

I personally doubt many business user leverage the Essentials suite, so I don’t think this particular issue poses a huge risk to our readers. That said, if you do use the Windows Essentials Live Writer program, then you certainly wouldn’t want to lose content based on this sort of attack. So I would definitely apply Microsoft’s patch, though there’s no rush. You can find more details about the update in the “Affected and Non-Affected Software” section of Microsoft’s bulletin. — Corey Nachreiner, CISSP (@SecAdept)

Summary:

• These vulnerabilities affect: Microsoft Office related products, including Word, Visio, Publisher, and Lync
• How an attacker exploits them: Typically by enticing users to open or interact with maliciously crafted Office documents
• Impact: In the worst case, an attacker can gain complete control of your Windows computer
• What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you.

Exposure:

Today, Microsoft released four security bulletins that fix 14 vulnerabilities in a range of Microsoft Office products, including Word, Visio, Publisher, and Lync. We summarize these four security bulletins below, in order from highest to lowest severity.

• MS13-041: Lync Remote Code Execution (RCE) Vulnerability

 Lync is a unified communications tool that combines voice, IM, audio, video, and web-based communication into one interface. It’s essentially the replacement for Microsoft Communicator. It suffers from an unspecified memory corruption vulnerability that attackers could leverage to execute arbitrary code on your computer. If an attacker can convince one of your users to join a Lync or Communicator session containing specially crafted content, they could execute code on that user’s computer, with that user’s privileges. If you grant users local administrator privileges, the attacker could gain complete control of affected computers. This flaw only affects certain versions of Lync and Communicator. See the “Affected and Non-Affected Software” section of Microsoft’s bulletin for more details.

Microsoft rating: Critical

• MS13-042: Multiple Publisher Memory Corruption Vulnerabilities

Publisher is Microsoft’s basic desktop publishing and layout program, and part of the Office suite. It suffers from eleven memory corruption vulnerabilities. They all differ technically, but share the same scope and impact. By luring one of your users into downloading and opening a malicious Publisher document, an attacker can exploit any of these flaws to execute code on that user’s computer, with that user’s privileges. Again, if your users have local administrator privileges, the attacker gains complete control of their PCs. These flaws affect all versions of Publisher except 2013.

Microsoft rating: Important

• MS13-043 :  Word RCE Vulnerability

Word is the popular word processor that ships with Office. It suffers from a remote code execution (RCE) vulnerability having to do with how it handles Word or RTF documents containing maliciously crafted shape data. By enticing one of your users to download and open a specially crafted document, an attacker could leverage this flaw to execute code on that user’s computer, with that user’s privileges. If you grant users local administrator privileges, the attacker would gain complete control of their machines. The flaw only affects Word and Word Viewer 2003.

Microsoft rating: Important

• MS13-044 : Visio Information Disclosure Vulnerability
  

Microsoft Visio is a popular diagramming program often used to create network diagrams.  Visio suffers from a complex information disclosure vulnerability, involving the way it parses specially crafted XML content. At a high level, XTM documents can contain “external entities;” essentially text or binary data from an external location. If an attacker can entice one of your users into downloading and opening a malicious Visio document (containing XTM content), he can exploit this flaw to read data from files on the victim’s computer. This flaw affects all versions of Visio except 2013.

Microsoft rating: Important

Solution Path:

Microsoft has released Office-related patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network as soon as possible. If you choose, you can also let Windows Update automatically download and install these updates for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find all of Microsoft’s update links:

• MS13-041
• MS13-042
• MS13-043
• MS13-044

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed a signature that can detect and block the Visio Information Disclosure issue:

• EXPLOIT Microsoft Visio XML External Entities Resolution Vulnerability (CVE-2013-1301)

Your XTM appliance should get this new IPS update shortly.

Nonetheless, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS13-041
• Microsoft Security Bulletin MS13-042
• Microsoft Security Bulletin MS13-043
• Microsoft Security Bulletin MS13-044

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Summary:

• These vulnerabilities affect: All current versions of Windows or components often packaged with it (like the .NET Framework)
• How an attacker exploits them: Multiple vectors of attack, including sending specially crafted network traffic or running malicious programs locally
• Impact:  Varies, ranging from a remote Denial of Service (DoS) attack to local attackers gaining complete control of your Windows computer
• What to do: Install the appropriate Microsoft patches as soon as possible, or let Windows Automatic Update do it for you

Exposure:

Today, Microsoft released three security bulletins that describe six vulnerabilities affecting Windows or components related to it (like the .NET Framework). They only rate these bulletins as Important, due to limited impact or mitigating factors. Each of these vulnerabilities affects different versions of Windows to varying degrees. In the worst case, a local attacker could exploit one of these flaws to gain complete control of your Windows PC. We recommend you download, test, and deploy these updates at your earliest convenience.

The summary below lists the vulnerabilities, in order from highest to lowest severity.

• MS13-039: HTTP.sys DoS Vulnerability

The HTTP Protocol Stack (HTTP.sys) is a Windows component that listens for and handles HTTP requests before passing them to a web server like IIS. It suffers from a Denial of Service (DoS) vulnerability having to do with its inability to properly handle HTTP requests with specially malformed headers. By sending a specially crafted HTTP request, a remote attacker can leverage this flaw to cause your system to stop responding. While this sort of DoS attack doesn’t result in any breach or data loss, attackers can leverage it to knock your public web server offline, which could have significant business implications. You should download, test, and deploy Microsoft’s HTTP.sys update as soon as possible.

Microsoft rating: Important

• MS13-040: Multiple .NET Framework Vulnerabilities

The .NET Framework is a software framework used by developers to create custom Windows and web applications. Though it only ships by default with Windows Vista, you’ll find it on many Windows computers. The .NET Framework component suffers from two new security vulnerabilities.

The first issue is an XML digital signature spoofing vulnerability. XML files can contain digital signatures, which .NET applications can use to verify the integrity of XML files (ensuring they haven’t been improperly modified). However, the .NET Framework component (CLR) responsible for validating these signatures doesn’t do it right. As a result, attackers can modify the contents of an XML file without invalidating the signature. The impact of this flaw depends on if and how your custom .NET applications leverage this functionality.

The second issue is an authentication bypass vulnerability. The Windows Communication Foundation (WCF) is essentially a set of .NET APIs that developers can use to make applications that communicate securely with one another. However, WCF suffers from an authentication bypass flaw. By sending specially crafted packets, an attacker could gain unauthenticated access to computers that run WCF services. The impact of this bypass depends on your custom .NET application. If you custom application gives your users access to sensitive data, then in can pose a significant risk. If you install the .NET framework, you should download, test, and install Microsoft’s update as soon as you can.

Microsoft rating: Important

• MS13-046: Kernel-Mode Driver Elevation of Privilege Flaws

The kernel is the core component of any computer operating system. Windows also ships with a kernel-mode device driver (win32k.sys), which handles the OS’s device interactions at a kernel level. The Windows kernel-mode driver suffers from three new local elevation of privilege flaws. They all differ technically, but share the same basic scope and impact. By running a specially crafted program, a local attacker could leverage this flaw to gain complete control of your Windows computers (or cause it to become unstable). However, in order to run his malicious program, the attacker would first need to gain local access to your computer or trick you into running the program yourself, which significantly lessens the severity of this vulnerability.

Microsoft rating: Important

Solution Path:

Microsoft has released Windows and .NET Framework patches that correct all of these vulnerabilities. You should download, test, and deploy the appropriate updates throughout your network immediately. If you choose, you can also let Windows Update automatically download and install them for you.

The links below point directly to the “Affected and Non-Affected Software” section of each bulletin, where you can find links to the various updates:

• MS13-039
• MS13-040
• MS13-046

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent some of these types of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed signatures that can detect and block a few of the issues described above, including:

• WEB Microsoft Windows 2012 Server HTTP.sys Denial of Service Vulnerability (CVE-2013-1305)
• EXPLOIT Microsoft XML Digital Signature Spoofing Vulnerability (CVE-2013-1336)

Your XTM appliance should get this new IPS update shortly.

However, attackers can exploit some of these flaws in other ways, including by convincing users to run executable files locally. Since your gateway appliance can’t protect you against local attacks, we still recommend you install Microsoft’s updates to completely protect yourself from these flaws.

Status:

Microsoft has released patches correcting these issues.

References:

• Microsoft Security Bulletin MS13-039
• Microsoft Security Bulletin MS13-040
• Microsoft Security Bulletin MS13-046

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

What did you think of this alert? Let us know at your.opinion.matters@watchguard.com.

Summary:

• These vulnerabilities affect: Internet Explorer (IE) versions 6 – 10
• How an attacker exploits them: Typically, by enticing one of your users to visit a web page with malicious content
• Impact: In the worst case, an attacker can execute code on your user’s computer, often gaining complete control of it
• What to do: Install Microsoft’s IE updates immediately, or let Windows Automatic Update do it for you

Exposure:

As part of today’s Patch Day, Microsoft released two security bulletins (MS13-037/MS13-038) describing a dozen new security vulnerabilities that affect all current versions of Internet Explorer (IE). They rate both updates as Critical.

Over the last few months, most of the new flaws affecting IE are what developers call “use after free” vulnerabilities – a type of memory corruption flaw that attackers can leverage to execute arbitrary code. May’s duo of IE bulletins continues this theme, with all but one of the vulnerabilities falling under this class of flaw.

Though these dozen vulnerabilities differ technically, they share the same general scope and impact (with one small exception). If an attacker can lure one of your users to a web page containing maliciously crafted HTML, he could exploit any of these vulnerabilities to execute code on that user’s computer, inheriting that user’s privileges. Typically, Windows users have local administrative privileges, in which case the attacker can exploit these flaws to gain complete control of the victim’s computer. Keep in mind, attackers often hijack legitimate web pages and booby trap them with this sort of malicious code, in what the industry refers to as a “watering hole” attack.

Typically, Microsoft only releases one IE cumulative update a month. However, over the last few weeks attackers have exploited a zero day IE8 vulnerability in the wild—most notably against the Department of Labor (DoL) web site. We talked about this exploit in last week’s security video. Although Microsoft had released a temporary “FixIt” to mitigate this serious vulnerability, today’s second IE bulletin (MS13-038) rectifies the issue more completely. Attackers are still exploiting this flaw in the wild. They’ve worked it into their underground exploit toolkits, and even the popular Metasploit framework contains a public version of the exploit. We highly recommend you install both of Microsoft’s IE updates immediately (after testing, of course).

If you’d like more technical detail about any of these flaws, see the “Vulnerability Information” section in both of Microsoft’s bulletins (MS13-037/MS13-038).

Solution Path:

You should download, test, and deploy the appropriate IE updates immediately, or let Windows Automatic Update do it for you. You can find links to the various IE updates in the “Affected and Non-Affected Software” section of Microsoft’s IE security bulletins:

• MS13-037
• MS13-038

For All WatchGuard Users:

WatchGuard’s Gateway Antivirus and Intrusion Prevention services can often prevent these sorts of attacks, or the malware they try to distribute. For instance, our IPS signature team has developed signatures that can detect and block many of the “use after free” vulnerabilities described in Microsoft’s alert:

• WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-2551)
• WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1309)
• WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1311)
• WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1312)
• WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1307)
• WEB-CLIENT Microsoft Internet Explorer Use After Free Vulnerability (CVE-2013-1308)
• WEB-CLIENT Microsoft Internet Explorer JSON Array Information Disclosure Vulnerability (CVE-2013-1297)

Your XTM appliance should get this new IPS update shortly.

Furthermore, our Reputation Enabled Defense (RED) and WebBlocker services can often prevent your users from accidentally visiting malicious (or legitimate but booby-trapped) web sites that contain these sorts of attacks. Nonetheless, we still recommend you install Microsoft’s updates to completely protect yourself from all of these flaws.

Status:

Microsoft has released patches to fix these vulnerabilities.

References:

• MS Security Bulletin MS13-037
• MS Security Bulletin MS13-038

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

According to their summary post, Microsoft released ten security bulletins today, fixing around 33 security vulnerabilities in many of their popular products. The affected software includes Internet Explorer (IE), Windows and related components, products from the Office suite (Word, Visio, and Publisher), Lync, and Windows Essentials. Microsoft rates the IE updates as Critical, and the rest as Important.

As I mentioned earlier, today’s theme definitely centers around IE. Last week’s security video covered how attackers have recently been exploiting a zero day IE8 vulnerability in the wild—most notably against the Department of Labor web site. One of today’s updates completely fixes this serious flaw. The other IE update continues to fix more “use after free” vulnerabilities, a class of memory corruption flaws that researchers and attackers have focused on lately. I highly recommend you install today’s IE updates immediately, then follow with the Windows and Office updates.

As an aside, Microsoft also released or updated four security advisories today. One of the updates has to do with one of today’s bulletins, but the other three are new. Once you’re finished handling today’s patches, you should check out Microsoft’s security advisory page as well.

We’ll share more details about today’s bulletins in upcoming alerts. Until then, feel free to check out Microsoft’s May bulletin summary.  — Corey Nachreiner, CISSP (@SecAdept)

Are you an over-worked IT administrator with no time to learn about the latest internet threats? Do you want to keep your network safe, but don’t know what the bad guys are up to? If that’s you, then our weekly information security highlights video is just the thing for you. For just three easy payments of… well, nothing… you can have all that and more!

Today’s episode covers Syrian cyber attackers hijacking The Onion’s twitter feed, a serious zero day vulnerability affecting Internet Explorer 8 (IE8), a major cyber bank heist, and more. For all the details, and some tips to protect yourself, watch the video below or check out the stories in the Reference section.

Have a great weekend.

(Episode Runtime: 7:46)

Direct YouTube Link: http://www.youtube.com/watch?v=hdN9YMjKTXM

Episode References:

• Microsoft releases FixIT for IE8 0day - Microsoft
• Patch day advanced notification for May - Microsoft
• The Onion’s twitter feed hacked – NYTimes
• Darkleech attack now affects nginx and lighthttpd - The Register
• Crime gang steals 45mil in huge cyber bank heist – NYTimes

Extras:

• Hacking group gains access to .edu domains - The H Security
• Suspect SpyEye author extradited to US - Naked Security
  
• Anonymous’ so called OpUSA project an epic fail - eWeek
• “Honeywords” may help protect password databases - Ars Technica
  
• Name.com discovers a security breach - The Next Web
• Researchers find security flaws in Google’s “smart building” system - Cylance blog
• Critical 0day Cold Fusion exploit in the wild - InfoWorld

— Corey Nachreiner, CISSP (@SecAdept)