Bromium Labs today released their report on cyber-attack landscape in the first half of 2014. Microsoft Internet Explorer had the most number of reported vulnerabilities and also in the publicly reported exploits. As the most used browser in the market,Internet Explorer was the most patched and most exploited product in 2014. They also reported that Internet Explorer 11 was released late last year and security patches seem to have emerged rather quickly, compared to its predecessors. Almost all Internet Explorer memory corruption exploits now use de facto ROP (Return Oriented Programming) techniques for bypassing the default Operating System security mechanisms (ASLR, DEP). Also, both the IE zero days exploits leveraged ‘Action Script Spray’ technique to bypass ASLR. You can download the full report here. via: Betanews ...

Read More →

Today, Bloomberg reported that Microsoft is in talks to acquire Israel-based security startup Aorato Ltd. They also reported that deal was worth around $200 million and could close within the next two months. Its investors include Accel Partners, Glilot Capital Partners, Innovation Endeavors and few others. Aorato’s security products protects your organization and Active Directory by automatically learning, profiling and predicting entity behavior. Aorato’s Directory Services Application Firewall (DAF™) protects Active Directory and leverages its central role in the network to secure organization from advanced targeted attacks. Nowadays, attackers compromise all types of entities (non-privileged and privileged users, devices, servers, etc.) in order to gain a foothold into the network. It is not enough anymore to track only privileged accounts to protect the organization against advanced attacks. DAF introduces a new approach. DAF detects suspicious activities through learning, profiling and predicting entities’ behaviors. Source: WSJ   ...

Read More →

As part of patch Tuesday updates, Microsoft yesterday fixed over 29 different vulnerabilities in Windows. Microsoft released the following summary that lists security bulletins released for July 2014. With the release of the security bulletins for July 2014, this bulletin summary replaces the bulletin advance notification originally issued July 3, 2014. Bulletin ID Bulletin Title and Executive Summary Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software MS14-037 Cumulative Security Update for Internet Explorer (2975687) This security update resolves one publicly disclosed vulnerability and twenty-three privately reported vulnerabilities in Internet Explorer. The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those ...

Read More →

As Microsoft announced last year, Microsoft is today expanding encryption across their services in an effort to reinforce legal protections for their customers’ data. All Outlook.com emails are now encrypted like how Office 365 e-mail works already. This will provide even greater protection for user’s data across all the great Microsoft services that you depend on every day. First, Outlook.com is now further protected by Transport Layer Security, or TLS, encryption for both outbound and inbound email. This means that when you send an email to someone, your email is encrypted and thus better protected as it travels between Microsoft and other email providers. Of course, this requires their email service provider to also have TLS support. Over the past six months, we have been working across the industry to further protect and help ensure your mail remains protected. This includes working closely with several international providers throughout our implementation, ...

Read More →

Microsoft has recently named two foreign nationals, Mohamed Benabdellah and Naser Al Mutairi, and a U.S. company, Vitalwerks Internet Solutions, or their involvement in in creating, controlling, and assisting in infecting millions of computers with malicious software running old Windows versions. We’re taking No-IP to task as the owner of infrastructure frequently exploited by cybercriminals to infect innocent victims with the Bladabindi (NJrat) and Jenxcus (NJw0rm) family of malware. In the past, we’ve predominately seen botnets originating in Eastern Europe; however, the authors, owners and distributors of this malware are Kuwaiti and Algerian nationals. The social media-savvy cybercriminals have promoted their wares across the Internet, offering step-by-step instructions to completely control millions of unsuspecting victims’ computers to conduct illicit crimes—demonstrating that cybercrime is indeed a global epidemic. Read full post on The Official Microsoft Blog. ...

Read More →

Microsoft usually alerts users to provide them with an overview of the new security bulletin(s) being released on each month via email. Security bulletins are released monthly to resolve critical problem vulnerabilities. Microsoft has recently sent an email to Security Bulletin subscribers that they are going to suspend the use of email notifications and recommends RSS feeds to users. Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: Security bulletin advance notifications Security bulletin summaries New security advisories and bulletins Major and minor revisions to security advisories and bulletins In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications ...

Read More →

Microsoft has recently released an update to the Microsoft update/Windows update client with security enhancements. It also include further hardening of infrastructure used by WU/MU client and a more secure communication channel between WU/MU Client and Service. You can read more about the changes in WU/MU at KB 2887535. The update is applicable to Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows 8, Windows RT, Windows Server 2012 and the rollout will begin today. Similar to past updates, this update will be automatically installed if Automatic Updates is turned ON, either set to automatically install updates or notify to download/install updates. As with past updates, this update will not change your current Windows Update or Automatic Updates settings. Anytime Windows Update (or Automatic Updates) is turned ON, either set to automatically install updates or notify to download/install updates, Windows Update will take care of updating itself. ...

Read More →

Microsoft today announced the launch of Interflow, a security and threat information exchange platform for professionals working in cybersecurity. The service is now in private beta. Microsoft wants to eliminate manual processes, rapidly detect and analyze using automated machine-to-machine shared security and threat information, while helping reduce cost of defense. It is built based on the STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CyBox (Cyber Observable eXpression standards) specifications. Interflow enables automated machine-to-machine exchange of security and threat information, using community-driven format and structure specifications. It allows users to create their own sharing communities, and define what to share and with whom. Interflow’s filtering capabilities enable users to create watch lists and prioritize rapid action, instead of manual compilation of data. Through Interflow’s watch lists, customers no longer have to look for needles in a haystack. Organizations and enterprises with dedicated security incident response ...

Read More →

Microsoft yesterday released a security advisory to inform customers that an update to the Microsoft Malware Protection Engine addresses a security vulnerability that was reported to Microsoft.The vulnerability which was reported by Tavis Ormandy of Google Project Zero could allow denial of service if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could prevent the Microsoft Malware Protection Engine from monitoring affected systems until the specially crafted file is manually removed and the service is restarted. The Microsoft Malware Protection Engine ships with several Microsoft antimalware products. Microsoft has now released an update to its Antimalware Engine 1.1.10701.0 and it was released to all Microsoft Security Essentials, Forefront Client Security, Forefront Endpoint Protection, Windows Intune Endpoint Protection, and System Center Endpoint Protection customers on 17 Jun 2014. Signature package 1.177.0.0 is the first that contains this engine. Typically, no action is ...

Read More →

Microsoft has constantly improved Internet Explorer in a rapid pace in the past few years. IE11 is the most standard complaint, faster and more secure IE ever. But the real problem is that two-thirds of all desktop computers are still using older, less secure browsers. To improve this situation, Microsoft is enabling automatic updating ensures that users will always be up-to-date. Also, Microsoft today detailed the security improvements made over the years in IE in the infographic above. Every version of Internet Explorer includes new and improved security protection, building on improvements from the previous version. Below are just a few of the security features added by each major version of Internet Explorer since 2001. These security features and improvements are augmented with updates such as the ones being released this month, to make socially-engineered attacks and browser exploits more difficult on modern versions of Internet Explorer. According to NSS Labs, for ...

Read More →

Microsoft ended support for Windows XP, a decade old OS back in April. Since lots of Chinese Government computers still use Windows XP, they are exposed to security attacks. Last month, Chinese government made a strange move by announcing the ban of Microsoft’s Windows 8 OS in government computers. As per reports, the ban is due to the notice on the use of energy-saving products. The official Xinhua news claimed that it was due to security concerns. There were also reports that Microsoft supporting NSA for spying Chinese computers running Windows XP, etc,. Microsoft has posted the following information on its official Weibo account to clarify on this matter, Microsoft has never assisted any government in an attack of another government or clients. Microsoft has never provided any government the authority to directly visit our products or services. Microsoft has never provided any so-called “Backdoor” into its products or services. ...

Read More →

Microsoft today launched myBulletins, a new online security bulletin customization service that will allow IT professionals a personalized list of the Microsoft security bulletins that matter most to their organization. It is easy to use: simply visit myBulletins, log in to your Microsoft account, select the products and versions running in your environment, and a customized list of only those security bulletins is displayed. To develop myBulletins, we asked if there was anything we could do differently to make applying security bulletins easier. We recognize that not all of the products covered in the monthly security bulletins may be operating in your environment. You shared that you needed the ability to cut through complexity and make decisions quickly. You wanted help identifying the information that is most relevant to your organization. We heard you and acted on your feedback. Starting today, myBulletins will enable you to quickly find security bulletins ...

Read More →

Microsoft Skype team has added two new chat commands for Skype. These new commands can be entered into the message box of Skype from any client. The new /remotelogout and /showplaces commands allows you to control your Skype account login activity from anywhere. Read about it below. Controlling Skype across all your devices with /remotelogout:  The first of the two new chat commands that I want to discuss is /remotelogout. If you’re signed into your Skype account on multiple devices, this new command signs you out on all of them except for the device you enter the command on. When you type /remotelogout in the chat window and press send, you won’t get a confirmation of the command but you will notice its effect on other devices. You can even use it on your mobile if, for example, you exit the office in a hurry and forget to sign out. ...

Read More →

A security research firm has exposed the Outlook.com Android mobile app does not do anything to ensure confidentiality of messages and attachments within the phone filesystem itself. The application we’re discussing here is Outlook.com free email service’s mobile client offered by Microsoft. This app is described as being created by Seven Networks in conjunction or in association with Microsoft (i.e. looks like it was outsourced.) The app allows users to access their Outlook.com email on Android devices. In the course of our research we found that the on-device email storage doesn’t really make any effort to ensure confidentiality of messages and attachments within the phone filesystem itself. After notifying Microsoft (vendor notification timeline is found at the end of this post) they disagreed that our concern was a direct responsibility of their software, in light of similar problems with iOS being deemed a concern by privacy advocates we thought it’d be a good idea to share what we ...

Read More →

Microsoft is releasing patches for all version of Internet Explorer, including those on Windows XP. A major security flaw in Internet Explorer was found being exploited in the wild a few days back. Microsoft is releasing an out-of-band patch on Windows Update at 1PM ET today. General manager of trustworthy computing Adriene Hall released the following statement: Even though Windows XP is no longer supported by Microsoft and is past the time we normally provide security updates, we’ve decided to provide an update for all versions of Windows XP (including embedded), today.  We made this exception based on the proximity to the end of support for Windows XP.  The reality is there have been a very small number of attacks based on this particular vulnerability and concerns were, frankly, overblown.  Unfortunately this is a sign of the times and this is not to say we don’t take these reports seriously.  ...

Read More →

Microsoft, Verizon, and other tech giants have long believed that the United States cannot force a company to hand over data stored outside the United States. Verizon’s chief lawyer Randall Milch publically commented on this issue in February. He said that the company’s view is “simple,” adding: “The U.S. government cannot compel us to produce our customers’ data stored in datacenters outside the U.S., and, if it attempts to do so, we would challenge that attempt in court.” Microsoft’s deputy general counsel David Howard also released a statement on the issue: The U.S. government doesn’t have the power to search a home in another country, nor should it have the power to search the content of email stored overseas. Microsoft’s chief legal counsel warned last December that Microsoft would fight any attempt by governments to seize data not located within their country: “…assert available jurisdictional objections to legal demands when governments ...

Read More →