Microsoft Security Bulletin Summary for June 2014
Published: June 10, 2014
Version: 1.0
This bulletin summary lists security bulletins released for June 2014.
With the release of the security bulletins for June 2014, this bulletin summary replaces the bulletin advance notification originally issued June 5, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
Microsoft is hosting a webcast to address customer questions on these bulletins on June 11, 2014, at 11:00 AM Pacific Time (US & Canada). Register now for the June Security Bulletin Webcast.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Cyber security report accuses another Chinese military unit of hacking
10th June 2014
A private U.S. cybersecurity company on Monday accused a unit of China's military of conducting far-reaching hacking operations to advance the country's satellite and aerospace programs.
Security company CrowdStrike said Shanghai-based unit 61486 of the People's Liberation Army 12th bureau has attacked networks of Western government agencies and defense contractors since 2007.
CrowdStrike said the hacking targeted the U.S. space, aerospace and communications sectors. The cyberspying targeted "popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks," CrowdStrike said.
Less than three weeks ago the U.S. Justice Department took the unprecedented step of unsealing indictments against five members of another People's Liberation Army unit that allege they stole trade secrets.
CrowdStrike said it was publicizing a report previously sent to clients to show that the issue was broader than many realize.
"After the Chinese response, where they basically said this is all fabricated, we said why don't we unleash something that's undeniable," said CrowdStrike co-founder Dmitri Alperovitch. He said the company had briefed U.S. intelligence agencies before publishing its report.
CrowdStrike said an individual named Chen Ping registered website domain names used in some of the intrusions. Chen's personal blog appears to put his age as 35, and he identified himself as a soldier, the report said.
Chen's email is tied to profiles, blogs and forum postings, CrowdStrike said. Among material on those sites was a photo album titled "office" that includes a building CrowdStrike identified as the Shanghai headquarters of the military unit in question.
Chen did not respond to requests for comment sent to the email addresses provided by CrowdStrike.
Soon Hackers May Topple Global Economy
25th May 2014
Within the next five to seven years, as much as $21 trillion in global economic-value creation depends on robust cyber security.This estimate is part of a report prepared by McKinsey & Company. To put that number in context, a report by Bain & Company estimates that GDP will swell to $90 trillion by 2020.
With the figures from the two highly regarded management consulting firms put together, the magnitude of the risk posed by the cyber attack threats truly becomes clear. Using those two figures you could calculate the monetary impact as a percentage of the world’s GDP. That calculation indicates that 23 percent of the global GDP is at risk of cyber attacks and therefore dependent on cyber security!
iHLS – Israel Homeland Security
Given that these numbers are sure to make their way around the executive suite fairly quickly, it would seem to indicate action will be taken. Arguably one of the most impactful actions is the integration of corporate/business strategy with technology strategy and a hybrid physical /cybersecurity strategy.
According to Defense News given what we have seen in recent years, this would be a giant step forward when it comes to reducing this enormous risk! With this reasonably quantified risk, international leaders and organizations like the World Economic Forum must quickly move to address the global threat of cyber attacks and mitigate as best as can be done the economic implications identified above.
Published: June 10, 2014
Version: 1.0
This bulletin summary lists security bulletins released for June 2014.
With the release of the security bulletins for June 2014, this bulletin summary replaces the bulletin advance notification originally issued June 5, 2014. For more information about the bulletin advance notification service, see Microsoft Security Bulletin Advance Notification.
For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications.
Microsoft is hosting a webcast to address customer questions on these bulletins on June 11, 2014, at 11:00 AM Pacific Time (US & Canada). Register now for the June Security Bulletin Webcast.
Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
Cyber security report accuses another Chinese military unit of hacking
10th June 2014
A private U.S. cybersecurity company on Monday accused a unit of China's military of conducting far-reaching hacking operations to advance the country's satellite and aerospace programs.
Security company CrowdStrike said Shanghai-based unit 61486 of the People's Liberation Army 12th bureau has attacked networks of Western government agencies and defense contractors since 2007.
CrowdStrike said the hacking targeted the U.S. space, aerospace and communications sectors. The cyberspying targeted "popular productivity applications such as Adobe Reader and Microsoft Office to deploy custom malware through targeted email attacks," CrowdStrike said.
Less than three weeks ago the U.S. Justice Department took the unprecedented step of unsealing indictments against five members of another People's Liberation Army unit that allege they stole trade secrets.
CrowdStrike said it was publicizing a report previously sent to clients to show that the issue was broader than many realize.
"After the Chinese response, where they basically said this is all fabricated, we said why don't we unleash something that's undeniable," said CrowdStrike co-founder Dmitri Alperovitch. He said the company had briefed U.S. intelligence agencies before publishing its report.
CrowdStrike said an individual named Chen Ping registered website domain names used in some of the intrusions. Chen's personal blog appears to put his age as 35, and he identified himself as a soldier, the report said.
Chen's email is tied to profiles, blogs and forum postings, CrowdStrike said. Among material on those sites was a photo album titled "office" that includes a building CrowdStrike identified as the Shanghai headquarters of the military unit in question.
Chen did not respond to requests for comment sent to the email addresses provided by CrowdStrike.
Soon Hackers May Topple Global Economy
25th May 2014
With the figures from the two highly regarded management consulting firms put together, the magnitude of the risk posed by the cyber attack threats truly becomes clear. Using those two figures you could calculate the monetary impact as a percentage of the world’s GDP. That calculation indicates that 23 percent of the global GDP is at risk of cyber attacks and therefore dependent on cyber security!
iHLS – Israel Homeland Security
Given that these numbers are sure to make their way around the executive suite fairly quickly, it would seem to indicate action will be taken. Arguably one of the most impactful actions is the integration of corporate/business strategy with technology strategy and a hybrid physical /cybersecurity strategy.
According to Defense News given what we have seen in recent years, this would be a giant step forward when it comes to reducing this enormous risk! With this reasonably quantified risk, international leaders and organizations like the World Economic Forum must quickly move to address the global threat of cyber attacks and mitigate as best as can be done the economic implications identified above.
read more at: http://i-hls.com/2014/05/report-soon-hackers-may-topple-global-economy/?utm_source=rss&utm_medium=rss&utm_campaign=report-soon-hackers-may-topple-global-economy&utm_source=Meital&utm_medium=Meital&utm_campaign=RSS
Facebook wants to 'listen' to your music and TV
Facebook wants to 'listen' to your music and TV
23rd May 2014
Facebook is to release a new feature on its mobile app that "listens" to your music and TV shows.
If the song or show is recognised by the app, users can publish the information on their profile or to selected friends.
The service hopes to take advantage of the "second screen" trend, which sees fans of TV shows in particular sharing their experiences on social networks.
However, some users have privacy concerns.
The feature, which will be available in a few weeks' time, uses the microphones inside users' smartphones to detect nearby music or TV shows.
As the user begins writing a status update, a small animated icon will appear at the top of the app.
If the app detects the appropriate audio signals and finds a match from its database, the user can then share what he or she is watching or listening to.
Facebook says the feature can be turned off at any time, the audio recording is not stored anywhere and the device cannot identify background noise or conversations.
"If you share music, your friends can see a 30-second preview of the song. For TV shows, the story in News Feed will highlight the specific season and episode you're watching," Facebook said in a statement.
The company hopes this new method of sharing user listening and watching habits will take advantage of the five billion status updates related to TV and music experiences that the social networking giant sees on a yearly basis.
However, automating part of the sharing process has left some users suspicious, with Nicole Simon commenting on TechCrunch that: "While the idea is nice and technology really interesting, I have no interest in Facebook 'observing' my audio and surrounding. Yes, it starts currently as opt-in, and only on occasion, but there is no trust from my side for even that."
Read more at: http://www.bbc.com/news/technology-27517817
Google 'poised to produce 3D imaging tablet'
23rd May 2014
A tablet computer capable of taking 3D images is set to be put into production by Google, according to reports.
The Wall Street Journal quoted sources close to the company as saying a run of 4,000 devices will be manufactured next month.
The tablet will have two rear-facing cameras and advanced imaging software - and will be shown off at the firm's forthcoming developers' conference.
Google has said it will not comment on "rumour and speculation".
But in March, Google showed off Project Tango, an effort to bring 3D technology to its handheld devices. A prototype smartphone had been given out to 200 developers to try out.
The technology makes use of infrared sensors to measure depth of surroundings.
While the ability to create 3D images with small devices is by no means a new technological feat, Google's strategy will be to harness the hardware to contribute to, among other things, its mapping effort.
For instance, the devices could be used to create quickly a 3D map of indoor environments.
eBay makes users change their passwords after hack
21st May 2014
Auction site eBay is forcing users to change their passwords after a cyber-attack compromised its systems.
The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.
The company added that it had no evidence of there being unauthorised activity on its members' accounts.
However, it said that changing the passwords was "best practice and will help enhance security for eBay users".
The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013.
It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.
Stolen credentials
A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago.
"The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said.
"However, the database did not contain financial information or other confidential personal information.
"Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today."
Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed.
It added that any members who used the same login details used on eBay for other sites should also update them.
EBay has not provided any information about the kind of encryption it used.
One expert said there was still a concern that the hackers might be able to make use of their haul.
"We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant.
"The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams."
If the song or show is recognised by the app, users can publish the information on their profile or to selected friends.
The service hopes to take advantage of the "second screen" trend, which sees fans of TV shows in particular sharing their experiences on social networks.
However, some users have privacy concerns.
The feature, which will be available in a few weeks' time, uses the microphones inside users' smartphones to detect nearby music or TV shows.
As the user begins writing a status update, a small animated icon will appear at the top of the app.
If the app detects the appropriate audio signals and finds a match from its database, the user can then share what he or she is watching or listening to.
Facebook says the feature can be turned off at any time, the audio recording is not stored anywhere and the device cannot identify background noise or conversations.
"If you share music, your friends can see a 30-second preview of the song. For TV shows, the story in News Feed will highlight the specific season and episode you're watching," Facebook said in a statement.
The company hopes this new method of sharing user listening and watching habits will take advantage of the five billion status updates related to TV and music experiences that the social networking giant sees on a yearly basis.
However, automating part of the sharing process has left some users suspicious, with Nicole Simon commenting on TechCrunch that: "While the idea is nice and technology really interesting, I have no interest in Facebook 'observing' my audio and surrounding. Yes, it starts currently as opt-in, and only on occasion, but there is no trust from my side for even that."
Read more at: http://www.bbc.com/news/technology-27517817
23rd May 2014
A tablet computer capable of taking 3D images is set to be put into production by Google, according to reports.
The Wall Street Journal quoted sources close to the company as saying a run of 4,000 devices will be manufactured next month.
The tablet will have two rear-facing cameras and advanced imaging software - and will be shown off at the firm's forthcoming developers' conference.
Google has said it will not comment on "rumour and speculation".
But in March, Google showed off Project Tango, an effort to bring 3D technology to its handheld devices. A prototype smartphone had been given out to 200 developers to try out.
The technology makes use of infrared sensors to measure depth of surroundings.
While the ability to create 3D images with small devices is by no means a new technological feat, Google's strategy will be to harness the hardware to contribute to, among other things, its mapping effort.
For instance, the devices could be used to create quickly a 3D map of indoor environments.
Read more at: http://www.bbc.com/news/technology-27538491
eBay makes users change their passwords after hack
21st May 2014
Auction site eBay is forcing users to change their passwords after a cyber-attack compromised its systems.
The US firm said a database had been hacked between late February and early March, and had contained encrypted passwords and other non-financial data.
The company added that it had no evidence of there being unauthorised activity on its members' accounts.
However, it said that changing the passwords was "best practice and will help enhance security for eBay users".
The California-based company has 128 million active users and accounted for $212bn (£126bn) worth of commerce on its various marketplaces and other services in 2013.
It said it would be contacting users to alert them of the issue via email, its website, adverts and social media.
Stolen credentials
A post on eBay's corporate site said that cyber-attackers accessed the information after obtaining "a small number of employee log-in credentials", allowing them to access its systems - something it only became aware of a fortnight ago.
"The database... included eBay customers' name, encrypted password, email address, physical address, phone number and date of birth," it said.
"However, the database did not contain financial information or other confidential personal information.
"Extensive forensics subsequently identified the compromised eBay database, resulting in the company's announcement today."
Although the firm also owns the PayPal money transfer service, it said that the division's data was stored separately, encrypted and that there was no evidence that it had been accessed.
It added that any members who used the same login details used on eBay for other sites should also update them.
EBay has not provided any information about the kind of encryption it used.
One expert said there was still a concern that the hackers might be able to make use of their haul.
"We all know that given enough time hackers can crack some encrypted password files," said Alan Woodward, an independent security consultant.
"The slightly worrying aspect of this is that the hackers have a nice neat list of personal information, which can be used to steal identities or even help them get around other systems though password reset scams."
