Hackin9

We had this sent to us today letting us know there will no longer be emails sent by Microsoft for advanced notifications, etc.  Instead people are to use the RSS feeds or other mechanisms.  

********************************************************************
Title: Microsoft Security Notifications
Issued: June 27, 2014
********************************************************************

Notice to IT professionals:

As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following:

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. 

For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at http://technet.microsoft.com/security/dd252948

Not quite sure what legislation changes they might be referring to (haven't seen anything yet). Either way if like me you used to receive these emails, you may no longer and you'll have to subscribe to the RSS feed.  

I couldn't find anything on the Microsoft website (let me know if you can), but when following the links for "sign up for email notification" every page visited only has an RSS or web option, no email.  

Cheers

Mark H  - Shearwater

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Perl 'Email::Address' Module Local Denial of Service Vulnerability
 
A draft U.S. Senate bill aimed at making it easier for organizations to share cyberthreat information poses serious threats to personal privacy, several rights groups said in a letter to Congress on Thursday.
 
Being second isn't good enough for Oracle when it comes to cloud revenue, co-president Mark Hurd told investment analysts this week following the company's fourth-quarter and year-end earnings report.
 
U.S. lawmakers got a report card on Friday: they've been graded by the Electronic Frontier Foundation and other groups on whether they are effectively reining in the National Security Agency's surveillance programs.
 
WordPress TimThumb WebShot Feature Arbitrary Code Execution Vulnerability
 
[SECURITY] [DSA 2969-1] libemail-address-perl security update
 
The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive management, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE). This type of malicious behavior by "privileged users" who have been given broad access to the company's computer assets has captured the attention of CIOs across the country.
 
When Katie Smith interned with Capital One, she expected to spend the summer fetching beverages for her manager -- instead, she started on a career path that led to a full-time IT job at the banking and financial services company.
 
A "unique" breakdown coupled with a previously unknown flaw in Exchange Online caused Tuesday's extensive outage, and to make matters worse, the service disruption alert system also malfunctioned, leaving some affected customers in the dark.
 
Gnew Multiple SQL Injection and Cross Site Scripting Vulnerabilities
 
SAP Enterprise Portal Information Disclosure Vulnerability
 
SAP Solution Manager Diagnostics Agent Code Injection Vulnerability
 
[security bulletin] HPSBMU03056 rev.1 - HP Version Control Repository Manager (HP VCRM) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
 
[security bulletin] HPSBMU03057 rev.1 - HP Version Control Agent (HP VCA) running OpenSSL on Linux and Windows, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Disclosure of Information
 
[security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege
 
Wal-Mart today chopped prices of Apple's iPhone 5S and iPhone 5C to $99 and $29, respectively, with a two-year carrier contract.
 
DataLife Engine Session Fixation Vulnerability
 
It's hard to assess how popular smartwatches will be for business users, or how much of a pain they'll be for IT to support. But don't surprised when they start showing up in the office.
 
Google this week offered a partial answer to Apple's Continuity technology, announcing a system that will let Android-powered smartphones interact with Chrome OS on Chromebooks.
 
Instead of updating products every six weeks, as Google promised at the I/O developer conference, the company might want to slow down and make sure its products and services actually represent what its customers want.
 
LZ4 'lz4.c' Memory Corruption Vulnerability
 
Red Hat sos GRUB Bootloader Password Information Disclosure Vulnerability
 
SAP J2EE Core Service Remote Arbitrary File Access Vulnerability
 
Google Android PRNG Entropy Weakness
 
A rare Android worm that propagates itself to other users via links in text messages has been discovered by security researchers.
 
Makers of YouTube videos will be getting new tools to spruce up their content, including features that will let their fans make donations and submit their own subtitles to the videos.
 
PHP-Fusion 'Authenticate.class.php' SQL Injection Vulnerabilities
 
Linux Kernel '/drivers/media/media-device.c' Local Information Disclosure Vulnerability
 
In a speech Wednesday on the House floor, Rep. Luis Gutierrez (D-Ill.) declared immigration reform dead.
 
Google's Android Studio development environment is available in a beta version that makes it easier to create apps for smartwatches and TVs.
 
HP Service Virtualization CVE-2013-6221 Unspecified Remote Code Execution Vulnerability
 
[SECURITY] [DSA 2968-1] gnupg2 security update
 
[security bulletin] HPSBMU03058 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
 
CFP 1st International Conference on Information Systems Security and Privacy - ICISSP 2015
 
[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution
 
Facebook user data in bulk was sought last year by the New York County District Attorney's office and a court directed it to produce virtually all records and communications for 381 accounts, the company disclosed Thursday.
 
Google has revealed more about how its new enterprise security and management framework -- otherwise known as Android Work -- will function when the next version of Android rolls out.
 
Intel is chasing the lucrative TV market once again by aligning with Google on Android TV despite multiple failed attempts in the past few years.
 
The German government is dropping Verizon Communications as a service provider because of worries about U.S. spying.
 
Oberhumer LZO CVE-2014-4607 Multiple Memory Corruption Vulnerabilities
 

Posted by InfoSec News on Jun 27

http://www.timesofisrael.com/hebrew-wont-stop-hacking-fake-bank-app-shows/

By David Shamah
The Times of Israel
June 26, 2014

Israelis are just as vulnerable as anyone else to hacking and data theft,
and their right-to-left language won’t shield them, experts say, after
discovering a Hebrew version of a dangerous phony bank app

While a Hebrew interface is no guarantee of an app’s safety, said Israeli
security expert Tal Pavel, seeing...
 

Posted by InfoSec News on Jun 27

http://www.csoonline.com/article/2378585/data-protection/airport-breach-a-sign-for-it-industry-to-think-security-not-money.html

By Antone Gonsalves
CSO Online
June 26, 2014

The two U.S. airports that had their computers compromised by an unknown
group of hackers is a wake up call that America's best IT talent needs to
focus less on money and more on national security, an expert says.

The Center of Internet Security (CIS), a...
 

Posted by InfoSec News on Jun 27

http://news.techeye.net/business/security-industry-run-aground

By a staff writer
TecheEYE.net
26 June 2014

The IT security industry is unable to cope with cybercrime and needs to
come up with a better way of protecting customers.

Eugene Spafford, a computer security expert and professor of computer
science at Purdue University, said that the security industry is just
adding layers of defensive technologies to protect systems.

However it...
 

Posted by InfoSec News on Jun 27

http://www.washingtonpost.com/business/capitalbusiness/sourcefire-founder-martin-roesch-shares-lessons-from-building-a-27-billion-business/2014/06/26/bc6e005a-fcb1-11e3-932c-0a55b81f48ce_story.html

By Steven Overly
The Washington Post
June 26, 2014

Martin Roesch founded cybersecurity software firm Sourcefire in 2001 with
the goal of making money on a widely used and freely distributed security
program he had built years earlier called Snort....
 

Posted by InfoSec News on Jun 27

http://www.networkworld.com/article/2401481/android-malware-targets-south-korean-online-banking-customers.html

By Jeremy Kirk
IDG News Service
June 26, 2014

Malicious software that swaps itself for legitimate online banking
applications is striking users in South Korea, with thousands of devices
infected in the last week, according to a Chinese mobile security company.

Cheetah Mobile, formerly known as Kingsoft Internet Security Software,...
 

Posted by InfoSec News on Jun 27

http://www.businessinsider.com/norse-hacking-map-shows-us-getting-hammered-2014-6

By Jeremy Bender
Business Insider
June 26, 2014

U.S.-based computer security firm Norse has released a real-time animated
map that illustrates ongoing cyberattacks around the world. Without a
doubt, the U.S. is getting constantly hammered by hackers.

In just 45 minutes, the U.S. was the victim of 5,840 cyberattacks.

Within that span of time, the U.S. suffered...
 

Posted by InfoSec News on Jun 27

http://techcrunch.com/2014/06/26/secure-messaging-app-wickr-raises-30-million-series-b/

By Sarah Perez
TechCrunch.com
June 26, 2014

Self-destructing and encrypted messaging app Wickr raised $30 million in
Series B funding, the company is announcing today, in a round led by Jim
Breyer, founder and CEO of Breyer Capital, with participation from CME
Group and Wargaming. Breyer will now join the company’s board. The new
round comes on the...
 
Internet Storm Center Infocon Status