All corporate and home users should ensure critical Windows updates have been successfully installed this month. The ISC provides a great analysis of current exploits and other guidance in summary form. Microsoft Security Updates - August 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-aug Microsoft Security Updates - August 2012 (ISC analysis) https://isc.sans.edu/diary.html?storyid=13900

The ISC is reporting a growing trend in automated malware attacks that gleam Facebook credentials and other private information. Malware Spam harvesting Facebook Information https://isc.sans.edu/diary/Malware+Spam+harvesting+Facebook+Information/13981 QUOTE : A couple years back at our annual RSA "top threat" panels, one of the possible exploits I suggested was the use of social network information for more automated targeted e-mail. At that time, most "spear phishing" was done

Beneficial list of privacy techniques from Facecrooks security Facecrooks Security - 11 tips for Privacy improvements http://facecrooks.com/Internet-Safety-Privacy/11-tips-to-go-private-online.html 1. Be careful on social networks. 2. Use your browser’s private browsing mode. 3. Go beyond private browsing mode with privacy add-ons like DNT+. 4. Use secure browsing (HTTPS) whenever possible. 5. Use multiple email addresses. 6. Google yourself regularly. 7. Hide your IP address with a proxy.

The Zeus botnet is using large money fake bills that closely resemble ATT bills to infect unprotected users New Zeus Botnet uses Fake ATT Billing scam http://securitywatch.pcmag.com/none/301122-fake-at-t-bills-direct-users-to-blackhole-zeus QUOTE : Fake AT&T bills containing malware have hit at least 200,000 consumers , according to Websense. The malicious emails contain the subject line " Your bill is ready to be viewed ." Clicking into it presents the usual AT&T bill notification

Most products did well in latest tests: Most Antivirus Products Improve in Latest AV-Test Report http://securitywatch.pcmag.com/none/300959-most-antivirus-products-improve-in-latest-av-test-report QUOTE : German antivirus testing lab AV-Test.org runs whole-product, dynamic tests on antivirus products constantly and releases a certification report every two months. In this year's March/April test, AhnLab and ESET failed to achieve certification. Both managed to improve for the May/June test; nobody

McAfee has a special series of articles related to security for Windows 8 and it's new application environment. While the operating system itself is very secure, user actions and application security controls present key risks as in other versions of Windows. Below are the first three articles: Windows 8 - McAfee Labs evaluates security http://blogs.mcafee.com/mcafee-labs/windows-8-metro-brings-new-security-risks http://blogs.mcafee.com/mcafee-labs/metro-interface-improves-windows-8-while-increasing

NIST standards provide helpful guidance in the corporate world for development of policies, standards, and procedures. NIST Updates Computer Security Guides http://www.informationweek.com/news/government/security/240004585 QUOTE : The National Institute of Standards and Technology has released updated guidance on how federal agencies and businesses can deal with network attacks and malware. The advice comes in the form of two publications that have been revised to reflect the latest in security best

McAfee Labs, Trend, and other security firms share an awareness of scams and malware attacks using the London Olympics as bait for users to disclose sensitive information or infect their computers with malware. London Olympics 2012 - Scams and Malware attacks circulating http://blogs.mcafee.com/mcafee-labs/scams-surround-london-olympics http://blog.trendmicro.com/more-london-olympics-related-threats/ http://blog.trendmicro.com/relay-race-to-ruin-cybercrime-in-the-olympics/ http://blog.trendmicro

Corporate security teams should evaluate and address the risks associated with any current usage of this protocol. The analysis of the protocol, proof-of-concept cracking approach, and special PICO supercomputer used, make this a fascinating read for security professionals. It requires a sophisticated setup and some time to reconstruct the plain text versions of passwords from the NT Hash for the 3 DES keys. MS-CHAPv2 Protocol compromised with 100% success https://isc.sans.edu/diary/End+of+Days+for

Microsoft has announced a replacement of Hotmail as noted below, re-branding it to use the Outlook user interface. Microsoft HOTMAIL email service to be replaced with special verison of OUTLOOK http://www.marketwatch.com/story/microsoft-replacing-hotmail-with-outlook-2012-07-31 http://www.computerworld.com/s/article/9229828/Microsoft_reboots_Hotmail_to_build_consumer_destination_says_analyst QUOTE: SAN FRANCISCO (MarketWatch) — Microsoft Corp. is replacing Hotmail, its Web-based consumer e