| | Trustworthy Computing | January 2013 | | Microsoft Security Newsletter | | | | | | | Welcome to January's Security Newsletter! | The theme for this month’s newsletter focuses on the evolving threat landscape. At the end of each year, I am often asked by our readers and customers to provide my thoughts on how the threat landscape will change or evolve in the coming year. While this can be very challenging to predict and I am no Nostradamus, there are indicators that stand out based on our security intelligence that can help provide a glimpse into what the future may hold. Here are five predictions on how I believe the threat landscape will evolve in the coming year: - Prediction #1: Criminals will benefit from unintended consequences of espionage.
- Prediction #2: Attackers will increasingly use apps, movies and music to install malware.
- Prediction #3: Drive-by attacks and cross-site scripting attacks will continue to be attacker favorites.
- Prediction #4: Software updating gets easier and exploiting vulnerabilities gets harder.
- Prediction #5: Rootkits will evolve in 2013.
If you are interested in learning more about these predictions, I encourage you to check out the blog post "Using the Past to Predict the Future: Top 5 Threat Predictions for 2013," which takes a deeper dive into each one of these predictions. I encourage you to share your thoughts with us on our Twitter handle @MSFTSecurity.
| | | Best regards, Tim Rains, Director Microsoft Trustworthy Computing | | | | Top Stories | | | | | Software and Service Security and PCI DSS/PA-DSS Learn how the Microsoft Security Development Lifecycle (SDL) helps organizations meet compliance requirements under the financial sector’s Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS). For details on how the SDL helps organizations meet Health Insurance Portability and Accountability Act (HIPAA) Security Rule compliance requirements, click here.
Automated Collective Action and a Safer More Trusted Internet The Internet population is expected to double from over 2 billion users today to more than 4 billion by 2020. This Microsoft Security Blog post explores some ideas about how to apply existing models from the "real world" to improving the overall health and safety of the Internet.
Operating System Infection Rates: Most Common Malware Families by Platform Long term trends indicate that newer operating systems and service packs have lower malware infection rates than older software. Learn about the specific families of threats that are detected most often on Windows 7, Windows Vista, and Windows XP. | | | Security Guidance | | | | | Security Tip of the Month: How to Mitigate Against Targeted Cyber Intrusion Sensitive information, corporate intellectual property, financial information, and private personal data is being lost to cyber intrusions targeted at government agencies and private enterprises. Explore some effective protections that you can put in place without a new investment in technology or personnel.
Hunting Down and Killing Ransomware Scareware, a type of malware that mimics antimalware software, has been around for a decade and shows no sign of going away. In this blog post, Microsoft Technical Fellow Mark Russinovich describes how different variants of ransomware lock the user out of their computer, how they persist across reboots, and how you can use Sysinternals Autoruns to hunt down and kill most current ransomware variants from an infected system.
Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques Explore Pass-the-Hash (PtH) attacks against Windows operating systems, learn how the attack is performed, and get recommended mitigations for PtH attacks and similar credential theft attacks.
Planning for Endpoint Protection in System Center 2012 Configuration Manager Endpoint Protection in Microsoft System Center 2012 Configuration Manager allows you to manage antimalware policies and Windows Firewall security for client computers in your Configuration Manager hierarchy. Explore prerequisites, best practices, and the administrative workflow with this planning guide then learn how to configure Endpoint Protection, alerts, and definition updates.
Security Features in Office 365 and Office 2013 SKUs Quickly determine and compare the security features available in the cloud-based Office 365 SKUs and on-premises Office 2013 SKUs. Looking more information on the newest security features in Office 2013 and Office 365? Check out the Security overview for Office 2013 and the Security in Office 365 white paper. | | | Community Update | | | | | Keeping Your Documents Safe There are a number of technologies that you can use to protect your important documents, whether you’re storing them on your hard drive, storing them in the cloud, or sending them to someone else via email. You’ll find that many of these technologies are built into Microsoft’s operating systems and applications, so you don’t even have to buy or download extra software. | | | Cloud Security Corner | | | | | Running an Endpoint Protection Scan with Windows Intune Windows Intune Endpoint Protection enables quick scans and full system scans to be run automatically or on-demand. A quick scan checks the locations, processes in the memory, and registry files on the hard disk that malicious software, or malware, is most likely to infect. Learn how to initiate an on-demand remote scan or schedule a recurring scan by using Endpoint Protection Policy Agent settings. | | | This Month’s Security Bulletins | | | | | Microsoft Security Bulletin Summary for January 2013
| | January 2013 Security Bulletin Resources: | | | Security Events and Training | | | | | TechNet Webcast: Information about the February 2013 Security Bulletin Release Wednesday, February 13, 2013 Join this webcast for a brief overview of the technical details of February’s Microsoft security bulletins. As the goal is to address your concerns, Microsoft security experts devote most of the webcast to answering your questions.
Security Development Conference May 14–15, 2013 – San Francisco, CA Hear from leading security experts, grow your professional network, and learn how to implement or accelerate the adoption of secure development practices within your organization. This year’s conference is focused on "Proven Practices, Reduced Risk," and will feature an event keynote from Trustworthy Computing Corporate Vice President Scott Charney supported by tracks on Engineering for Secure Data, Security Development Lifecycle & Data Security, and Business Risk & Data Security. Registration is now open; register before March 1, 2013 and save 50% off the onsite registration fee. Seating is limited, so early registration is encouraged | | | | | | | | | | | | microsoft.com/about/twc | Trustworthy Computing | | | | | | This is a monthly newsletter for IT professionals and developers–bringing security news, guidance, updates, and community resources directly to your inbox. If you would like to receive less technical security news, guidance, and updates, please subscribe to the Microsoft Security for Home Computer Users Newsletter.
© 2013 Microsoft Corporation. All rights reserved. Microsoft, MSDN, Windows, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Microsoft respects your privacy. To learn more please read our online Privacy Statement.
If you would prefer to no longer receive this newsletter, please click here.
To set your contact preferences for other Microsoft communications click here.
Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA | | | | | | | |