Commerce Bank hacked; says damage limited   10 Oct 2007 13:00 GMT
An attack on a regional U.S. bank was quelled quickly, though not before information on about 20 customers was compromised.

Source: Computerworld

Presidential candidates face phishing threat in '08   10 Oct 2007 13:00 GMT
Presidential candidates seeking contributions online could face a rather specific threat from phishers: Attacks that harvest donors' credit card numbers or divert contributions to an opponent's campaign.

Source: Computerworld

Vendors take giant leap with drive encryption   10 Oct 2007 13:00 GMT
Encryption seems to be the obvious way to prevent data leaks, but because software encryption tools add some delay and some complexity, that option hasn't gained much popularity with users.

Source: Computerworld

Woman ordered to pay for file-sharing will appeal   09 Oct 2007 12:01 GMT
A woman ordered to pay $222,000 to record labels for illegally sharing music files will appeal the case.

Source: Computerworld

MS07-060 - Critical: Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)   09 Oct 2007 08:00 GMT
Bulletin Severity Rating:Critical - This security update resolves a privately reported vulnerability in Microsoft Word that could allow remote code execution if a user opens a specially crafted Word file with a malformed string. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS07-059 - Important: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)   09 Oct 2007 08:00 GMT
Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007. The vulnerability could allow an attacker to run arbitrary script that could result in elevation of privilege within the SharePoint site, as opposed to elevation of privilege within the workstation or server environment. The vulnerability could also allow an attacker to run arbitrary script to modify a user’s cache, resulting in information disclosure at the workstation.
Source: TechNet

MS07-058 - Important: Vulnerability in RPC Could Allow Denial of Service (933729)   09 Oct 2007 08:00 GMT
Bulletin Severity Rating:Important - This update resolves a denial of service vulnerability in the remote procedure call (RPC) facility that exists due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests.
Source: TechNet

MS07-057 - Critical: Cumulative Security Update for Internet Explorer (939653)   09 Oct 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves three privately reported vulnerabilities and one publicly disclosed vulnerability. The vulnerability with the most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS07-056 - Critical: Security Update for Outlook Express and Windows Mail (941202)   09 Oct 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves one privately reported vulnerability. The vulnerability could allow remote code execution due to an incorrectly handled malformed NNTP response. An attacker could exploit the vulnerability by constructing a specially crafted Web page.
Source: TechNet

MS07-055 - Critical: Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)   09 Oct 2007 08:00 GMT
Bulletin Severity Rating:Critical - This critical security update resolves a privately reported vulnerability. A remote code execution vulnerability exists in the way that the Kodak Image Viewer, formerly know as Wang Image Viewer, handles specially crafted images files. This vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet