Adobe Releases Security Updates for Flash, ColdFusion

November 19, 2013 Leave a comment

Adobe-LogoAdobe has released security updates for Flash Player and ColdFusion to address four vulnerabilities. The Flash update is available for Windows, Mac, and Linux. According to Adobe, the updates are not related to the recent theft of ColdFusion source code.

Read the full article online.

Filed under software updates Tagged with , , ,

CyptoLocker Ransomware Prevention Tips

November 19, 2013 Leave a comment

An article released by US-CERT outlines the impact of this malware, which surfaced earlier this year, and how users can prevent infections. I have posted the article in the IT Knowledge Base.

If you have any questions about implementing any of the steps listed in the article, please contact your local IT administrator or the IS&T Help Desk.

Read the article.

Filed under cyber threats, Security Tips Tagged with ,

Cyber Monday & Online Shopping

November 19, 2013 Leave a comment

More people are expected to shop online on Cyber Monday than visit stores on Black Friday, according to American Express. The use of mobile devices for online shopping is projected to increase as well.

Whether you’ll be conducting transactions from your desktop, laptop or mobile device, keep these tips in mind to help protect yourself from identity theft and other malicious activity:

  • Secure your computer and mobile device by making sure they are current with all operating system and application updates. Anti-virus software should be installed and running.
  • Use strong passwords. When logging on to your computer or mobile device and when visiting sites or using applications for shopping, use passwords that are not used for other accounts.
  • Use applications with caution. Malware could be downloaded onto seemingly legitimate shopping applications, to steal credit card or other sensitive information.
  • Know your online merchants. Limit your shopping to merchants you know and trust. Go to them by typing in the URL rather than through a search bar. If you are unsure about a merchant, check with the Better Business Bureau or Federal Trade Commission.
  • Consider using an online payment system or credit card. Where available, use online payment services, which keep your credit card information stored on a secure server, and let you make purchases online without revealing your card details to retailers (example: PayPal). When you use a card online, use a credit, not debit card, which are protected by the Fair Credit Billing Act and may reduce your liability.
  • Look for “https” before you click to purchase. The “s” stands for secure and indicates the transaction will be encrypted. A padlock in your browser’s status window is another indicator.
  • Secure your browser. Make sure it is up-to-date with latest security patches. Turn off pop-ups and unwanted ads (some browser plug-ins can suppress ads on web pages). You may also set the browser status to “private,” so that your activity on the Web can not be traced, removing any history and cache information from others who may have access to the same device.
  • Do not use public computers or open wireless networks for your online shopping. Criminals may intercept traffic on public wireless to steal sensitive information. Make sure the settings for your computer or device prevent it from automatically connecting to open wireless spots.
  • Home wireless networks should be secure with authentication requirements and a strong password.
  • Be alert for scams. Cyber criminals try to take advantage of people’s generosity during the holiday season and can use fake charity requests to gain access to your information or computer/device. Think before clicking on emails making these requests. Don’t give your financial information to anyone via email, text or phone, especially when it is unsolicited.

More online shopping assistance can be found at:

Filed under cyber threats, data protection, Security Tips Tagged with , ,

November 2013 Security Updates from Microsoft

November 12, 2013 Leave a comment

MSFT_logo_png

 

 

Today, Tuesday November 12, Microsoft is releasing eight new security bulletins. Three of the bulletins are rated critical. Systems affected:

  • Internet Explorer
  • Windows
  • Office
  • Outlook

It is recommended to accept the updates. MIT WAUS subscribers will receive the updates after they have been tested for compatibility. Installing the bulletins manually will require a restart.

The bulletins will not include a fix for the zero-day threat to Windows. Apparently there is a hole through which criminals can get control of your computer. The flaw is in the way applications handle specially-crafted image files.

Although there is no patch, Microsoft has published a “Fix it tool” that will render your computer immune to this type of attack.

Filed under software updates Tagged with , ,

Follow Up to Adobe Network Breach

November 12, 2013 1 Comment

Adobe-LogoLast month this newsletter announced that the Adobe network had been attacked.

On October 3rd of 2013 hackers broke into Adobe network and stole source code for a range of products, including ColdFusion and Acrobat family of products. The breach also affected what was at that time estimated to be 2.9 million users but later was revised to include at least 38 million users. Adobe said hackers had stolen nearly 3 million encrypted customer credit card records, as well as login data for an undetermined number of Adobe user accounts.

The breach happened in early October but the stolen accounts were not published on the web until early November. The published data includes 10s of millions of accounts with IDs, email addresses, encrypted passwords and more. (Read the full follow-up story.)

If you haven’t done so already, please update the password for your adobe.com account immediately. As an additional precaution, make sure you change any accounts using the same password as your adobe.com account.

If you use a tool such as LastPass for password management, here is an additional tip: The LastPass Security Challenge, located in the Tools menu of the LastPass add-on, will help find any other accounts using the same password as the leaked account. Go to the plug-in > Tools > Security Check.

[Source: LastPass.com]

Filed under cyber threats, data protection, Security in the News Tagged with , ,

Securing the Human’s Video of the Month: Encryption

November 12, 2013 Leave a comment

Basic_securityTo raise awareness, each month SANS offers free access to its Securing the Human training videos. This month’s video is on encryption, one of the key methods to securing data, yet many people do not understand what it is or how it works. It takes less than 2 minutes to watch the video.

If you have extra time, watch a full range of the Securing the Human videos within the MIT Learning Center. 

Filed under Security Tips Tagged with , ,

Results of the ‘Securing the Human’ Prize Giveaway

November 4, 2013 Leave a comment

Basic_security

 

The prize giveaway contest for attendees of the MIT ‘Securing the Human’ online courses has ended, as of noon today (November 4, 2013).

I am happy to announce that we had three winners, selected from the attendees who completed all 5 courses.

1st prize: Carol A. Roberts

2nd prize: Charles J. Hale

3rd prize: Gregory Torrales, Jr.

Thank you to all who have been taking the time to attend the online courses. Please pass along their availability to your MIT colleagues. If you have not yet taken the courses, they are free and available to anyone with an MIT web certificate.

Links and descriptions of the courses are posted here.

Filed under Events, Other, Security Tips Tagged with , ,

Older posts

Follow

Get every new post delivered to your Inbox.

Join 46 other followers