[IS&T Security-FYI] SFYI Newsletter, Nov 1, 2010
Monique Yeaton
myeaton at MIT.EDU
Mon Nov 1 14:32:01 EDT 2010
In this issue:
1. IT Partners Luncheon on Data Protection at MIT
2. Risky Trojan Horse for OS X Found
3. Adobe Warns of Flaw in Reader, Acrobat, Flash
----------------------------------------------------------------
1. IT Partners Luncheon on Data Protection at MIT
----------------------------------------------------------------
November 3, 2010, 12pm - 1:30pm, Bush Room 10-105
This lunch time meeting will review the new regulations and laws that
affect the handling and storing of personal data at MIT and what we
can and should do to meet compliance. Members of the IT Security
Systems & Services team, the Department of Undergraduate Education,
and Procurement will introduce a few technical solutions and a new
vendor service currently in use in various areas of the Institute and
talk about how IT administrators and other MIT individuals can do
their part. Lunch is provided.
Please RVSP: rsvp-itpartners at mit.edu if you plan to attend.
------------------------------------------------
2. Risky Trojan Horse for OS X Found
------------------------------------------------
A new Trojan horse malware that affects Mac OS X has been found called
"trojan.osx.boonana.a." It is being disguised as a video link and
distributed through social-networking sites like Facebook. It may have
the text "Is this you in this video?" in the link. When the link is
clicked, the Trojan will run a Java applet that will download other
files to the computer and run an installer automatically.
The Trojan appears to report system information to servers on the
Internet, which can cause a breach of personal information. The Trojan
also will attempt to spread itself by sending messages from the user
account to other people through spam e-mail messages.
As with most Trojans, this will require you to enter your password to
install the software and make modifications to the system, so be sure
you never supply your password unless you specifically open an
installer file and know and trust where that installer came from.
Read the full story: <http://reviews.cnet.com/8301-13727_7-20020892-263.html
>
----------------------------------------------------------------
3. Adobe Warns of Flaw in Reader, Acrobat, Flash
----------------------------------------------------------------
A new critical vulnerability is being exploited to attack computers
running the PDF viewer software, Adobe warned last week. The
vulnerability is not yet patched.
Systems affected:
Flash Player 10.1.85.3 and earlier versions for Windows, Mac, Linux
and Solaris
Flash Player 10.1.95.2 and earlier versions for Android
Reader 9.4 and earlier versions for Windows, Mac and Unix
Acrobat 9.4 and earlier versions for Windows and Mac
Earlier in October, the company plugged 23 holes in Reader and
Acrobat. Adobe is adding sandbox technology designed to add more
layers of protection in the next version of Adobe Reader, Reader X,
due out by mid-November.
Read the full story: <http://news.cnet.com/8301-27080_3-20021055-245.html
>
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20101101/92060411/attachment.htm
More information about the ist-security-fyi
mailing list