[IS&T Security-FYI] SFYI Newsletter, April 2, 2012

Mon Apr 2 09:20:34 EDT 2012

In this issue:

1.  Digital Tax Returns Can Tax Security
2.  Data Center Breach Jettisons 1.5M Credit/Debit Card Numbers into the Wild
3.  Adobe Flash Player 11.2 Update Plugs Security Holes, Includes Silent Updater

------------------------------------------------------------------------------------------------
1. Digital Tax Returns Can Tax Security
------------------------------------------------------------------------------------------------

As April 15th approaches (technically April 17th this year), Americans prepare to file their 2011 tax returns. Many accounting firms and online tax services have switched to digital return creation -- meaning you're given a completed tax return in PDF form for safe keeping. While digital returns can be far easier to store and save, they do represent a potential security threat. Tax returns contain a host of sensitive information -- including full name, address, date of birth, social security number and annual income -- and should *not* be stored on your PC, Mac, tablet or smartphone in an unencrypted format. Malware that actively seeks personal information, especially social security numbers, is becoming more and more prevalent and tax returns are often a target.

MIT community members looking to find and secure sensitive information on their PC or Mac can leverage the software Identify Finder; provided free of charge by IS&T.

Read More: http://ist.mit.edu/identity-finder

------------------------------------------------------------------------------------------------
2. Data Center Breach Jettisons 1.5M Credit/Debit Card Numbers into the Wild
------------------------------------------------------------------------------------------------

Last week, the Atlanta-based processing firm Global Payments announced that a data center security breach exposed 1.5 million credit and debit card numbers. The incident occurred between January 21st and February 25th of this year and affects credit and debit cards that bear the Visa or MasterCard logo. In a statement, Global Payments noted that "cardholder names, addresses and social security numbers were not obtained by the criminals."

If fraudulent or erroneous charges do appear on a bank or credit card account, it is important to contact your financial institution's customer service department and file a complaint immediately. 

In light of this disclosure, Visa and MasterCard customers should be extra vigilant.

Read More: http://krebsonsecurity.com/2012/04/global-payments-1-5mm-cards-exported/

------------------------------------------------------------------------------------------------
3. Adobe Flash Player 11.2 Update Plugs Security Holes, Includes Silent Updater
------------------------------------------------------------------------------------------------

Last Tuesday, Adobe released an update to its Flash Player that addresses several security issues and adds a silent update mechanism. A silent updater will, without user intervention, apply software patches that can add functionality and/or improve security. Due to the speed at which Flash vulnerabilities are discovered, and the prevalence of the technology on the web, users of Internet Explorer, FireFox and Safari are encouraged to update to this latest version and enable the automatic update mechanism. 

Users of Google's Chrome browser already receive automatic updates to Flash Player -- Google bundles and autonomously updates a standalone version of Flash with Chrome.

Read More: http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html
Read More: http://www.adobe.com/support/security/bulletins/apsb12-07.html
Read More: http://get.adobe.com/flashplayer/

=================================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=================================================================================================

Andrew Munchbach
IT Security Incident Response Analyst	
Massachusetts Institute of Technology
IS&T | Operations & Infrastructure | IT Security