[IS&T Security-FYI] SFYI Newsletter, September 18, 2013

Wed Sep 18 10:04:19 EDT 2013

In this issue:

1. Increases Seen in Phishing Attacks

2. Microsoft Reissues Problematic Updates

3. Why Patch a Mac?

--------------------------------------------------

1. Increases Seen in Phishing Attacks

--------------------------------------------------

"Dear Webmail Subscriber," "Confirm Your Web Mail," and "Upgrade Your Account!" These subjects lines were in recently received email messages attempting to get me to click on a bogus link or respond with my username and password. Had I done so, an attacker would have easy access to my email account.

Email is one of the most frequently used venues for cyber attacks. It is fertile ground for cyber criminals and a vulnerability for most organizations because of unwitting end users.

At MIT, we see a lot of unwanted email in our inbox. Even with filtering<https://ist.mit.edu/spam?category=7> and blacklisting tools on our email system, some of these dangerous messages still come through. Generally, the fraudulent message appears as if it is from email administrators of MIT and, like the examples mentioned above, tries to get you to click on a dangerous link or asks you to supply the login credentials to your web mail account.

The IS&T Help Desk has seen an increase in incidents related to users falling for these types of phishing scams. As a result, MIT email accounts become compromised and then large amounts of spam is sent from those compromised accounts by the criminals.

If an MIT account becomes compromised, the first recommendation we give is to change and strengthen the Kerberos password<https://kb.mit.edu/confluence/display/istcontrib/Changing+Passwords> that protects the account.

Learn more in the Knowledge Base: What to do if your email account is compromised<http://kb.mit.edu/confluence/display/istcontrib/My+email+account+got+hacked>.

---------------------------------------------------------

2. Microsoft Reissues Problematic Updates

---------------------------------------------------------

Microsoft has reissued several security updates<http://www.computerworld.com/s/article/9242408/Microsoft_updates_display_worrisome_decline_in_quality> to address a detection problem. The updates, which were part of a batch released on Tuesday, September 10, were not able to detect whether or not they had already been installed on users' computers and continued to offer themselves to install.

Customers also reported that some of the updates were not offered through Windows Server Update Services or System Center Configuration Manager.

Microsoft has released new versions of the affected updates to fix these problems.

Learn more about installing Microsoft Updates on Windows 7<http://windows.microsoft.com/en-us/windows7/install-windows-updates> or Windows 8<http://windows.microsoft.com/en-us/windows-8/windows-update>.

NOTE: Updates for Windows XP Service Pack 3 machines will no longer be available after April 8, 2014, and as a result IS&T has begun to phase out support for Windows XP. IS&T recommends you upgrade to Windows 7 now to avoid problems later.

-----------------------------

3. Why Patch a Mac?

-----------------------------

According to ZD Net<http://www.zdnet.com/mac-users-you-have-to-patch-too-7000020665/>, this has been a fairly busy security update season for Mac users. In fact, they say, Mac users have a lot more work involved to keep their systems safe.

There have been patches for the operating systems, for Safari for Mac, for Java and Adobe vulnerabilities, quite a long list compared to previous years.

There really are attacks out there against Macs which exploit vulnerabilities, so accepting and installing these patches is important.

Read the story online<http://www.zdnet.com/mac-users-you-have-to-patch-too-7000020665/>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130918/28876e25/attachment.htm