[IS&T Security-FYI] SFYI Newsletter, September 18, 2013

Wed Sep 18 11:16:49 EDT 2013

NOTE: Apologies if you have received this newsletter twice today. The first time I sent it, it was caught by Spam Quarantine.

In this issue:

1. Increases Seen in Phishing Attacks

2. Microsoft Reissues Problematic Updates

3. Why Patch a Mac?

--------------------------------------------------

1. Increases Seen in Phishing Attacks

--------------------------------------------------

Many of us have recently received email messages attempting to get us to click on a bogus link or respond with the login credentials of our email accounts.

Email is one of the most frequently used venues for cyber attacks. It is fertile ground for cyber criminals and a vulnerability for most organizations because of unwitting end users.

At MIT, we see a lot of unwanted email in our inbox. Even with filtering<https://ist.mit.edu/spam?category=7> and blacklisting tools on our email system, some of these dangerous messages still come through. Generally, the fraudulent message appears as if it is from the institute's own email administrators.

The IS&T Help Desk has seen an increase in incidents related to users falling for these types of phishing scams, giving attackers access to their email account. When MIT email accounts become compromised, generally large amounts of spam is sent from those compromised accounts by the criminals.

If an MIT account becomes compromised, the first recommendation we give is to change and strengthen the Kerberos password<https://kb.mit.edu/confluence/display/istcontrib/Changing+Passwords> that protects the account.

Learn more in the Knowledge Base: What to do if your email account is compromised<http://kb.mit.edu/confluence/display/istcontrib/My+email+account+got+hacked>.

---------------------------------------------------------

2. Microsoft Reissues Problematic Updates

---------------------------------------------------------

Microsoft has reissued several security updates<http://www.computerworld.com/s/article/9242408/Microsoft_updates_display_worrisome_decline_in_quality> to address a detection problem. The updates, which were part of a batch released on Tuesday, September 10, were not able to detect whether or not they had already been installed on users' computers and continued to offer themselves to install.

Customers also reported that some of the updates were not offered through Windows Server Update Services or System Center Configuration Manager.

Microsoft has released new versions of the affected updates to fix these problems.

Learn more about installing Microsoft Updates on Windows 7<http://windows.microsoft.com/en-us/windows7/install-windows-updates> or Windows 8<http://windows.microsoft.com/en-us/windows-8/windows-update>.

NOTE: Updates for Windows XP Service Pack 3 machines will no longer be available after April 8, 2014, and as a result IS&T has begun to phase out support for Windows XP. IS&T recommends you upgrade to Windows 7 now to avoid problems later.

-----------------------------

3. Why Patch a Mac?

-----------------------------

According to ZD Net<http://www.zdnet.com/mac-users-you-have-to-patch-too-7000020665/>, this has been a fairly busy security update season for Mac users. In fact, they say, Mac users have a lot more work involved to keep their systems safe.

There have been patches for the operating systems, for Safari for Mac, for Java and Adobe vulnerabilities, quite a long list compared to previous years.

There really are attacks out there against Macs which exploit vulnerabilities, so accepting and installing these patches is important.

Read the story online<http://www.zdnet.com/mac-users-you-have-to-patch-too-7000020665/>.

===================================================================================

Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

===================================================================================

Thanks,

Monique

=========================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20130918/2eaa28b7/attachment-0001.htm