[IS&T Security-FYI] SFYI Newsletter, December 9, 2014

Tue Dec 9 17:18:16 EST 2014

In this issue:

1. Microsoft Security Updates for December 2014
2. Tech Support Phone Scams
3. Webinar: The Internet of Things

------------------------------------------------------------------
1. Microsoft Security Updates for December 2014
------------------------------------------------------------------

Microsoft will be issuing seven security bulletins<https://technet.microsoft.com/en-us/library/security/ms14-dec.aspx> on Tuesday, December 9. Three are rated critical.

Systems affected are Exchange, Windows, all versions of Office, including for Mac and Internet Explorer. The Internet Explorer update affects all supported versions of IE, including the latest: IE 11. Some updates will require restarting your computer after installation.

The total number of updates from Microsoft will be 84 this year, with just 29 rated critical, which is an improvement over the past two years.

The updates will be available through the normal Windows Update process.

Read the full story in the news<http://www.zdnet.com/article/windows-ie-exchange-and-office-to-be-patched-next-week/>.

-----------------------------------------
2. Tech Support Phone Scams
-----------------------------------------

When scams come to us in the form of emails that land in our inbox, they are called “phishing” emails. But scammers don’t just use email to trick us into disclosing personal information or accessing our money. They will use other technology as well, such as phones.

One version of a phone scam comes in the form of technical support. You get a call from someone claiming to be from Microsoft, for example. They tell you they want to help to solve a computer problem or sell you a software license. But this what they are really doing:

  *   They trick you into installing malicious software.
  *   The software you have installed allows them to take over your computer.
  *   After you install the software, they charge you to remove it.
  *   They trick you to visit a fraudulent site where they ask you to enter your credit card number or other personal information.

Neither Microsoft nor any legitimate business will make these types of unsolicited phone calls. But it is easy to be fooled; the criminals use publicly available phone directories, so they might know your name when they call you.

What you can do:

Do not trust unsolicited phone calls offering tech support. Do not provide any personal information. Do not allow people making unsolicited calls to access your computer over the phone to “fix it.”

When you receive a scam phone call, you can report it to the FTC<https://www.ftccomplaintassistant.gov/#crnt&panel1-1>.

The numbers: A recent survey by Microsoft<http://blogs.microsoft.com/on-the-issues/2014/10/23/four-10-americans-face-regular-online-fraud-attacks-microsoft-survey/> shows that PC owners are under constant attack for their personal information but that people are wising up and not taking the phishing bait. The report found that 42% of Americans experience attempts to gain access to their PC, while 28% reports attacks via landline phones, 22% via tablets, and 18% via mobile phones.

Find out more about how to protect yourself from this kind of phone scam<http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx>.

----------------------------------------------
3. Webinar: The Internet of Things
----------------------------------------------

MS-ISAC is a multi-state information sharing group that supports the government with its cyber security mission. It offers a free national webinar each month. This month’s webinar, called “The Internet of Things” is a discussion on recent cyber-based incidents that threaten organizations through their computer systems. These threats are becoming increasingly sophisticated, better organized and more frequent. The discussion suggests a framework to protect organizations using the latest technologies and trends in the industry. Presented by Peter Romness, Business Development Manager of Cisco Systems, Inc.

The free webinar takes place on Thursday, December 11, 2014, 2:00 - 3:00 pm.

Learn more and register for this webinar<https://msisac.cisecurity.org/webcast/2014-12/>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20141209/9c2d2233/attachment.htm