[IS&T Security-FYI] SFYI Newsletter, October 6, 2014

Mon Oct 6 16:00:07 EDT 2014

In this issue:

1. MIT Event: Keep IT Safe Table in W20 Lobby
2. What Happened in the JP Morgan Chase Breach?
3. Is Windows Safe from Shellshock?

---------------------------------------------------------------
1. MIT Event: Keep IT Safe Table in W20 Lobby
---------------------------------------------------------------

On Tuesday, October 7, 9:00 to 11:00 am, IS&T is hosting the Keep IT Safe table in W20, a new initiative aimed at supporting the MIT community with their secure computing and data protection needs.

Encourage your staff, students and colleagues (and yourself) to come by and grab a free cup of coffee and a donut while perhaps taking away something you didn’t know yet about cyber security.

This event kicks off a series of events to promote National Cyber Security Awareness Month (NCSAM).

Learn more here<http://kb.mit.edu/confluence/x/WR4YCQ>.

---------------------------------------------------------------------
2. What Happened in the JP Morgan Chase Breach?
---------------------------------------------------------------------

According to news released last Thursday, 76 million household accounts and 7 million small businesses were affected by a breach that occurred earlier this year. JP Morgan Chase is one of the oldest, best-known and largest financial institutions in the world. The cyber attack leaked names, addresses, phone numbers and email addresses. There is no evidence yet of passwords, sensitive personal information, or account information being stolen.

The bank discovered the intrusion on its servers in mid-August and believes the breach may have begun as early as June, a spokesperson for the bank has said. They have “identified and closed all known access paths.” It is possible the original access point came by getting a password from an employee.

In a post on their website, they told customers there’s no need to change their password or account information. No cards will be reissued.

Because email addresses were accessed by the hackers, beware of any phishing emails; don’t click on links from email addresses you don’t know or links inside messages that look like they might come from Chase or another trusted source, and were received unexpectedly.

Read the full story in the news<http://www.eweek.com/security/why-jpmorgan-chase-data-breach-may-have-financial-fallout.html>.

--------------------------------------------------
3. Is Windows Safe from Shellshock?
--------------------------------------------------

It appears as time goes on since the Bash vulnerability was first discovered, that Windows users are not necessarily immune to this Linux-targeted bug. According to a security company in Belgium, they discovered a command injection vulnerability for Windows command-line shells that takes advantage of environment variables in a similar fashion to Bash exploits.

According to the information, Windows clients are not able to be exploited remotely (via the Internet). The exploit would have to occur locally, or specifically on Windows Server deployments. Microsoft is not planning to issue a security bulletin, as it does not consider this a security vulnerability.

Read the full story in the news<http://threatpost.com/shellshock-like-weakness-may-affect-windows/108696>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20141006/683011f8/attachment.htm