[IS&T Security-FYI] SFYI Newsletter, September 16, 2014

Tue Sep 16 10:31:47 EDT 2014

In this issue:

1. Malvertising Campaign Hits PCs and Macs
2. Adobe Releases Flash Player Update, Delays Reader and Acrobat Fixes
3. Funny: Forgot Password

------------------------------------------------------------
1. Malvertising Campaign Hits PCs and Macs
------------------------------------------------------------

A malware campaign that began in May 2014 is delivering customized concoctions of spyware, adware, and browser hijacking malware to PCs and Mac users. The “malvertising” network (a merging of the words “malware” and “advertising”), which has been dubbed Kyle and Stan, has 700 domains.

Getting a malicious ad into an advertising network distribution, even for a short time, can infect many computers, especially if it is on a popular site like Amazon or YouTube. The combination of malware downloaded to each machine is different, which means the checksum varies, thwarting detection.

Malvertising attacks are not new, and have been around for a few years. Generally, criminals use ads on popular sites or networks, such as Spotify or Facebook to spread malware. They place an ad with the network, then change the code in the ad to exploit flaws in the browser which allows them to inject malware on the user’s computer.

To protect yourself against these attacks, it is recommended to run malware detection software (Sophos<http://ist.mit.edu/sophos> is distributed for free for MIT users) and to make sure your browser is up to date with the latest security patches. Another option is to filter sites based on their potential threat level. Browser plug-ins such as AdBlock<https://getadblock.com/>, and Webutation<http://www.webutations.info/go/about> can block ads and warn users if they have accessed a site that is known to host malware. These plug-ins are free and can be run on different types of browsers.

Read the full story in the news<http://www.darkreading.com/kyle-and-stan-parks-malvertising-on-amazon-youtube/d/d-id/1307036?>.

----------------------------------------------------------------------------------------------------
2. Adobe Releases Flash Player Update, Delays Reader and Acrobat Fixes
----------------------------------------------------------------------------------------------------

Last week, Adobe released an update for Flash to address a dozen critical flaws. Chrome and IE 11 users will find their versions of Flash automatically updated.  You can see which version you have installed here<https://www.adobe.com/software/flash/about/>, or download Adobe Flash Player here.<http://www.adobe.com/products/flashplayer/distribution3.html>

Fixes for flaws in Reader and Acrobat<http://blogs.adobe.com/psirt/?p=1121> that had been scheduled to be released last week are delayed until this week so Adobe can conduct further testing.

Read the full story in the news<http://www.computerworld.com/article/2604738/adobe-fixes-critical-flaws-in-flash-player-delays-reader-and-acrobat-updates.html>.

------------------------------------
3. Funny: Forgot Password
-------------------------------------

Have you ever forgotten a password? Comedian Don Friesen goes on a hilarious rant that is completely relatable.

Watch the 5 minute video on YouTube<https://www.youtube.com/watch?v=2tJ-NSPES9Y>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140916/12fd4d9c/attachment.htm