[IS&T Security-FYI] SFYI Newsletter, September 30, 2014

Tue Sep 30 09:34:37 EDT 2014

In this issue:

1. The ShellShock Bug
2. Event on Oct. 7: Free Coffee and Donut with a Slice of Security
3. The CryptoWall Attack

-------------------------------
1. The ShellShock Bug
-------------------------------

A critical vulnerability in bash Unix shell, nicknamed “shellshock” was reported by the security community last week. It is said to be more serious than the Heartbleed vulnerability.

Bash is a command language interpreter and is available on almost all non-Windows systems, including OS X. Especially vulnerable are web servers that are hosting CGI scripts, and certain other network services such as DHCP and FTP, so it’s imperative that bash is patched on these systems.

If you are an IS&T managed-server hosted customer, your systems were patched on 9/24. When doing a scan of the network, IS&T found only a handful of systems vulnerable to the bug, which indicates that maintainers patched their systems quickly.

Please refer to this Knowledge Base article for instructions on patching Red Hat Enterprise and Ubuntu Linux systems: http://kb.mit.edu/confluence/x/7wgrCQ. Note that the patch CVE-2014-7169 is the patch to apply (it supersedes the earlier patch).

Unfortunately, the patches released by the bash scripting team did not fix *all* of the bash problems. See this article on ArsTechnica for more on the situation<http://arstechnica.com/security/2014/09/still-more-vulnerabilities-in-bash-shellshock-becomes-whack-a-mole/>.

The vulnerability is being actively exploited. It is recommended to be careful of any unusual attachments to emails.

Additional information:

  *   A webcast briefing from the Internet Storm Center (ISC) on how shellshock works and what to do about it<https://isc.sans.edu/forums/diary/Webcast+Briefing+Bash+Code+Injection+Vulnerability/18709>
  *   The ISC blog, summarizing the problem<https://isc.sans.edu/forums/diary/Update+on+CVE-2014-6271+Vulnerability+in+bash+shellshock+/18707>
  *   Direct link to YouTube video of the ISC briefing<https://www.youtube.com/watch?v=W7GaVyzkCs0>

---------------------------------------------------------------------------------------
2. Event on Oct. 7: Free Coffee and Donut with a Slice of Security
---------------------------------------------------------------------------------------

Next week Tuesday, October 7, IS&T is hosting a table in W20 from 9:00 until 11:00 am, in support of National Cyber Security Awareness Month (NCSAM).

Have any security concerns? Want help with securing your computer or smartphone?
IS&T personnel will be on hand to help.

Think you’re pretty savvy when it comes to phishing or other cyber attacks? Test your threat level with our security quiz cards.

And don’t forget to grab a free coffee and donut.

---------------------------------
3. The CryptoWall Attack
---------------------------------

A form of ransomware, CryptoWall is one of the viruses trying to hit unpatched machines. Should you fall victim, CryptoWall will encrypt your folders and attempt to extort money from you to decrypt/release them. They ask $750.

Your best defense against this type of virus is having virus detection software, such as Sophos<http://ist.mit.edu/sophos>, installed on your machine. Keep all your software, including browsers, up to date with the latest security patches<http://ist.mit.edu/security/patches>.

CyptoWall Indicators<https://msisac.cisecurity.org/daily-tips/cryptowall-indicators.cfm>

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20140930/074bac45/attachment.htm