[IS&T Security-FYI] Security FYI Newsletter, April 9, 2015
Monique Buchanan
myeaton at mit.edu
Thu Apr 9 09:56:10 EDT 2015
In this issue:
1. Phishing Attack List: E-Z Pass Virus Spam
2. Tip of the Week: Passphrases
3. May 2015 Event: SANS Cyber Talent Fair
------------------------------------------------------------
1. Phishing Attack List: E-Z Pass Virus Spam
------------------------------------------------------------
This is a new category I will be including in the newsletter: phishing attacks that are currently trending and which you may see some examples of in your inbox. If you have any examples to share with the list, please forward it to me with a link to the information or news story that describes the phishing attack.
A series of fake E-Z Pass virus spam emails are going around, that claim you owe money for driving on a toll road. An zip file attached to the spam email contains a javascript file that downloads malware. The javascript files aren’t for execution by a browser but by Windows Script Host, so Windows machines are vulnerable. If you use Windows + Internet Explorer you will receive a randomly-named .gif file that is actually an .exe file.
Read more about this phishing attack here<https://techhelplist.com/index.php/spam-list/759-e-zpass-toll-road-charge-series-js-malware>.
-------------------------------------------
2. Tip of the Week: Passphrases
-------------------------------------------
The April issue of OUCH! is led by guest editor Guy Bruneau, and covers passphrases. Specifically, what passphrases are, why they are better than passwords and how to use them securely. As always, you are encouraged to download and share OUCH! with others.
Download the issue here<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201504_en.pdf> (.pdf)
For managing all your passwords, use a password vault, like LastPass. Here are some best practices for using LastPass<http://kb.mit.edu/confluence/x/d1sYCQ> at MIT.
-----------------------------------------------------------
3. May 2015 Event: SANS Cyber Talent Fair
-----------------------------------------------------------
The 2015 SANS CyberTalent Fair will attract thousands of online attendees seeking opportunities in cybersecurity.
If you are a candidate for a job in cybersecurity, this is for you. See more information here<https://www.sans.org/cybertalent/fair>.
If you are seeking candidates for security positions, visit this page for registration<https://app.brazenconnect.com/events/SANS-cybertalent-fair#!eventLanding;eventCode=SANS-cybertalent-fair>. Employers such as Deloitte, the US Army's INSCOM, United Health Group, MSSP leader Solutionary, Next Jump, Workday, and more have already signed up. It's open to any employer who has cyber vacancies or interested jobseekers. Please contact mshuftan at sans.org<mailto:mshuftan at sans.org> or visit https://app.brazenconnect.com/events/SANS-cybertalent-fair to sign up.
=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================
Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150409/bf5cfc63/attachment.htm
More information about the ist-security-fyi
mailing list