[IS&T Security-FYI] Security FYI Newsletter, August 14, 2015

Fri Aug 14 09:14:30 EDT 2015

In this issue:

1. Microsoft Security Updates for August 2015
2. Another Android Flaw Gives Apps Elevated Privileges
3. The Importance of Backups
4. Sophos AV Ends Support for Mac OS X 10.6 and 10.7

--------------------------------------------------------------
1. Microsoft Security Updates for August 2015
--------------------------------------------------------------

This week on Patch Tuesday, Microsoft released fourteen security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-aug.aspx>, four of which are considered critical.

Systems affected include Windows, Internet Explorer, Office, Silverlight, Microsoft .NET Framework, Microsoft Lync, and Microsoft Server Software. Some of the fixes are for Windows 10, including its newest browser Microsoft Edge. An attacker could run malicious code on an affected machine if a user visits a specially-crafted webpage, allowing access at the logged-in user level.

Be sure to accept the updates as they occur, or go to the Windows Update<http://www.update.microsoft.com/> site. You may need to restart your machine after installing patches.

Read the story in the news<http://www.zdnet.com/article/august-2015-patch-tuesday/>.

—————————————————————————
2. Another Android Flaw Gives Apps Elevated Privileges
---------------------------------------------------------------------------

Close on the heels of Stagefright<http://ist.mit.edu/news/stagefright>, another vulnerability has been found to affect Android devices. A flaw in the OpenSSL X509Certificate class allows apps to elevate privileges, allowing them to snoop on vulnerable
devices, install malware, and cause other problems. More than half of Android handsets are believed to be vulnerable.

Google has provided a patch, but as with the patch for Stagefright, most people won’t receive it automatically. Ask your mobile carrier if a patch is available and if not, when you can expect it.

Read the story in the news<http://www.theregister.co.uk/2015/08/10/another_android_flaw_hitting_55_percent_handsets/>.

-----------------------------------------
3. The Importance of Backups
-----------------------------------------

This month’s issue of OUCH! from SANS focuses on backups. Specifically, what backups are, how they work and how to create the best backup strategy.

Unfortunately, too many people fail to realize how important backups can be. Backups provide peace of mind as well as business continuity. Think about how you would feel if a hard drive crashed and you lost thousands of your family’s photos, or all of your work files.

With a backup, either by using local storage media such as an external hard drive, or by using a cloud-based service, you can rest assured that everything can be recovered.

Read (and download) the issue here (PDF)<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201508_en.pdf>.

Learn more about backup options at MIT, including CrashPlan<http://ist.mit.edu/backup>.

—————————————————————————
4. Sophos AV Ends Support for Mac OS X 10.6 and 10.7
—————————————————————————

Sophos Anti-Virus is ending support for Mac OS X 10.6 (Snow Leopard) and 10.7 (Lion) on October 31, 2015. Computers running those operating systems will stop receiving Sophos updates after that date. Information regarding this change can be found at:
https://www.sophos.com/en-us/support/knowledgebase/122477.aspx

Apple stopped releasing security updates for both OS X 10.6 (in February 2014) and 10.7 (in September 2014), so continuing to run computers with those operating systems on the network is not recommended. IS&T strongly encourages you to upgrade those machines to the latest Mac OS if possible to ensure that they are protected.

As always, MIT users who need help or have questions, can contact the IS&T Help Desk at 617.253.1101 or helpdesk at mit.edu<mailto:computing-help at mit.edu>, or submit a request online<http://ist.mit.edu/support>.

A copy of this newsletter can be read at: https://ist.mit.edu/news/security_newsletter/08.14.2015

Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150814/fa41307a/attachment.htm