[IS&T Security-FYI] Security FYI Newsletter, December 15, 2015

Monique Buchanan myeaton at mit.edu
Tue Dec 15 10:05:30 EST 2015 

In this issue:

1. Microsoft Security Updates for December 2015
2. Financial Scam Using Business Email
3. Cambridge 2 Cambridge Cybersecurity Challenge
4. Software Reverse Engineering Workshop During IAP
5. Shred IT Day Coming in January


1. Microsoft Security Updates for December 2015

Last Tuesday, Microsoft released twelve security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-Dec>, eight of which are rated critical. Two of the issues are actively at risk, namely MS15-131 concerning a memory-corruption vulnerability in Office, and MS15-135, concerning a kernel memory elevation of privilege in Windows.

Other systems affected by the twelve bulletins include Internet Explorer, Microsoft Edge, Microsoft .NET Framework, Skype for Business, Microsoft Lync and Silverlight.

In a separate advisory<https://technet.microsoft.com/en-us/library/security/3123040>, Microsoft warns users of a leaked Xbox Live certificate and private key pair, which it has revoked. Microsoft is not aware of attacks related to this issue, according to the advisory.

Be sure to accept the updates as they occur, or go to the Windows Update<http://www.update.microsoft.com/> site. You may need to restart your machine after installing patches.

Learn more from the threat post blog<https://threatpost.com/microsoft-patches-71-flaws-two-under-attack-warns-of-leaked-xbox-live-cert/115601/>.


2. Financial Scam Using Business Email

The Boston Field Office of the Federal Bureau of Investigation (BFO-FBI) is disseminating information regarding a particularly persistent scam using business email. The flyer and pamphlet being distributed offer guidelines on how to be prepared, what to do if you fall victim, and how to report the incident to the BFO-FBI. Please print, email and/or share the flyer<http://ist.mit.edu/sites/default/files/news/BEC%20Flyer.pdf> and pamphlet<http://ist.mit.edu/sites/default/files/news/BEC%20pamphlet%20final.pdf> with your co-workers, clients, and customers.

In the meantime, be on the lookout for suspicious emails requesting a transfer of funds. These phishing scams are quite sophisticated, causing potentially millions of dollars in losses. Learn more about this scam from IS&T<http://ist.mit.edu/news/email_scam> and the FBI<https://www.fbi.gov/news/stories/2015/august/business-e-mail-compromise/business-e-mail-compromise>.

To learn how to identify and protect yourself from phishing emails, read this month’s OUCH! newsletter (.pdf)<https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201512_en.pdf>.


3. Cambridge 2 Cambridge Cybersecurity Challenge

December 11 was the last day to register for the Cambridge 2 Cambridge (C2C) cybersecurity hackathon<http://cambridge2cambridge.mit.edu/> between MIT with the University of Cambridge.

Although the deadline for registering has passed, you can still watch the live action on March 4 at the Stata Center (Building 32). The Hackathon, hosted by CSAIL, supports initiatives advancing cybersecurity technologies. If you missed the registration date and want to join in next year, keep an eye out for the Fall 2016 C2C competition announcement.

You have until January 22 to sign up for the Start-Up Competition, taking place on March 5. Participants can win up to $25,000 of prizes when they present a product that has a critical impact on cybersecurity. Learn more about both the Hackathon and the Start-Up Competition here<http://cambridge2cambridge.mit.edu/events>.


4. Software Reverse Engineering Workshop During IAP

This 5-day workshop<http://student.mit.edu/searchiap/iap-9289af8f51340f9501513cc17d7f0154.html> at MIT teaches the process of software reverse engineering, a way to discover undocumented internals in computer programs. Reverse engineering is critical to cyber operations not just in the government sector, but also in industry, finance, and anywhere computer programs and information need to be protected.

Where: NE45, 2nd floor
When: January 4-8, 2016
Advance sign-up required.


5. Shred IT Day Coming in January

Have you been holding onto old hard drives, thumb drives, CDs or digital tapes because they might contain sensitive data? If you don’t need these items anymore, bring them to the Shred IT table<http://ist.mit.edu/news/shred-it> in the Stata Center (Building 32) on January 21, between 10am and 2pm. IS&T is offering this service to the community free of charge.

It’s a great way to ensure that sensitive data is protected, and there’s no better way to start the new year than by cleaning out your office spaces.

You can bring the following items to the Shred IT table:

  *   paper
  *   digital tapes
  *   CDs
  *   hard drives
  *   thumb drives

See you there!



Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20151215/91e9af55/attachment.html

More information about the ist-security-fyi mailing list