[IS&T Security-FYI] Security FYI Newsletter, January 14, 2015

Wed Jan 14 11:15:51 EST 2015

In this issue:

1. Microsoft Security Updates
2. Security Predictions of 2015
3. Security Using Mobile Apps

----------------------------------------
1. Microsoft Security Updates
----------------------------------------

Microsoft has changed its Advanced Notification Service<http://blogs.technet.com/b/msrc/archive/2015/01/07/evolving-advance-notification-service-ans-in-2015.aspx>, in which they used to provide a public bulletin in advance of upcoming fixes occurring on Patch Tuesdays. The bulletins are no longer publicly available, except to Premier customers.

Because this Security FYI newsletter is often written and sometimes distributed prior to the releases, you may see a change to the Microsoft Security Updates articles within this newsletter. Rather than providing information about Patch Tuesday releases to you in advance, this newsletter will be reviewing them after they have been released.

January’s security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-jan.aspx> consist of eight updates, one of which is considered critical. All impact Microsoft Windows and Windows Server (all supported versions).

For those who wish to see security bulletins for Microsoft products that you or your work area use, go to myBulletins<http://mybulletins.technet.microsoft.com/>, where you can view, filter and download security bulletins for the products you select.

Read the story in the news<http://www.zdnet.com/article/microsofts-advance-security-notification-service-no-longer-publicly-available/>.

-----------------------------------------
2. Security Predictions of 2015
-----------------------------------------

What will be this year’s biggest security threats? Each time January rolls around, security professionals look at past threats and try to determine what will happen in the upcoming year. It’s a good idea to be one step ahead of criminal hackers, but it isn’t always possible.

This article in Wired<http://www.wired.com/2015/01/security-predictions-2015/> reviews several on-going threats it considers at the top of the list:

  *   Nation-State Attacks: government intelligence agencies that use malware to eavesdrop<http://www.wired.com/2014/11/mysteries-of-the-malware-regin/> on telecommunication systems, for example
  *   Extortion: on a larger scale we saw the attack on Sony Pictures, on a smaller scale there is ransomware that targets individuals
  *   Data Destruction: similar to the ransomware threats, but this malware wipes data and master boot records
  *   Bank Card Breaches: hacking point-of-sale systems, skimmers, and other methods of stealing card data
  *   Third-Party Breaches: a company or service is hacked solely for the purpose of obtaining data from a more important target
  *   Critical Infrastructure: attacks that aim to sabotage various programs or services

Read the article in full online.<http://www.wired.com/2015/01/security-predictions-2015/>

----------------------------------------
3. Security Using Mobile Apps
----------------------------------------

Many of you may have received a new mobile device for the holidays.

This month’s issue of OUCH!<http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201501_en.pdf> (.pdf) covers how to securely use mobile apps. Being one of the primary technologies we use in our professional and personal lives, mobile devices are used to be more productive, communicate, and share information with others or just have fun. However, using the apps on mobile devices can be risky. This issue describes some steps you can take to securely use and maintain your mobile apps.

If you have any questions or concerns about using and setting up your mobile device, you can also go to the Mobile Device Support page in the Knowledge Base<http://kb.mit.edu/confluence/display/istcontrib/Mobile+Device+Support>.

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
IT Security Communications Coordinator
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu/secure
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150114/db90c59a/attachment.htm