[IS&T Security-FYI] Security FYI Newsletter, June 23, 2015

Monique Buchanan myeaton at mit.edu
Tue Jun 23 16:43:24 EDT 2015 

In this issue

1. LastPass Network Breach
2. EVENT: Security SIG lunch on July 15
3. Recent Security Flaws and Updates


--------------------------------------
1. LastPass Network Breach
--------------------------------------

On June 15, 2015, LastPass sent out a notice to its customers regarding suspicious activity on its network. The details of the activity are posted here<https://blog.lastpass.com/2015/06/lastpass-security-notice.html/>.

LastPass Enterprise is a password management system that will be rolled out to the MIT community this summer. LastPass Enterprise encompasses access to data and passwords via Windows, Mac OS X and mobile native clients, as well as via any web browser. It is a convenient solution for the password problem of teams and unlocks features such as shared password folders and secure notes.

You can find information about LastPass Enterprise via the MIT LastPass FAQ<http://kb.mit.edu/confluence/x/aaswCQ>. Note that LastPass Enterprise for MIT includes two-factor authentication using Duo<http://kb.mit.edu/confluence/display/istcontrib/Duo+two-factor+authentication+FAQ>, which provides an added layer of security for your account.

See the KB for answers to questions you may have about the LastPass security breach<http://kb.mit.edu/confluence/x/ccIwCQ>.


------------------------------------------------------
2. EVENT: Security SIG lunch on July 15
------------------------------------------------------

Please join us for free lunch and a talk on lessons learned from some of the biggest breaches in the healthcare industry.

Lessons Learned from the top Healthcare Information Security Breaches
Roy Wattanasin, MITM (MIT Medical)



The FBI has warned that hackers are or will be targeting your organization. 2014 was a rough year for data security, especially in the healthcare industry. About 43 percent of breaches came from healthcare per the Ponemon Institute. 2015 has been a trickier year with one of the largest healthcare information breaches reported to date.

This talk highlights and walks through the top 2015 healthcare information security breaches (using public information). It gives an overview of the healthcare information landscape, covers the laws/regulations and offers recommendations to prevent these kinds of breaches whether you are in healthcare or another industry.

Where: W20-407
When: Wednesday, July 15, 2015, 12:00 - 1:30 pm, includes free lunch
How to sign up: Please email security_sig_events at mit.edu<mailto:security_sig_events at mit.edu>.
We hope to see you there!

If you haven’t yet joined the IT Security Special Interest Group mailing list, please subscribe here<http://mailman.mit.edu/mailman/listinfo/security_sig>.


---------------------------------------------------
3. Recent Security Flaws and Updates
---------------------------------------------------

Drupal
Updates for the Drupal content management system are available. The Drupal security team's advisory<https://www.drupal.org/SA-CORE-2015-002> describes one critical and three "less critical" vulnerabilities that the updates address. The critical flaw lies in Drupal's implementation of OpenID; it allows attackers to log in to websites as administrators. The issues affect Drupal versions 6 and 7.

Samsung Galaxy Smartphones
Samsung plans to release a fix for a critical security flaw<http://global.samsungtomorrow.com/information-regarding-the-keyboard-security-issue-and-our-device-policy-update/> that affects more than 600 million of its mobile phones. The issue affects Galaxy smartphones that come with the SwiftKey keyboard preinstalled. The flaw could be exploited to access data on the devices. Galaxy devices running Knox security software will receive a new security policy that makes the vulnerability invalid. Phones that are not running Knox will have to wait until a firmware update is ready. See Krebs on Security for this story and the Apple KeyChain story below<http://krebsonsecurity.com/2015/06/critical-flaws-in-apple-samsung-devices/>.

Apple KeyChain
A security flaw (a zero-day bug) in Apple's OS X and iOS could be exploited to steal information from the Apple keychain and from applications. The problem lies in the operating systems' application sandboxes and can be exploited by specially created apps. Read the full story in the news<http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/>.


=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================



Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715






-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150623/dc1193cf/attachment.htm

More information about the ist-security-fyi mailing list