[IS&T Security-FYI] Security FYI Newsletter, March 31, 2015

Tue Mar 31 13:35:17 EDT 2015

In this issue:

1. EVENT: Laptop Tagging and Registration, April 1st
2. Android Flaw Allows Attackers to Modify or Replace Apps
3. EVENT: CIS National Webcast on Security

------------------------------------------------------------------------
1. EVENT: Laptop Tagging and Registration, April 1st
------------------------------------------------------------------------

This week there is an opportunity to register and tag your laptop.

Where: Lobby of Building 10
When: Wed., April 1st, 11:00 am - 1:15 pm

Cost: $10 cash (no cards) or MIT Cash Object

Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for laptops. The tag is affixed to the device, has a unique number, and is registered with a world-wide database.

Capt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to be returned to their rightful owners.

Read recovery stories here<https://www.stoptheft.com/> of laptops with STOP tags.

Learn more about laptop registration at MIT<http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration>. The next laptop tagging session is on May 6th, 2015.

-------------------------------------------------------------------------------
2. Android Flaw Allows Attackers to Modify or Replace Apps
-------------------------------------------------------------------------------

A security flaw in the Android operating system could be exploited to remotely take over vulnerable devices.

According to researchers from Palo Alto Networks, roughly half of all Android phones are vulnerable to a newly discovered hack that in some cases allows attackers to surreptitiously modify or replace seemingly benign apps with malicious ones that steal passwords and other sensitive data.

The vulnerability has been patched in Android 4.3_r0.9 and later but some Android 4.3 devices remain vulnerable.

The attack works only at third-party app stores, not the Google Play store.

Read the story in the news<http://arstechnica.com/security/2015/03/android-hijacking-bug-may-allow-attaclers-to-install-password-stealers/>.

-------------------------------------------------------------
3. EVENT: CIS National Webcast on Security
-------------------------------------------------------------

The topic of the next free National Webcast hosted by CIS (Center for Internet Security) is “Maintaining Security in a Mobile World.” Presenter is Kristy Westphal, Director of Risk and Assurance at Vantiv.

Save the date: Wednesday, April 15, 3:00 pm

Running an information security program for any organization is a challenge. You may finally think that you have the right formula for success when a new technology comes along, forcing you to recalculate. How can you stay on top of this ever-changing threat landscape and still properly protect your environment?

This webinar looks at a flexible, risk-based approach that allows for quick analysis and recommendation for your organization. The webcast will include recommendations on why and how organizations could pursue such an approach.

Register now to save your seat<https://msisac.cisecurity.org/webcast/2015-04/> (free registration)

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150331/423f4f2d/attachment.htm