[IS&T Security-FYI] Security FYI Newsletter, May 21, 2015

Thu May 21 11:46:22 EDT 2015

In this issue:

1. Mac iOS Security Guide
2. Oracle Releases Patch for VENOM Vulnerability
3. FBI: Data Breaches Up 400%; Workforce Needs To Be "Doubled or Tripled"

------------------------------------
1. Mac iOS Security Guide
------------------------------------

The new Mac iOS Security Guide was released in April of 2015. As the introduction of the guide states: “Apple designed the iOS platform with security at its core. When we set out to create the best possible mobile platform, we drew from decades of experience to build an entirely new architecture.”

Many of the security features are built in by default.

“iOS and iOS devices provide advanced security features, and yet they’re also easy to use. Many of these features are enabled by default, so IT departments don’t need to perform extensive configurations. And key security features like device encryption are not configurable, so users can’t disable them by mistake. Other features, such as Touch ID, enhance the user experience by making it simpler and more intuitive to secure the device.”

Topics covered in the guide are: system security, encryption and data protection, app security, network security, Apple Pay, internet services, device controls and privacy controls.

Download or view the guide (.pdf)<https://www.apple.com/business/docs/iOS_Security_Guide.pdf>

--------------------------------------------------------------------
2. Oracle Releases Patch for VENOM Vulnerability
---------------------------------------------------------------------

Oracle has released a fix for a critical overflow vulnerability known as VENOM. The problem lies in QEMU's virtual Floppy Disk Controller, which is part of some virtualization platforms and is used in certain Oracle products. Due to the severity of this vulnerability, Oracle strongly recommends that customers apply the updates provided by the Security Alert as soon as possible.

Read the Oracle Security Alert<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>

---------------------------------------------------------------------------------------------------------
3. FBI: Data Breaches Up 400%; Workforce Needs To Be "Doubled or Tripled"
----------------------------------------------------------------------------------------------------------

As a follow up to last week’s post about the lack of cybersecurity personnel, this article talks about the increase in attacks and breaches and how it relates to the need for a more robust cybersecurity workforce.

James Trainor, acting assistant director of the FBI's Cyber Division, said the agency used to learn about a new, large-scale data breach every two or three weeks. "Now, it is close to every two to three days.”
Trainor also said the cybersecurity industry needs to "double or triple" its workforce in order to keep up with hacking threats.

Read the story at thehill.com<http://thehill.com/policy/cybersecurity/242110-fbi-official-data-breaches-increasing-substantially>

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150521/facc046c/attachment.htm