[IS&T Security-FYI] Security FYI Newsletter, November 13, 2015

[Monique Buchanan]

In this issue:

1. Microsoft Security Updates for November 2015
2. ’Tis the Season for… Cyber Threats
3. Comcast User Account Compromise


1. Microsoft Security Updates for November 2015

This week on Patch Tuesday, Microsoft released twelve security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-nov.aspx>, four of which are rated critical. Overall, 54 reported vulnerabilities have been addressed.

Systems affected include Microsoft Windows, Internet Explorer, the Windows 10 browser Edge, Microsoft Office, and .NET.

In addition to the security bulletins, Microsoft is also planning to release Threshold 2 (TH2) or <https://www.thurrott.com/windows/windows-10/7122/windows-10-fall-update-is-set-for-november-release>
“Fall Update” for Windows 10<https://www.thurrott.com/windows/windows-10/7122/windows-10-fall-update-is-set-for-november-release> this week. It is also known as Version 1511, and will ship as a cumulative update, not a full build.

NOTE: If you haven’t updated to Windows 10 yet, please first review known issues<http://ist.mit.edu/windows/10/enterprise>. Upgrading to Windows 10 at this time carries some risk for MIT computer users who rely on specific software or sites.

Be sure to accept the security updates as they occur, or go to the Windows Update<http://www.update.microsoft.com/> site. You may need to restart your machine after installing patches.

Read more in the news<http://www.networkworld.com/article/3003851/security/patch-tuesday-november-2015-microsoft-releases-12-fixes-4-rated-critical.html>.



2. ’Tis the Season for… Cyber Threats

The Monday after Thanksgiving is known as “Cyber Monday” — traditionally one of the busiest online shopping days of the year. In fact, last year 52% of American shoppers went online for their Christmas purchases.

Unfortunately, just as shoppers hit the Internet to search for deals, cybercriminals are trolling the Web for their next victims. November and December are the months when the majority of online identity theft problems occur. Also, there’s a significant increase in malicious shopping websites between October and December, according to Webroot, an antivirus and antispyware software company.

The November issue of OUCH! by SANS looks at how to securely shop online. With the holidays coming up, this is the perfect opportunity to remind everyone of the steps they can take to safely get the best deals. Please share OUCH! with friends, coworkers and family.

Download the November issue of OUCH! (pdf)<https://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201511_en.pdf>



3. Comcast User Account Compromise

Comcast will reset passwords of roughly 200,000 customers, after their account information wound up for sale on Dark Web, a shadowy website that sells account information, according to a announcement the company made last Monday.

As many as 590,000 accounts were put up for sale, but according to Comcast, only a third were up to date and therefore at risk. Comcast systems and applications were not breached. The source of the data is in question, but theories suggest the list was likely recycled from either previous breaches or phishing scams.

Read the story in the news<http://www.csoonline.com/article/3002604/cyber-attacks-espionage/comcast-resets-nearly-200000-passwords-after-customer-list-goes-on-sale.html>.



Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20151113/d95c186f/attachment.html