[IS&T Security-FYI] Security FYI Newsletter, October 14, 2015

Monique Buchanan myeaton at mit.edu
Wed Oct 14 14:26:43 EDT 2015 

In this issue:

1. Microsoft Security Updates for October 2015
2. October 20: “Keep IT Safe” at MIT
3. Cyber Talent Search Offers Scholarships for Women
4. FBI Urges Use of Two-Factor Authentication



1. Microsoft Security Updates for October 2015

This week on Patch Tuesday, Microsoft released six security bulletins<https://technet.microsoft.com/en-us/library/security/ms15-oct.aspx>, three of which are rated critical.

Systems affected include Windows, Microsoft Edge, Internet Explorer, and Office.

One of the critical updates covers vulnerabilities in Jscript and VBScript engines (it modifies how the VBScript and JScript engines handle objects in memory and helps to ensure that affected versions of the VBScript properly implement the ASLR security feature), while another addresses remote execution in the Windows Shell.

The Windows scripting component can be used do a lot of damage, and is important to patch. According to Core Security systems engineer Bobby Kozma, “Microsoft needs to adopt a disabled by default strategy with those technologies until they can be removed entirely. Unfortunately, that will never happen, due to the huge legacy application technical debt held by large organizations and governments worldwide.”

Be sure to accept the updates as they occur, or go to the Windows Update<http://www.update.microsoft.com/> site. You may need to restart your machine after installing patches.

Read more in the news<https://threatpost.com/microsoft-releases-six-bulletins-continues-rc4-deprecation/115017/>.


2. October 20: “Keep IT Safe” at MIT

[20151007_duo_rocket_science-600x450.jpg]

As part of NCSAM<http://kb.mit.edu/confluence/x/WR4YCQ> (National Cyber Security Awareness Month), Information Systems & Technology is hosting a table in Lobby 10. There are free coffee and donuts for those who stop by and take the time to answer one of our security quiz questions!

In addition, you can get signed up for LastPass<http://ist.mit.edu/lastpass> password manager and Duo Security<https://ist.mit.edu/duo_security> two-factor authentication. These two new services are provided to the MIT community to help make MIT’s IT infrastructure more secure.

Come learn about these services and about the:

  *   new Information Protection @ MIT website<https://infoprotect.mit.edu/>
  *   SANS Securing the Human<https://infoprotect.mit.edu/training> online courses
  *   top 10 security tips.

Do your part to make the Internet safer for everyone. Please tell colleagues, friends and students at MIT about the event.

We will be in Lobby 10 from 10am - noon.


3. Cyber Talent Search Offers Scholarships for Women

To bring more talent into cybersecurity by closing the gender gap, The National Center for Women in Technology and SANS are providing more than $300,000 in scholarships for advanced hands-on training in the most sought-after skills. Women who demonstrate aptitude for and basic skills in cybersecurity are eligible. The admissions process is now open<https://www.sans.org/cybertalent/immersion-academy/programs?#womens-academy> and qualifying exams are being held through October 30.

Learn more about SANS programs for a cybersecurity career<http://www.sans.org/cybertalent/immersion-academy/>.


4. FBI Urges Use of Two-Factor Authentication

The FBI is encouraging small- and medium-sized businesses and Internet users in general to use two-factor authentication to safeguard personal information. The FBI is doing this as part of this year's National Cyber Security Awareness Month. Read more on FBI.gov<https://www.fbi.gov/news/news_blog/cyber-tip-protect-yourself-with-two-factor-authentication>

At MIT you can sign up for two-factor authentication at the Keep IT Safe table on 10/20 (see above), via the online form at duo.mit.edu<http://duo.mit.edu>, or by contacting the IS&T Help Desk<http://ist.mit.edu/help>.


A copy of this newsletter can be found on ist.mit.edu/news<http://ist.mit.edu/news>.


Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20151014/f1a73da2/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20151007_duo_rocket_science-600x450.jpg
Type: image/jpeg
Size: 52850 bytes
Desc: 20151007_duo_rocket_science-600x450.jpg
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20151014/f1a73da2/attachment-0001.jpg

More information about the ist-security-fyi mailing list