<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;">In this issue:</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">1. Microsoft Security Updates for September 2014</div>
<div style="margin: 0px; font-family: Helvetica;">2. Firefox Enhances SSL Security</div>
<div style="margin: 0px; font-family: Helvetica;">3. Celebrities’ iCloud Accounts Breached</div>
<div style="margin: 0px; font-family: Helvetica;">4. Home Depot Hit By Malware Similar to Target Breach</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">1. Microsoft Security Updates for September 2014</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Microsoft is planning to <a href="https://technet.microsoft.com/library/security/ms14-sep">
release four updates</a> this Tuesday, September 9, to address various flaws. On the same date Microsoft is also planning to release a new security feature for Internet Explorer (IE), called out-of-date ActiveX control blocking and a new version of the Windows
Malicious Software Removal Tool. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Affected software being updated includes Windows, IE (rated critical) and Lync Server.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.zdnet.com/microsoft-to-patch-windows-ie-lync-server-next-week-7000033324/">Read the full story in the news</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">2. Firefox Enhances SSL Security</div>
<div style="margin: 0px; font-family: Helvetica;">---------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Mozilla recently released <a href="https://www.mozilla.org/en-US/firefox/32.0/releasenotes/">
Firefox 32</a> to improve browser security. The newest incarnation of the browser now includes
<a href="https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning">public key pinning</a> in an effort to protect users from man-in-the-middle attacks. “Key pinning allows site operators to specify which certificate authorities (CAs) may issue valid
certificates for them, rather than accepting any of the many CAs that are trusted.”
<a href="http://www.eweek.com/cloud/firefox-32-debuts-with-improved-ssl-security.html">
Read the full story in the news</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Note that this version of Firefox is not currently supported by IS&T. <a href="https://ist.mit.edu/certificates">Learn more about certificates at MIT</a>. <a href="http://ist.mit.edu/software/browsers">Supported
browsers at MIT</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">3. Celebrities’ iCloud Accounts Breached</div>
<div style="margin: 0px; font-family: Helvetica;">------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Apple has acknowledged that several celebrities’ iCloud accounts were compromised, but the company has said it was done by guessing or stealing login credentials, rather than breaching Apple’s iCloud security.
According to Apple, these breaches are the result of a “very targeted attack on user names, passwords and security questions.”</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">According to security experts, the underlying problem with iCloud is that while Apple offers two-factor authentication for logging into iCloud and for making iTunes purchases, the authentication method did not
extend to all areas of iCloud, to back ups, for example. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.darkreading.com/attacks-breaches/celeb-hack-is-apple-telling-all-it-knows/a/d-id/1306923?">Read the full story in the news</a>.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica;">4. Home Depot Hit By Malware Similar to Target Breach</div>
<div style="margin: 0px; font-family: Helvetica;">--------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Security researcher, Brian Krebs,
<a href="http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-target/">
published information on his security blog</a> yesterday about the cyber attack on Home Depot. Reportedly, the compromised credit cards were exposed through the same malware that exposed 40 million accounts of Target customers in December 2013. He points to
a new variant of the malware strain “BlackPOS,” aimed at retail accounts, which has the ability to steal credit and debit card information from the physical memory of point-of-sale devices. </div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">If this information is true, then it could mean the same people were responsible in both breaches. Credit card numbers allegedly stolen from Home Depot have appeared on an underground cybercrime shop known as
Rescator, which has also been seen selling cards stolen in the Target breach. According to Krebs, the people involved harbor anti-American sentiments.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;"><a href="http://www.cnet.com/news/home-depot-victim-of-same-malware-that-hit-target-report/">Read the story in the news</a>.</div>
<div style="margin: 0px; font-family: Helvetica;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">
<div style="margin: 0px;">=======================================================================================</div>
<div style="margin: 0px;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style="margin: 0px;">=======================================================================================</div>
<div style="margin: 0px;"><br>
</div>
</div>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<br>
Monique Buchanan<br>
IT Security Communications Coordinator<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href="http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
</div>
<br>
</body>
</html>