<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">In this issue:</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">1. Duo Security for Students Now Required</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">2. Microsoft Security Updates for April 2016</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">3. Ransomeware and Recent Variants</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class=""><b class="">1. Duo Security for Students Now Required</b></div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Information Systems & Technology (IS&T) is
<a href="http://ist.mit.edu/news/duo-students" class="">implementing Duo two-factor authentication for MIT students</a>. Starting June 15, Duo will be required for students for accessing secure MIT systems such as Stellar, Atlas, WebSIS, and other systems protected
by Touchstone. MIT faculty and staff are already required to use Duo.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Two-factor authentication protects MIT accounts from unauthorized persons who would try to use them to access MIT systems. Over the past few years, some MIT accounts were compromised
due to weak or exposed passwords. Duo requires a second factor for verifying that you are who you say you are, by sending a prompt to a phone or mobile device that you select when you
<a href="https://duo.mit.edu/" class="">sign up for Duo</a>. </div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">If you are a student, signing up
<span style="text-decoration: underline" class="">before</span> June 15 guarantees that your access to MIT systems will not be interrupted. If you are faculty or staff, please assist students in your department as this effort rolls out. </div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">The IS&T Service Desk can take questions at 617.253.1101,
<a href="mailto:helpdesk@mit.edu" class="">helpdesk@mit.edu</a> and at the walk-in center at E17-110. Or come by one of the Duo tables in W20
<a href="http://events.mit.edu/searchresults.html?fulltext=duo&andor=and&start.month=04&start.day=14&start.year=2016&end.month=05&end.day=14&end.year=2016" class="">
through May 11</a>, where free giveaways will be on hand.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class=""><a href="http://kb.mit.edu/confluence/x/m9YwCQ" class="">Learn more about Duo two-factor authentication</a>.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class=""><b class="">2. Microsoft Security Updates for April 2016</b></div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">On April 12, Microsoft released thirteen
<a href="https://technet.microsoft.com/en-us/library/security/ms16-apr.aspx" class="">
security bulletins</a>, six of which are critical. Systems affected include Microsoft Windows, Internet Explorer, and Microsoft Edge. There is also an update for
<a href="http://www.adobe.com/software/flash/about/" class="">Adobe Flash Player</a> when installed on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 and Windows 10.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Be sure to accept the updates as they occur, or go to the
<a href="http://www.update.microsoft.com/" class="">Windows Update</a> site. You may need to restart your machine after installing patches. </div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class=""><b class="">3. Ransomeware and Recent Variants</b></div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Last month US-CERT, the United States Computer Emergency Readiness Team, put out a
<a href="https://www.us-cert.gov/ncas/alerts/TA16-091A" class="">security alert</a> regarding the vulnerability of networked systems to recent variants of ransomware, such as Locky and Samas. This malicious software (also known as a computer virus) infects
a computer and restricts users’ access to it until a ransom is paid to unlock it.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Generally, a computer is infected through a file downloaded from the Internet that appears to be legitimate software. It could be a file attached to an email or the file will install
when visiting an infected website. Some variants spread through social media, such as Web-based instant messaging applications. </div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Once the file is on a computer system, an on-screen alert displays, stating that the user’s system is locked or that the user’s files have been encrypted. The message states that unless
a ransom is paid, access will not be restored. The ransom demand varies between $200 - $400, and must be paid in virtual currency, such as Bitcoin.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Infections to computer systems can be devastating to an individual or organization. Recovery of encrypted files can be a difficult process and may require the services of a data recovery
specialist.</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">Some recommendations to avoid these kinds of disruptions are to ensure you have a full
<a href="http://ist.mit.edu/backup" class="">data backup and recovery plan</a> for all critical information. Perform and test regular backups. Keeping your system up to date with the latest
<a href="http://ist.mit.edu/security/patches" class="">patches</a> reduces the number of exploitable entry points for infected files. Be sure to maintain
<a href="http://ist.mit.edu/virus" class="">virus-protection software</a>. </div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial;" class="">For more tips on keeping your system safe from viruses, see
<a href="http://ist.mit.edu/secure" class="">IS&T’s Secure Computing page</a>. </div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div style="margin: 0px; line-height: normal; font-family: Arial; min-height: 16px;" class="">
<br class="">
</div>
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
Monique Buchanan<br class="">
Communications Specialist<br class="">
Information Systems & Technology (IS&T)<br class="">
Massachusetts Institute of Technology<br class="">
<a href="http://ist.mit.edu" class="">http://ist.mit.edu</a><br class="">
tel: 617.253.2715</div>
<div style="color: rgb(0, 0, 0); font-family: Avenir; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<br class="">
</div>
<br class="Apple-interchange-newline">
</div>
</div>
</div>
<br class="">
</div>
<br class="Apple-interchange-newline">
</div>
<br class="Apple-interchange-newline">
<br class="Apple-interchange-newline">
</div>
<br class="">
</body>
</html>