[IS&T Security-FYI] SFYI Newsletter, November 19, 2013

Tue Nov 19 09:58:24 EST 2013

In this issue:

1. Adobe Releases Security Updates for Flash, ColdFusion

2. CyptoLocker Ransomware Prevention Tips

3. Cyber Monday & Online Shopping

------------------------------------------------------------------------------

1. Adobe Releases Security Updates for Flash, ColdFusion

------------------------------------------------------------------------------

Adobe has released security updates for Flash Player<http://www.adobe.com/support/security/bulletins/apsb13-26.html> and ColdFusion<http://www.adobe.com/support/security/bulletins/apsb13-27.html> to address four vulnerabilities. The Flash update is available for Windows, Mac, and Linux. According to Adobe, the updates are not related to the recent theft of ColdFusion source code.

Read the full article online<http://www.computerworld.com/s/article/9244025/Adobe_patches_critical_vulnerabilities_in_Flash_Player_ColdFusion?taxonomyId=17>.

------------------------------------------------------------

2. CyptoLocker Ransomware Prevention Tips

------------------------------------------------------------

An article released by US-CERT outlines the impact of this malware, which surfaced earlier this year, and how users can prevent infections. I have posted the article in the IT Knowledge Base<http://kb.mit.edu/confluence/x/IC4YCQ>.

If you have any questions about implementing any of the steps listed in the article, please contact your local IT administrator or the IS&T Help Desk<http://ist.mit.edu/help>.

Read the article<http://kb.mit.edu/confluence/x/IC4YCQ>.

-------------------------------------------------

3. Cyber Monday & Online Shopping

-------------------------------------------------

More people are expected to shop online on Cyber Monday than visit stores on Black Friday, according to American Express<http://amexspendsave.mediaroom.com/index.php?s=34135&item=22#assets_123>. The use of mobile devices for online shopping is projected to increase as well.

Whether you’ll be conducting transactions from your desktop, laptop or mobile device, keep these tips in mind to help protect yourself from identity theft and other malicious activity:

  *   Secure your computer and mobile device by making sure they are current with all operating system and application updates<http://ist.mit.edu/security/patches>. Anti-virus software<http://ist.mit.edu/security/malware> should be installed and running.
  *   Use strong passwords<http://ist.mit.edu/security/passwords>. When logging on to your computer or mobile device and when visiting sites or using applications for shopping, use passwords that are not used for other accounts.
  *   Use applications with caution. Malware could be downloaded onto seemingly legitimate shopping applications, to steal credit card or other sensitive information.
  *   Know your online merchants. Limit your shopping to merchants you know and trust. Go to them by typing in the URL rather than through a search bar. If you are unsure about a merchant, check with the Better Business Bureau<http://www.bbb.org/> or Federal Trade Commission<http://www.consumer.ftc.gov/features/feature-0014-identity-theft>.
  *   Consider using an online payment system or credit card. Where available, use online payment services, which keep your credit card information stored on a secure server, and let you make purchases online without revealing your card details to retailers (example: PayPal). When you use a card online, use a credit, not debit card, which are protected by the Fair Credit Billing Act and may reduce your liability.
  *   Look for “https” before you click to purchase. The “s” stands for secure and indicates the transaction will be encrypted. A padlock in your browser’s status window is another indicator.
  *   Secure your browser.<http://ist.mit.edu/security/browsers> Make sure it is up-to-date with latest security patches. Turn off pop-ups and unwanted ads (some browser plug-ins can suppress ads on web pages). You may also set the browser status to “private,”<http://browsers.about.com/od/faq/tp/Private-Browsing.htm> so that your activity on the Web can not be traced, removing any history and cache information from others who may have access to the same device.
  *   Do not use public computers or open wireless networks for your online shopping. Criminals may intercept traffic on public wireless to steal sensitive information. Make sure the settings for your computer or device prevent it from automatically connecting to open wireless spots.
  *   Home wireless networks should be secure with authentication requirements and a strong password.
  *   Be alert for scams. Cyber criminals try to take advantage of people’s generosity during the holiday season and can use fake charity requests to gain access to your information or computer/device. Think before clicking on emails making these requests. Don’t give your financial information to anyone via email, text or phone, especially when it is unsolicited.

More online shopping assistance can be found at:

  *   US-CERT<http://www.us-cert.gov/ncas/tips/st07-001>
  *   OnGuard Online<http://www.onguardonline.gov/articles/0020-shopping-online>
  *   Microsoft<http://www.microsoft.com/security/online-privacy/finances-rules.aspx>
  *   Privacy Rights Clearinghouse<https://www.privacyrights.org/Privacy-When-You-Shop>
  *   Internet Crime Complaint Center<http://www.ic3.gov/media/2010/101118.aspx>
  *   Internal Revenue Service<http://www.irs.gov/Charities-&-Non-Profits/Exempt-Organizations-Select-Check>

=======================================================================================

Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.

=======================================================================================

Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20131119/21e3dc05/attachment.htm