[IS&T Security-FYI] Security FYI Newsletter, March 26, 2015

Thu Mar 26 13:07:03 EDT 2015

In this issue:

1. OpenSSL Project Fixes 12 Security Issues
2. Apple Security Update
3. Security Training By SANS

————————————————————
1. OpenSSL Project Fixes 12 Security Issues
————————————————————

The OpenSSL Project has released fixes to address a dozen flaws in the open source cryptographic protocol implementation (OpenSSL Security Advisory<https://www.openssl.org/news/secadv_20150319.txt>). One of the vulnerabilities has been classified as high severity; it could be exploited to cause denial-of-service (DoS) conditions.

Users should update, however it’s nowhere near serious as Heartbleed was.

Who this affects: clients that connect to an OpenSSL 1.0.2 server. Earlier versions of OpenSSL are not affected.

Read the story in the news<http://www.computerworld.com/article/2899482/openssl-fixes-serious-denial-of-service-bug-11-other-flaws.html>.

———————————
2. Apple Security Update
———————————

Apple has issued its second security update this month. Turns out the security holes fixed the previous week needed a repatch<http://www.theregister.co.uk/2015/03/20/apple_remember_those_security_holes_we_fixed_last_week_yeah_youre_going_to_need_to_patch_them_again/>. The company released security update 2015-003 for OS X Yosemite last week, addressing 2 vulnerabilities.  One vulnerability could potentially allow an attacker with a "privileged network position" to execute arbitrary code.  The other vulnerability is an privilege escalation issue.

Users can update by going to the App Store and clicking Updates. To receive updates automatically, go to System Preferences > App Store, then check the boxes for installing and downloading available updates.

Learn more about this security update.<https://support.apple.com/en-us/HT204563>

—————————————
3. Security Training By SANS
—————————————

SANS (sans.org<http://sans.org>) offers all kinds of training for professionals who are involved in cybersecurity. There are various ways to access their quality training material: by attending a live conference, accessing your training on demand (online) or hosting a training session in your community.

Courses include a range of topics including: hacker tools and techniques, forensic analysis, intrusion detection, network penetration testing, incident response and many more.

Find a training by course, location or date: http://www.sans.org/find-training/
Find or host a training in your community: http://www.sans.org/community/
On demand training: http://www.sans.org/ondemand/

=======================================================================================
Read all archived Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
=======================================================================================

Monique Buchanan
Social Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20150326/8355ed81/attachment.htm