[IS&T Security-FYI] Security FYI Newsletter, April 14, 2016

[Monique Buchanan]

In this issue:

1. Duo Security for Students Now Required
2. Microsoft Security Updates for April 2016
3. Ransomeware and Recent Variants


1. Duo Security for Students Now Required

Information Systems & Technology (IS&T) is implementing Duo two-factor authentication for MIT students<http://ist.mit.edu/news/duo-students>. Starting June 15, Duo will be required for students for accessing secure MIT systems such as Stellar, Atlas, WebSIS, and other systems protected by Touchstone. MIT faculty and staff are already required to use Duo.

Two-factor authentication protects MIT accounts from unauthorized persons who would try to use them to access MIT systems. Over the past few years, some MIT accounts were compromised due to weak or exposed passwords. Duo requires a second factor for verifying that you are who you say you are, by sending a prompt to a phone or mobile device that you select when you sign up for Duo<https://duo.mit.edu/>.

If you are a student, signing up before June 15 guarantees that your access to MIT systems will not be interrupted. If you are faculty or staff, please assist students in your department as this effort rolls out.

The IS&T Service Desk can take questions at 617.253.1101, helpdesk at mit.edu<mailto:helpdesk at mit.edu> and at the walk-in center at E17-110. Or come by one of the Duo tables in W20 through May 11<http://events.mit.edu/searchresults.html?fulltext=duo&andor=and&start.month=04&start.day=14&start.year=2016&end.month=05&end.day=14&end.year=2016>, where free giveaways will be on hand.

Learn more about Duo two-factor authentication<http://kb.mit.edu/confluence/x/m9YwCQ>.


2. Microsoft Security Updates for April 2016

On April 12, Microsoft released thirteen security bulletins<https://technet.microsoft.com/en-us/library/security/ms16-apr.aspx>, six of which are critical. Systems affected include Microsoft Windows, Internet Explorer, and Microsoft Edge. There is also an update for Adobe Flash Player<http://www.adobe.com/software/flash/about/> when installed on Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1 and Windows 10.

Be sure to accept the updates as they occur, or go to the Windows Update<http://www.update.microsoft.com/> site. You may need to restart your machine after installing patches.


3. Ransomeware and Recent Variants

Last month US-CERT, the United States Computer Emergency Readiness Team, put out a security alert<https://www.us-cert.gov/ncas/alerts/TA16-091A> regarding the vulnerability of networked systems to recent variants of ransomware, such as Locky and Samas. This malicious software (also known as a computer virus) infects a computer and restricts users’ access to it until a ransom is paid to unlock it.

Generally, a computer is infected through a file downloaded from the Internet that appears to be legitimate software. It could be a file attached to an email or the file will install when visiting an infected website. Some variants spread through social media, such as Web-based instant messaging applications.

Once the file is on a computer system, an on-screen alert displays, stating that the user’s system is locked or that the user’s files have been encrypted. The message states that unless a ransom is paid, access will not be restored. The ransom demand varies between $200 - $400, and must be paid in virtual currency, such as Bitcoin.

Infections to computer systems can be devastating to an individual or organization. Recovery of encrypted files can be a difficult process and may require the services of a data recovery specialist.

Some recommendations to avoid these kinds of disruptions are to ensure you have a full data backup and recovery plan<http://ist.mit.edu/backup> for all critical information. Perform and test regular backups. Keeping your system up to date with the latest patches<http://ist.mit.edu/security/patches> reduces the number of exploitable entry points for infected files. Be sure to maintain virus-protection software<http://ist.mit.edu/virus>.

For more tips on keeping your system safe from viruses, see IS&T’s Secure Computing page<http://ist.mit.edu/secure>.



Monique Buchanan
Communications Specialist
Information Systems & Technology (IS&T)
Massachusetts Institute of Technology
http://ist.mit.edu
tel: 617.253.2715







-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20160414/a09c2899/attachment.html