MOREnet Security News Review -- September 15 - 19, 2014

Friday, September 26, 2014

October is National Cyber Security Awareness Month – Now’s the time to start putting things in motion! Check out the following resources to help you plan events and activities for your organization.

http://www.himss.org/library/healthcare-privacy-security/national-cyber-security-awareness-month
http://www.securingthehuman.org/resources/ncsam
http://www.nascio.org/advocacy/cybersecurity/
https://wiki.internet2.edu/confluence/display/2014infosecurityguide/NCSAM+Resource+Kit
http://www.kctv5.com/story/26565737/countdown-to-national-cyber-security-awareness-month-kicks-off
 

WEEKLY THREAT RESOURCE SITE

ESG MalwareTracker
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Spyware  –  According to Wikipedia, Spyware is “…software that aids in gathering information about a person or organization without their knowledge…” It is a type of Malware (Malicious Software) that most often is installed without the user’s knowledge. Check out the following links to find out more.
Microsoft Safety & Security Center – What is Spyware?
OnGuardOnline Beware of Spyware Game
SpywareGuide
Spyware Warrior
 

TOP HEADLINES THIS WEEK

5 Ways To Monitor DNS Traffic for Security Threats
Attackers tapping on SNMP door to see if it’s open
Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5
7 Reasons To Love Passwords
Data Privacy Etiquette: It’s Not Just For Kids
5 Myths: Why We Are All Data Security Risks
Apple adds two-step verification for iCloud, effective immediately
BitTorrent’s peer-to-peer chat app Bleep goes live as public alpha
Third-Party Software is a Security Threat (Part 1)
New milestone in the conversation about electronic privacy laws
 

VULNERABILITIES AND PATCHES

US-CERT Vulnerability Summary for the Week of September 8, 2014
Firefox sneaks out an “inbetweener” update, with security improvements rather than fixes
Adobe Security Bulletin – September 16, 2014
FreeBSD Security Advisory
 

SECURITY TOOLBOX

OWASP Testing Guide v4.0 Released
Wireshark 1.12.1 Released
 

HOW DO THEY DO THAT?

Keyless SSL: The Nitty Gritty Technical Details
 

FEATURED SERVICE

Virtual Servers  -- MOREnet is offering a virtual server service for members to host services outside their networks ("in the cloud"). Subscribers can run many of their existing services on a remotely located server, avoiding the cost of buying and upgrading servers and increasing their server resources with a single phone call. Subscribers will have access to a virtual server environment located in a secure data facility that connects directly into the core MOREnet network. MOREnet will provide access to the virtual server control console for the subscriber to maintain their virtual server. Alternatively, MOREnet can manage the operating system of the subscriber's virtual server. Click this link for more information
 

UPCOMING TRAINING AND EVENTS

  1. 2014 MOREnet Annual Conference – Monday, October 27 – Thursday, October 30, Columbia, MO – It’s not always about the technology- It’s also about what the technology can do for you. MOREnet’s Annual Conference is a professional development opportunity that allows our members to choose the track that’s right for you. Do you want to mix and match sessions tracks? That’s okay, too! Click this link for more information

FREE ONLINE SECURITY TRAINING

Symantec Video: How to troubleshoot a virus outbreak on your network
CISSP Training Video: Authentication technologies, federated identities
 
Do you know of any upcoming security-related training or events?  Please send them to security@more.net for inclusion in this newsletter.
 

CYBER SECURITY QUOTE OF THE WEEK

When it comes to privacy and accountability, people always demand the former for themselves and the latter for everyone else. — David Brin