Wall of Fame - Cape Girardeau

MOREnet Security News Review -- April 14 - 18, 2014

Friday, April 18, 2014

M3 CALL FOR PRESENTATIONS IS OPEN!

Do you have expertise in a specific area or experiences you’d like to share that would help others make informed decisions or avoid mistakes?  Click the following link to submit your presentation for MOREnet’s Annual Conference that will be held October 27-30 at the Holiday Inn Executive Center in Columbia, MO.
http://conferences.more.net/content/call-presentations-now-open-2014-morenet-annual-conference
 

WEEKLY THREAT RESOURCE SITE

McAfee Labs
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Tech support scams of the recent past have called unsuspecting victims on the telephone and advised of an infected machine.  They claimed to be from a major technology company, and convinced the victim to load remote control software.  Today, similar scams are circulating the Internet claiming to be popular services. 
 
Netflix Scam Uses Elaborate Tech Support Ruse
Cybercriminals Combine Phishing with Tech Support Scams
 

TOP HEADLINES THIS WEEK

The history of malware samples in numbers
VMware patches man-in-the-middle vSphere vuln
Akamai admits its OpenSSL patch was faulty, reissues keys
IRS plays-up identity theft, fraud fight
Yahoo quickly fixes Flickr SQL injection, remote code execution flaws
Akamai Heartbleed patch not a fix after all
Experts Find 11 Issues in TrueCrypt, but No Backdoors or Malicious Code
Heartbleed: Android Phones Still at Risk for Data Breach
Heartbleed: Teenager charged after Canadian taxpayer hack
Windows XP security update with bug error causes havoc
DDoS Attackers Change Techniques To Wallop Sites
Michaels breach exposes nearly 3M payment cards
 

VULNERABILITIES AND PATCHES

Vulnerability Summary for the Week of April 7, 2014
Fortinet FortiADC D-series contains a cross-site scripting vulnerability
VMware reveals 27-patch Heartbleed fix plan
Oracle working on at least 13 Heartbleed fixes
Oracle Fixes 104 Security Holes with April 2014 CPU
Drupal 7.27 and 6.31 Released to Fix Information Disclosure Vulnerability
 

SECURITY TOOLBOX

Best browsers for safe surfing
Security App of the Week: Microbe, a Pentesting Tool for Chrome
Sysdig - System Exploration & Troubleshooting Tool
Trustwave's SpiderLabs Launches ModSecurity 2.8.0
Microsoft Releases Updated Threat Modeling Tool 2014
Burp Suite Professional v1.6 Released
Netcraft adds Heartbleed sniffing to site-scanning browser tool
 

FEATURED SERVICE

Mobility Management with AirWatch by Vmware -- MOREnet is pleased to offer members discounted device licenses for the AirWatch by VMware hosted solution suites as well as optional discounted setup assistance from the AirWatch team. More than just mobility management - AirWatch offers a variety of tools to control how mobile devices are used in a specific setting (school, campus, office, library) all through a web-based console. Click here for additional information.
 

UPCOMING TRAINING AND EVENTS

1.       File Sharing 101 – Wednesday, May 7, 2014 – Online Webinar – You just received a notification that someone on your network is sharing Copyrighted Material.  Now what?  While P2P file sharing technology is completely legal, many of the files shared through P2P are copyrighted and therefore could put your organization at risk of being involved in a lawsuit.  In the Webinar we’re going to explore the different types of file-sharing applications, how they work, and if there’s anything you can do to control them.  Click here to register for this event.
2.       Security Roadshow! – MOREnet Security is excited to hit the road again this summer to bring the 2014 Security Roadshow to a location near you.  Since we’re making the rounds in June this year, we decided to take a slightly different approach and are going to focus on different aspects of the current threat landscape – from a MOREnet member’s perspective – and what you can do to better protect/secure your organization.  We also hope you’ll take the opportunity during each session to share best practices and brainstorm solutions with MOREnet members in your part of the state.  
a.       The first four sessions will be hosted at different locations around the state and will be a Lunch and Learn style where you BYOBB (Bring Your Own Brown Bag) from 11:00 AM – 1:00 PM. 
b.      The fifth session is for those of you who aren’t able to attend one of the hosted events and will be an online active webinar.
c.       Here’s the preliminary agenda for each session:
     i.      Welcome and introductions
     ii.      Social Media – A brief overview of the everyday risks to adults and kids with today’s social media apps
     iii.      Account Auditing and Security – School will soon be out for summer, and open accounts of users
          who are not returning are a great avenue for attack
     iv.      DDoS Mitigation – Is there anything you can do to prevent DNS and NTP amplification attacks
     v.      Filehsaring – What it is, How it works and Can you control it
     vi.      Current Threat Landscape – What’s in the news and how it relates to our member organizations
     vii.      Discussion, Questions and Prizes!!!
 

Roadshow Dates and Locations:

Tuesday June 3, 2014
Houston R-1 School District
Vocational Building
905 Hill Street
Houston, MO 65483
Click this link to register!
 
Wednesday June 4, 2014
Wentzville R-IV School District
719 W. Pearce Blvd
Wentzville, MO 63385
Click this link to register!
 
Tuesday June 10, 2014
Moberly Area Community College
Moberly Campus – Main Building Blue Room
101 College Ave
Moberly, MO 65270
Click this link to register!
 
Wednesday June 11, 2014
Mid-Continent Public Library
Woodneath Library Center
8900 NE Filntlock Road
Kansas City, MO 64157
Phone: 816.883.4900
Click this link to register!
 
Thursday June 12, 2014
Online Webinar
Click this link to register!
 
Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter.
 

SECURITY AWARENESS TIP OF THE WEEK

Do you remember to lock your computer when you walk away?  If not, do you know who has easy access?  Although much of the data we touch each day isn’t confidential, that doesn’t mean it isn’t sensitive and worth protecting.  Usually this is as easy as pressing CTRL-ALT-DEL. 
Basic Security Measures We Sometimes Forget: Lock Your Computer
Ten Reasons to Lock Your Desktop