Columbia, MO Courthouse

MOREnet Security News Review -- April 28 - May 2, 2014

Friday, May 2, 2014

WEEKLY THREAT RESOURCE SITE

Threatpost
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Vishing – “Voice over IP phishing, or vishing, is a form of phishing that relies on users getting tricked into giving up their payment card information after receiving phone or SMS messages – purporting to come from banks – instructing them to do so.” Check out the following links for more information.
 
Vishing Attacks Targeting Dozens of Banks
Phishing, pharming, vishing and smishing
Vishing and How it Works
Cell Pwn: ‘Vishing’ Scam Targets Bank Customers via SMS
 

TOP HEADLINES THIS WEEK

Windows XP Systems Also Get Out-of-Band IE Zero-Day Patch
Phishing Finds a Bevy of New Hosts, Exploiting Open RDP Ports of Home PCs
Nine patterns make up 92 percent of security incidents
Dealing with the Many Stages of Pen Test Result Grief Part 1
DDoS trends: attackers vary DDoS size to cloak other attacks
Volume of NTP Amplification Attacks Getting Louder
UltraDNS Dealing With DDoS Attack
NTP Attacks Increase DDoS Attack Size: Arbor Networks
AOL Investigating Breach, Urges Users to Change Passwords
Android malware worm catches unwary users
Six infosec tips I learned from Game of Thrones
Kali Linux website hacked by The GreaT Team
Post-Heartbleed: When Not to Change Your Password
 

VULNERABILITIES AND PATCHES

Security Update for Internet Explorer
Security updates available for Adobe Flash Player
US-CERT Vulnerability Summary for the Week of April 21, 2014
Firefox 29 is out – it’s more secure, but does it *look* better, too?
 

HOW DO THEY DO THAT?

Using Facebook Notes to DDoS any website
Decrypting IIS Passwords to Break Out of the DMZ: Part 1
Decrypting IIS Passwords to Break Out of the DMZ: Part 2
 

SECURITY TOOLBOX

Sigcheck – How to Easily Check an Entire Windows Folder Using Many Different Antimalware Programs
WhoIsConnectedSniffer – Network Discovery Tool
SpiderFoot v2.1.4 Released
Get a Disposable, Secure, Email Address on Demand. For Free.
iGoat v2.1 Released
 

FEATURED SERVICE

Virtual Servers -- MOREnet is offering a virtual server service for members to host services outside their networks ("in the cloud"). Subscribers can run many of their existing services on a remotely located server, avoiding the cost of buying and upgrading servers and increasing their server resources with a single phone call. Subscribers will have access to a virtual server environment located in a secure data facility that connects directly into the core MOREnet network. MOREnet will provide access to the virtual server control console for the subscriber to maintain their virtual server. Alternatively, MOREnet can manage the operating system of the subscriber's virtual server. Check out the following link for additional features and benefits. http://www.more.net/services/virtual-servers
 

UPCOMING TRAINING AND EVENTS

  1.  File Sharing 101 – Wednesday, May 7, 2014 – Online Webinar – You just received a notification that someone on your network is sharing Copyrighted Material.  Now what?  While P2P file sharing technology is completely legal, many of the files shared through P2P are copyrighted and therefore could put your organization at risk of being involved in a lawsuit.  In the Webinar we’re going to explore the different types of file-sharing applications, how they work, and if there’s anything you can do to control them.  Click here to register for this event.
  2. Aerohive Certified Wireless Administrator (ACWA) First-level WLAN essentials training course – Tuesday, May 13, 2014 – Wednesday, May 14, 2014 --  Designed for network professionals responsible for managing and supporting wireless LAN networks, this extensive course will provide you with the information and skills necessary to gain an understanding of Aerohive’s cooperative control WLAN architecture. Learn best practices in designing and optimizing an Aerohive WLAN. Configure and manage Aerohive Access Points, and HiveManager. Troubleshoot routine problems in your wireless environment. Click here to register for this event.
  3.  Aerohive Certified Wireless Professional (ACWP) Second-level advanced WLAN training course --  Thursday, May 15 – Friday, May 16, 2014 -- This course is designed for experienced Aerohive customers and partners seeking to learn about advanced configuration, troubleshooting, and WLAN design and integration. Click here to register for this event.
  4. Security Roadshow! – MOREnet Security is excited to hit the road again this summer to bring the 2014 Security Roadshow to a location near you.  Since we’re making the rounds in June this year, we decided to take a slightly different approach and are going to focus on different aspects of the current threat landscape – from a MOREnet member’s perspective – and what you can do to better protect/secure your organization.  We also hope you’ll take the opportunity during each session to share best practices and brainstorm solutions with MOREnet members in your part of the state.

Roadshow Dates and Locations:
Tuesday, June 3 - Houston R-1 School District
Wednesday, June 4 - Wentzville R-IV School District
Tuesday, June 10 - Moberly Area Community College
Wednesday, June 11 - Mid-Continent Public Library, Kansas City
Thursday, June 12 - Online Webinar
Click this link to register

 

Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter.
 

SECURITY AWARENESS TIP OF THE WEEK

Internet Etiquette – It’s never too early to start teaching kids how to be good netizens. Check out the following links for information and tips on the do’s and don’ts of Internet life.
 
Teaching Internet Etiquette
Online Etiquette for Kids
5 things to Teach Your Kids About Digital Etiquette
7 Rules to Teach Kids Online Etiquette
Teaching Your Kids Social Media Etiquette