Churchill statue - Fulton, MO

MOREnet Security News Review -- August 11 - 15, 2014

Friday, August 15, 2014

WEEKLY THREAT RESOURCE SITE

ThreatTrack Security Resource Center
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Exploit Kits – Exploit Kits are used to exploit vulnerabilities in software for the purpose of spreading malware. Check out the following links to learn more about what they are and how they’re used.
Tools of the Trade: Exploit Kits
What You Need to Know About Exploit Kits
A Peek Into the Lion’s Den – The magnitude [aka PopAds] Exploit Kit
Battling with Cyber Warriors – Exploit Kits
Cisco: Blackhole arrest cuts exploit-kit traffic, but don’t let your guard down
 

TOP HEADLINES THIS WEEK

Anonymous launches #OpFerguson after cop kills unarmed Missouri teen
How computer hackers changed the Ferguson protests
Microsoft gives deadline for end of IE8 support
Dan Geer Cybersecurity Keynote at Black Hat
15 new bugs exploited at DEF CON router hacking contest
Most people think public Wi-Fi is safe. Seriously?
Volumetric DDoS activity up big-time in Q2 2014, report indicates
Thousands of People Oblivious to Fact That Anyone on the Internet Can Access Their Computers
75,000 Jailbroken iPhones, iPads Hit by Chinese Malware
 

VULNERABILITIES AND PATCHES

Microsoft Security Bulletin Summary for August 2014
US-CERT Vulnerability Summary for the Week of August 4, 2014
Adobe Security Bulletins Posted
WordPress and Drupal Denial of Service Vulnerability Full Disclosure
 

SECURITY TOOLBOX

New Free Windows system Tool Called Sysmon from Sysinternals
VIPROY – VOIP Penetration Testing Kit
Wireless Auditing, Intrusion Detection & Prevention System
SAMHAIN v3.1.2 Released
 

HOW DO THEY DO THAT?

How to Hack a Macbook Via Firewire
Verifying preferred SSL/TLS ciphers with Nmap
 

FEATURED SERVICE

Learning Management System (LMS) Hosting  – MOREnet’s Learning Management System (LMS) Hosting service provides subscribers a maintained and secure LMS instance to use in their digital learning environment. MOREnet uses Moodle as the application platform to deliver the LMS. Subscribers can control their e-learning classes and materials without the complexity and expense of managing and maintaining servers, hardware or the application itself. Local management of the content and access are all controlled by the subscriber. Click this link for additional information.
 

UPCOMING TRAINING AND EVENTS

  1. 2014 MOREnet Annual Conference – Monday, October 27 – Thursday, October 30, Columbia, MO – It’s not always about the technology- It’s also about what the technology can do for you. MOREnet’s Annual Conference is a professional development opportunity that allows our members to choose the track that’s right for you. Do you want to mix and match sessions tracks? That’s okay, too! Click this link for more information

Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter.
 

SECURITY AWARENESS TIP OF THE WEEK

It’s that time of year again… students are starting back to school and they most likely will be logging on to your network. What a great time to review your password policy and remind users about the importance of creating strong passwords. Check out the following links for password best practices and tips to keep them secure.
 
Best practices on password structure
A Practical Guide to Protecting Passwords and Your Data
Longer Passwords are Harder to Crack says Trustwave
Password Do’s and Don’ts
Best Practices for Enforcing Password Policies