MOREnet Security News Review -- December 30, 2013 - January 3, 2014
WEEKLY THREAT RESOURCE SITE
KNOW YOUR ENEMY – THREAT ID OF THE WEEK
Privacy. It’s not a word commonly associated to a threat, but the events and breaches of the last year have brought that into question. Join the happenings of January 28, 2014 for Data Privacy Day!
How to Protect your Privacy on Social Media
StaySafeOnline Data Privacy Day
TOP HEADLINES THIS WEEK
How to block traffic from other countries in linux
Lessons from five advanced attacks of 2013
Hackers Spend Christmas Break Launching Large Scale NTP-Reflection Attacks
Court-Related Spam Emails Used to Distribute Malware
Don’t Want Your Laptop Tampered With? Just Add Glitter Nail Polish
New malware roosting place: Inside your SD Card?
7 Sneak Attacks Used By Today's Most Devious Hackers
Key trends in ransomware, evasion techniques and social attacks
Hackers Can Access Admin Panel of Some Netgear and Linksys Routers
CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes
VULNERABILITIES AND PATCHES
Vulnerability Summary for the Week of December 23, 2013
OpenSSL.org Hacked and Defaced
eBay Vulnerable to Account Hijacking Via XSRF
RealPlayer version 220.127.116.11 contains a buffer overflow vulnerability
On-site Wireless Assessment Surveys - MOREnet offers On-site Wireless Assessment Surveys using industry-leading wireless assessment equipment and software. Whether troubleshooting existing wireless issues or planning to build or reconfigure a wireless network, MOREnet trained technicians can assist by providing members an on-site wireless survey and radio frequency (RF) survey map of the analysis. In addition, MOREnet can also deliver an optional written summary with findings and recommendations for members to share with their organization as they begin their planning process. http://www.more.net/services/wireless-assessment-surveys
UPCOMING TRAINING AND EVENTS
1. Wireshark How-To Series – Personalized Profiles – Tuesday, January 7, 2014 – Online Webinar -- This is the fifth installment of our Wireshark How-To Series. In this webinar we’ll step through customizing Wireshark’s GUI Interface and capture options. We’ll cover the basics of profiles and how to customize Wireshark for specific tasks. Click here to register for this event
2. Active Directory Overhaul! A Deep Look at AD Management Tools – Monday, January 13, 2014 – MOREnet, Columbia, Missouri – Guest Trainer Derek Melber – There are many tools that are built in when you install Active Directory, but that does not mean they are easy to use, useful or complete. There are also some amazing free and pay-for tools for AD, which can be very helpful when trying to manage and troubleshoot Active Directory. We will cover many built-in tools, discuss how they work and see how to leverage them. We will also look at some other tools which can dramatically help with your management of AD. Click here to register for this event.
3. Get a Grip on Group Policy! Management, Backup, Recovery Techniques and Tools – Tuesday, January 14, 2014 – MOREnet, Columbia, Missouri – Guest Trainer Derek Melber – Group Policy is an awesome, powerful and complex tool. With this much power and complexity, you need to ensure you have all of your ducks in a row, otherwise you can cause havoc in your environment. In this workshop we will go over some of the best of breed tools that can help you work with the built-in tools for Group Policy to ensure you have everything you need to manage, backup and recover from a Group Policy issue. Click here to register for this event.
4. Wireshark How-To Series – Using Wireshark’s Expert System – Tuesday, January 21, 2014 – Online Webinar -- This is the sixth and final installment of our first series of Wireshark How-Tos. In this webinar we’ll step through how to use Wireshark’s Expert System. We’ll cover how to launch Expert Info, colorize Expert Info elements, filter elements, and how to understand what triggers each element. Click here to register for this event
5. Introduction to Windows 2008 Server Administration – Tuesday, February 4, – February 5, 2014 – MOREnet, Columbia, MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned. Click here to register for this event
6. Social Media Series Part 1, Risks of Social Media – Wednesday, February 5, 2014 – Online Webinar – Does your staff or students understand the risks they take when posting comments or pictures to social media sites? Join us for a discussion of the unseen risks to innocent posts. Click here to register for this event.
7. Introduction to Windows 2008 DNS, DHCP and CSVde – Thursday, February 6, 2014 – MOREnet, Columbia, MO -- This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend. Click here to register for this event
8. Windows 2008 Group Policy – Friday February 7, 2014 – MOREnet, Columbia, MO -- This class is designed to allow students to centrally manage workstations and servers with Group Policy Objects (GPOs) within a Windows Active Directory domain. In class we will start at the beginning with defining what Group Policy is and what can be accomplished by using Group Policies within your organization. We will create simple group policies and test their effectiveness on a windows 7machine. We will explore some advanced Group Policy subjects such as redirecting user data and folders, deploying software and finish with using Group Policy Preferences to Map Drives and clean out folders. Click here to register for this event
9. Social Media Series Part 2, Understanding the Privacy Settings of Popular Social Media Sites– Wednesday February 19, 2014 – Online Webinar. Even if you understand the risks associated with social media, which settings are best and how do you find them on each site? This webinar will focus primarily on Facebook privacy settings, but will include references to many other social media sites. Click here to register for this event.
10. SANS SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education – Tuesday, February 25 – Wednesday, February 26, 2014, MOREnet, Columbia, MO -- This educational program gives IT admins the tools and techniques to illuminate evidence of potentially malicious activity on their systems and to look deeper to determine whether the problems they see are real. It allows them to become the hacker guards for malicious activity in their organization. It uses hands-on exercises to ensure they are comfortable using the tools. MOREnet members are eligible for a price of $1200. Click here for registration information.
11. Social Media Series Part 3, Understanding the Privacy Settings of Popular Devices Media – Wednesday March 5, 2014 – Online Webinar – So your social media websites are locked down, but are all settings enforced the same if the device isn’t secured? Join us for a discussion of device settings to review to protect yourself from social media and other apps. Click here to register for this event.
Do you know of any upcoming security-related training events? Please send them to firstname.lastname@example.org for inclusion in this newsletter!
SECURITY AWARENESS TIP OF THE WEEK
Are the teens in your school or library using Snapchat? Are they under the false belief that everything really “disappears” in 10 seconds? This is the time to help the kids (and their adults) learn the truth – nothing sent through the Internet is temporary! Need help explaining these issues? Tune in to our Social Media Webinars scheduled for February and March!
Attackers could match phone numbers to Snapchat accounts, researchers say
Overexposed: Snapchat user info from 4.6M accounts
Snapchat Can Turn Over Unopened Snaps to Law Enforcement
Guide for Parents from Snapchat