Churchill statue - Fulton, MO

MOREnet Security News Review -- January 13 - 17, 2014

Friday, January 17, 2014

WEEKLY THREAT RESOURCE SITE

Webroot Threat Blog
 

 KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Boaxxe Adware – This malware family’s end goal is to divert traffic to advertisement websites using click fraud techniques. Check out the following links for information on what it’s used for and how it works.
 
Boaxxe adware: ‘A good ad sells the product without drawing attention to itself’ – Pt 1
Boaxxe adware: ‘A good ad sells the product without drawing attention to itself’ – Pt 2
How to remove Boaxxe
MS Malware Protection Center Technical Information
 

TOP HEADLINES THIS WEEK                                                  

Patch Tuesday January 2014 – Microsoft, Adobe and Oracle
New DoS attacks taking down game sites deliver crippling 100Gbps floods
 FTC Warns Users of New Twist on Tech Support Scam
Hotspot Shield VPN Reaches 200 MM Downloads + Security Trends
Sophos Security Chet Chat – Episode 130 [PODCAST]
Executive Series White Paper: Man, Machine and DDoS Mitigation
How to Disable Gmail’s New Feature that Let Google+ Users Email You
Why the Security Stack Has Ten Layers, Not Seven
Healthcare.gov security – ‘a breach waiting to happen’
Fridge raiders: Will 2014 REALLY be the year your Smart Home gets hacked?
A First Look at the Target Intrusion, Malware
Secure Windows XP after updates end
 

 VULNERABILITIES AND PATCHES

Microsoft Security Bulletin Summary for January 2014
Oracle Critical Patch Update Pre-Release Announcement – January 2014
US-CERT Alert (TA14-013A) NTP Amplification Attacks Using CVE-2013-5211
 US-CERT Vulnerability Summary for the Week of January 6, 2014
Undocumented Test Interface in Cisco Small Business Devices
 

 SECURITY TOOLBOX

Secure NTP Template
SANS Information Security Policy Templates
 

 FEATURED SERVICE

Internet Content Filtering  – MOREnet offers Internet Content Filtering (ICF) powered by Netsweeper to all interested members. Check out the following link for more information on features and service offerings. http://www.more.net/services/internet-content-filtering
 

UPCOMING TRAINING AND EVENTS

  1. Wireshark How-To Series – Using Wireshark’s Expert System – Tuesday, January 21, 2014 – Online Webinar -- This is the sixth and final installment of our first series of Wireshark How-Tos. In this webinar we’ll step through how to use Wireshark’s Expert System. We’ll cover how to launch Expert Info, colorize Expert Info elements, filter elements, and how to understand what triggers each element. Click here to register for this event
  2. Introduction to Windows 2008 Server Administration – Tuesday, February 4, – February 5, 2014 – MOREnet, Columbia, MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned. Click here to register for this event
  3. Social Media Series Part 1, Risks of Social Media – Wednesday, February 5, 2014 – Online Webinar – Does your staff or students understand the risks they take when posting comments or pictures to social media sites?  Join us for a discussion of the unseen risks to innocent posts. Click here to register for this event.
  4. Introduction to Windows 2008 DNS, DHCP and CSVde – Thursday, February 6, 2014 – MOREnet, Columbia, MO -- This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend. Click here to register for this event
  5. Windows 2008 Group Policy – Friday February 7, 2014 – MOREnet, Columbia, MO -- This class is designed to allow students to centrally manage workstations and servers with Group Policy Objects (GPOs) within a Windows Active Directory domain. In class we will start at the beginning with defining what Group Policy is and what can be accomplished by using Group Policies within your organization. We will create simple group policies and test their effectiveness on a windows 7machine. We will explore some advanced Group Policy subjects such as redirecting user data and folders, deploying software and finish with using Group Policy Preferences to Map Drives and clean out folders. Click here to register for this event
  6. Social Media Series Part 2, Understanding the Privacy Settings of Popular Social Media Sites– Wednesday February 19, 2014 – Online Webinar.  Even if you understand the risks associated with social media, which settings are best and how do you find them on each site?  This webinar will focus primarily on Facebook privacy settings, but will include references to many other social media sites. Click here to register for this event.
  7. SANS SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education – Tuesday, February 25 – Wednesday, February 26, 2014, MOREnet, Columbia, MO -- This educational program gives IT admins the tools and techniques to illuminate evidence of potentially malicious activity on their systems and to look deeper to determine whether the problems they see are real. It allows them to become the hacker guards for malicious activity in their organization. It uses hands-on exercises to ensure they are comfortable using the tools. MOREnet members are eligible for a price of $1200.  Click here for registration information.
  8. Social Media Series Part 3, Understanding the Privacy Settings of Popular Devices Media – Wednesday March 5, 2014 – Online Webinar – So your social media websites are locked down, but are all settings enforced the same if the device isn’t secured?  Join us for a discussion of device settings to review to protect yourself from social media and other apps.  Click here to register for this event.

Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter! 
 

 SECURITY AWARENESS TIP OF THE WEEK

Did you know there’s a Data Privacy Day – January 28th -- and Data Privacy Month – January 28th – February 28th. Check out the following links for more information and ideas of things you can do to promote Data Privacy.
 
StaySafeOnline -- Data Privacy Day
Educause – Data Privacy Month
Twitter – Data Privacy Day
Zero-Knowledge Privacy Foundation