Columbia, MO Courthouse

MOREnet Security News Review -- January 6 - 10, 2014

Friday, January 10, 2014

WEEKLY THREAT RESOURCE SITE

Darkreading Tech Center Advanced Threats
 

 KNOW YOUR ENEMY – THREAT ID OF THE WEEK

More Ransomware? You bet!
 
PrisonLocker Ransomware Emerges From Criminal Forums
Prison Locker Ransomware, an upcoming malware threat in 2014
  

TOP HEADLINES THIS WEEK

Network Baseline Information Key To Detecting Anomalies
Snapchat issues update in wake of 4.6 million user data breach
Yahoo visitors got served with malicious ads
World Poker Tour Amateur Poker League Admits Being Hacked
The FTC Warns of Tech Support Scammers Promising Refunds
Check If You’re Running an Open DNS Resolver
Yahoo enables default HTTPS encryption for Yahoo Mail
Sher-locked: 12 famous passwords used through the ages
Top 5 IT Risk Management Resolutions for 2014
Sophos Techknow – Understanding Botnets [PODCAST]
 

 VULNERABILITIES AND PATCHES

Zeus Infection Spoofing Bitdefender AV
Hacker backdoors Linksys, Netgear, Cisco and other routers
Vulnerability Summary for the Week of December 30, 2013
VASCO IDENTIKEY Authentication Server contains an authentication bypass vulnerability
 

 SECURITY TOOLBOX

Free guide: WordPress Security Checklist
8 Useful And Free Web Application Security Testing Tools
Rapid 7 Web Application Security Testing
Kali Linux 1.0.6 Released
 

 FEATURED SERVICE

Managed Web Hosting – This service provides subscribers the freedom and flexibility to manage their organization's web presence simply, securely and inexpensively. Subscribers can control their web presence without the complexity and expense of managing and maintaining servers and hardware. Local administration, content and access are all controlled by the subscriber.  http://www.more.net/services/managed-web-hosting-0
 

  UPCOMING TRAINING AND EVENTS

  1. Active Directory Overhaul! A Deep Look at AD Management Tools – Monday, January 13, 2014 – MOREnet, Columbia, Missouri – Guest Trainer Derek Melber – There are many tools that are built in when you install Active Directory, but that does not mean they are easy to use, useful or complete. There are also some amazing free and pay-for tools for AD, which can be very helpful when trying to manage and troubleshoot Active Directory. We will cover many built-in tools, discuss how they work and see how to leverage them. We will also look at some other tools which can dramatically help with your management of AD.  Click here to register for this event.
  2. Get a Grip on Group Policy! Management, Backup, Recovery Techniques and Tools – Tuesday, January 14, 2014 – MOREnet, Columbia, Missouri – Guest Trainer Derek Melber – Group Policy is an awesome, powerful and complex tool. With this much power and complexity, you need to ensure you have all of your ducks in a row, otherwise you can cause havoc in your environment. In this workshop we will go over some of the best of breed tools that can help you work with the built-in tools for Group Policy to ensure you have everything you need to manage, backup and recover from a Group Policy issue. Click here to register for this event.
  3. Wireshark How-To Series – Using Wireshark’s Expert System – Tuesday, January 21, 2014 – Online Webinar -- This is the sixth and final installment of our first series of Wireshark How-Tos. In this webinar we’ll step through how to use Wireshark’s Expert System. We’ll cover how to launch Expert Info, colorize Expert Info elements, filter elements, and how to understand what triggers each element. Click here to register for this event
  4. Introduction to Windows 2008 Server Administration – Tuesday, February 4, – February 5, 2014 – MOREnet, Columbia, MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2008 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2008 network administration skills as they are learned. Click here to register for this event
  5. Social Media Series Part 1, Risks of Social Media – Wednesday, February 5, 2014 – Online Webinar – Does your staff or students understand the risks they take when posting comments or pictures to social media sites?  Join us for a discussion of the unseen risks to innocent posts. Click here to register for this event.
  6. Introduction to Windows 2008 DNS, DHCP and CSVde – Thursday, February 6, 2014 – MOREnet, Columbia, MO -- This course is designed to provide a foundation for understanding both Domain Name System and Dynamic Host Configuration Protocol. Students will install and configure these services for automated IP communications. At the end of the day the students will also use the bulk user import utility CSVde. Students must have taken Intro to Windows 2008 server to attend. Click here to register for this event
  7. Windows 2008 Group Policy – Friday February 7, 2014 – MOREnet, Columbia, MO -- This class is designed to allow students to centrally manage workstations and servers with Group Policy Objects (GPOs) within a Windows Active Directory domain. In class we will start at the beginning with defining what Group Policy is and what can be accomplished by using Group Policies within your organization. We will create simple group policies and test their effectiveness on a windows 7machine. We will explore some advanced Group Policy subjects such as redirecting user data and folders, deploying software and finish with using Group Policy Preferences to Map Drives and clean out folders. Click here to register for this event
  8. Social Media Series Part 2, Understanding the Privacy Settings of Popular Social Media Sites– Wednesday February 19, 2014 – Online Webinar.  Even if you understand the risks associated with social media, which settings are best and how do you find them on each site?  This webinar will focus primarily on Facebook privacy settings, but will include references to many other social media sites. Click here to register for this event.
  9. SANS SEC464: Hacker Guard: Security Baseline Training for IT Administrators and Operations with Continuing Education – Tuesday, February 25 – Wednesday, February 26, 2014, MOREnet, Columbia, MO -- This educational program gives IT admins the tools and techniques to illuminate evidence of potentially malicious activity on their systems and to look deeper to determine whether the problems they see are real. It allows them to become the hacker guards for malicious activity in their organization. It uses hands-on exercises to ensure they are comfortable using the tools. MOREnet members are eligible for a price of $1200.  Click here for registration information.
  10. Social Media Series Part 3, Understanding the Privacy Settings of Popular Devices Media – Wednesday March 5, 2014 – Online Webinar – So your social media websites are locked down, but are all settings enforced the same if the device isn’t secured?  Join us for a discussion of device settings to review to protect yourself from social media and other apps.  Click here to register for this event

Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter! 
 

 SECURITY AWARENESS TIP OF THE WEEK

Tax season is approaching. The IRS reported that in 2013 identity theft of stolen social security numbers used to tile fraudulently filed tax returns doubled. How can you protect yourself from this type of scheme?  
 
Protect your Social Security card and leave it at home.
Don’t provide personal information to a telephone caller or online requestor.
Check your credit report each year.
Ensure any computers used to store a social security number or for filing taxes have updated anti-virus, anti-malware and applied security patches.
 
IRS: Identity theft prosecutions doubled in 2013
Taxpayer Guide to Identity Theft
January 13-17, 2014: National Tax Identity Theft Awareness Week