Fort D - Cape Girardeau

MOREnet Security News Review -- June 9 - 13, 2014

Friday, June 13, 2014

WEEKLY THREAT RESOURCE SITE

Kaspersky Internet Security Center
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Sality – Have you ever heard of Sality? Sality is a famly of malware that can infect shared drives and Windows executables – specifically files with .SCR or .EXE tetensions. Check out the following links for more information on what it is, how it works, and what you can do to protect yourself.
https://kc.mcafee.com/corporate/index?page=content&id=KB69720&actp=LIST
http://www.symantec.com/security_response/writeup.jsp?docid=2006-011714-3948-99
http://www.symantec.com/connect/blogs/all-one-malware-overview-sality
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Virus%3aWin32%2fSality
 

TOP HEADLINES THIS WEEK

Monitor DNS Traffic & You Just Might Catch a RAT
Don’t Let Lousy Teachers Sink Security Awareness
Five Things Every Pen Tester Should Know About Working with Lawyers
Threat Mitigation and the 20 Critical Security Controls with Tony Sager
iOS Malware Does Exist
Simplocker: First Confirmed File-Encrypting Ransomware for Android
May 2014 Cyber Attack Statistics
NIST Updating Mobile Forensics Guidance
Wave of DDoS Attacks Down Cloud-Based Services
Patch Tuesday wrap-up, June 2014 – both Adobe and Microsoft close “remotable” holes
Improving security through least-privilege practices
 

VULNERABILITIES AND PATCHES

Microsoft Security Bulletin Summary for June 2014
US-CERT Vulnerability Summary for the Week of June 2, 2014
Wireshark 1.10.8
Known Vulnerabilities in Mozilla Products
Linux kernel futex local privilege escalation (CVE-2014-3153)
Security updates available for Adobe Flash Player
VMWare Patches ESXI Against OpenSSL Flaw, but Many Other Products Still Vulnerable
XSS Flaw In TweetDeck Leads to Spread of Potential Exploits
 

SECURITY TOOLBOX

Basic Linux commands for new Linux server administrators
Testing and Research with BlackArch Linux
Top 5 Free Tools for Application Troubleshooting & Monitoring
Dashlane Password Manager
 

HOW DO THEY DO THAT?

How 14-Years-Old coders hacked the ATM Machine
 

FEATURED SERVICE

E-mail Virus and Spam Filtering  – MOREnet's E-mail Virus and Spam Filtering service is a low-cost layer of protection for your e-mail system. E-mail viruses and spam are two of the biggest hassles system administrators have to deal with on today's Internet. The E-mail Virus and Spam Filtering service requires no end user participation; no server, equipment or software reconfiguration; no time to administer; and no hardware investment on your part. Everything happens on MOREnet's backbone. Best of all, the service removes all known e-mail-borne viruses and eliminates most spam.  Check out the following link for additional information.  http://www.more.net/services/e-mail-virus-and-spam-filtering
 

UPCOMING TRAINING AND EVENTS

  1.  Introduction to Windows 2012 Server Administration – Tuesday, July 22 – Wednesday, July 23, MOREnet, Columbia, MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2012 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2012 network administration skills as they are learned. Click this link to register
  2.  Windows 2012 Group Policy – Thursday, July 24, MOREnet, Columbia MO -- Designed to build a foundation in basic server administration, this class introduces students to many of Windows Server 2012 features. The class includes extensive exercises which reinforce Microsoft Windows Server 2012 network administration skills as they are learned. Click this link to register
  3.  2014 MOREnet Annual Conference – Monday, October 27 – Thursday, October 30, Columbia, MO – It’s not always about the technology- It’s also about what the technology can do for you. MOREnet’s Annual Conference is a professional development opportunity that allows our members to choose the track that’s right for you. Do you want to mix and match sessions tracks? That’s okay, too! Click this link for more information

Do you know of any upcoming security-related training events?  Please send them to security@more.net for inclusion in this newsletter.
 

SECURITY AWARENESS TIP OF THE WEEK

If you’re traveling this summer you might want to think before you post your travel itinerary… Sometimes we inadvertently give the “bad guys”  an open invitation to steal. Before you post anything about where you’re going and how long you’ll be gone, remember that the information might be viewed by someone other than your friends and with today’s technology it’s not that difficult to figure out where you live.