MOREnet Security News Review -- September 8 - 12, 2014

Friday, September 12, 2014

October is National Cyber Security Awareness Month – Now’s the time to start putting things in motion! Check out the following resources to help you plan events and activities for your organization.
http://www.knowthenet.org.uk/
http://www.nativeintelligence.com/ni-free/index.asp
http://www.dhs.gov/national-cyber-security-awareness-month-2014
http://msisac.cisecurity.org/resources/
 

WEEKLY THREAT RESOURCE SITE

FireEye Blog
 

KNOW YOUR ENEMY – THREAT ID OF THE WEEK

Malvertising – Have you visited a legitimate website lately and then discovered that your device was infected? You may have been a victim of Malvertising. Check out the following links to find out more.
http://www.proofpoint.com/products/targeted-attack-protection/malvertising-protection.php
http://www.anti-malvertising.com/
Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware
http://www.scmagazineuk.com/malvertising-a-bigger-problem-than-the-industry-thinks/article/370946/
 

TOP HEADLINES THIS WEEK

August 2014 Cyber Attacks Statistics
How a DNS Sinkhole Can Protect Against Malware
The 21 most common misconfigurations that will come back to haunt you!
Fresh phish served with a helping of AES
Hacker publishes tech support phone scammer Slammer
Making Best Practice Common Practice
Patch Tuesday wrap-up, September 2014 – why even a single-bit data leak is worth fixing
Teen’s open Facebook invite leads to 500 unexpected gatecrashers
Heartbleed patch efforts ignored on thousands of websites
InfoSec Book Club: What’s On Your Fall Reading List?
 

VULNERABILITIES AND PATCHES

Microsoft Security Bulletin Summary for September 2014
Adobe Security Bulletin
US-CERT Vulnerability Summary for the Week of September 1, 2014
WordPress 4.0 “Benny” released
VMware NSX and vCNS product updates address a critical information disclosure vulnerability
FreeBSD Security Advisory
Cisco Security Advisories, Responses, and Notices
 

SECURITY TOOLBOX

LinSSID – Graphical wireless scanning for Linux (similar to Inssider)
Router Password Kracker
 

HOW DO THEY DO THAT?

Demasking Google Users With a Timing Attack
 

FEATURED SERVICE

Domain Name System -- MOREnet will provide registration and maintenance services for .mo.us domain names, subdomains and host names. MOREnet also assists it members with domain registrations and will host member domain names, subdomains and host names. Click this link for more information
 

UPCOMING TRAINING AND EVENTS

  1. 2014 MOREnet Annual Conference – Monday, October 27 – Thursday, October 30, Columbia, MO – It’s not always about the technology- It’s also about what the technology can do for you. MOREnet’s Annual Conference is a professional development opportunity that allows our members to choose the track that’s right for you. Do you want to mix and match sessions tracks? That’s okay, too! Click this link for more information

FREE ONLINE SECURITY TRAINING

Penetration Testing Practice Lab – Vulnerable Apps/Systems
Codebashing
 
Do you know of any upcoming security-related training or events?  Please send them to security@more.net for inclusion in this newsletter.

CYBER SECURITY QUOTE OF THE WEEK

In 2011 RSA, a major technology company, was hacked when an employee responded to a phishing attempt.  This is a company whose whole business was security, and fell victim to what hackers know… No matter how secure a target the user is always the weakest link. — Jim Guckin