Take Action Today!

 

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Spotlight

Security Advisories

  • US-CERT Current Activity:
    The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.
    http://www.us-cert.gov/ncas/current-activity/
  • Internet Crime Complaint Center (IC3):
    The Internet Crime Complaint Center (IC3) is an alliance between the National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI). IC3’s mission is to address crime committed over the Internet.
    http://www.ic3.gov/media/default.aspx
  • Microsoft Security Bulletins:
    Microsoft security bulletins provide information & news about computer vulnerabilities and security updates to keep your computer protected.
    http://technet.microsoft.com/en-US/security/dn481339
  • Apple Security Updates:
    This document outlines security updates for Apple products.
    http://support.apple.com/kb/ht1222
  • Oracle Critical Patch Updates, Security Alerts and Third Party Bulletin:
    This page lists announcements of security fixes made in Critical Patch Update Advisories and Security Alerts, and it is updated when new Critical Patch Update Advisories and Security Alerts are released.
    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Protecting Against Phishing

What is Phishing?

Phishing, in a nutshell, is the online version of a con-job. The perpertrators of phishing messages are essentially tech-savvy con-artists. In a phishing scam, these con-artists send out messages and emails that "look" legitimate, hoping to trick the unsuspecting user into giving out their personal information, including usernames and passwords, and allowing the perpertrator to conduct identity theft.

Adobe Flash Player Zero Day (2015-3113)

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.

Adobe recommends users update their product installations to the latest versions:

LastPass Security Breach

LastPass reported on their security blog yesterday that they discovered suspicious activity on their network on Friday. Their investigation did not determine that any accounts were accessed, however they did find that user information, including email addresses, password reminders, and authentication hashes were compromised.

The stolen authentication hashes are well-encrypted, but LastPass is still requiring users to change their master passwords, and recommending that users change any other places that they may have used the master password.

Vulnerability in TLS

ASU has recently become aware of a vulnerability in certain implementations of HTTPS using TLS, which could allow for the disclosure of sensitive information. This vulnerability is caused by a basic design flaw in the way that TLS handles Diffie-Hellman key exchanges and allows an attacker to intercept the HTTPS connection from vulnerable clients or servers by downgrading the RSA key to a weaker, export-grade, 512-bit RSA key.