College of Engineering |

DECS

Microsoft Word 0-day Flaw

On April 8th, it was revealed that there was a 0-day exploited for Microsoft word. This exploit could allow a hacker to install malicious software on your computer. As of April 11th, it is already being reported that a form of Malware is using the exploit to install a Dridex banking trojan. Microsoft is supposed to be release a patch for the software on April 11th. Until your computer is patch, be careful opening any word documents received through emails or downloaded online. While opening a document, it prompts you that this document may contain programs, macros, or viruses.

Malwarebytes Labs Publishes a List of Mac Security Facts and Fallacies

The security software development company Malwarebytes publishes a list of security facts and fallacies about Macs. The article covers topics such as Macs don't get viruses, Macs are more secure than Windows, Mac OSX has a built in anti-malware software, and Macs don't need security software. Find out which one is true at the article listed below.

Also, if you have an university owned Mac, you can have Symantec Endpoint Protection installed on your Macbook at no charge. Contact the DECS Support office for more information. 

Apache Struts Zero-Day Vulnerability

Security researchers have discovered a zero-day vulnerability in the popular Apache Struts web application framework. 

So, if you're running an Apache Struts Web applications, you should look into updating your software. Apache has released that versions 2.3.32/ 2.5.10.1 or later are not vulnerable. You should upgrade earlier versions to mitigate the issue. If you need assisting in determining if you need to upgrade, please contact the DECS Support Office at 3-8891 or at support@egr.msu.edu.

Yahoo Data Breach

On December 13th, 2016, Yahoo released a statement that more than 1 billion accounts were compromised in 2013. This is separate data breach from the 500 million accounts compromised in 2014. Yahoo says that the stolen user information included names, email addresses, telephone numbers, dates of birth, hashed password and in some cases, encrypted or unencrypted security questions. 

Here are some steps to insure your account is secure. 

FriendFinder Networks Inc.

In November 2016, it was reported that FriendFinder Networks Inc. had a data breach where over 400 million usernames and passwords were compromised. As of November 15, 2016, we are unable to search through the database. In the future, you can check to see if your account was compromised at the following websites:

https://haveibeenpwned.com/PwnedWebsites

https://www.leakedsource.com/main/

If you believe that your account has been compromised, you can take the following steps: