EVENT: BroCon ’15 Coming to MIT, Aug. 4-6

This year, BroCon is coming to the MIT campus. It will be happening on Tuesday through Thursday, August 4 – 6 at the Tang Center.

This convention offers the Bro community a chance to share experiments, successes and failures to better understand and secure networks. The convention is composed of talks and training exercises from the Bro development team as well as fellow users and enthusiasts.

Bro is a powerful network analysis framework that is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Bro’s user community includes major universities, research labs, supercomputer centers as well as open-science communities.

Learn more at bro.org

Security SIG Talk: Slides are Available

Thank you to all who attended the Security SIG talk last week on Lessons Learned from the Top Healthcare Information Security Breaches. If you were not able to attend, or did attend but would like to review the information again, the slides are available here. (MIT certificate required.)

EVENT: Security SIG lunch on July 15

Please join us for free lunch and a talk on lessons learned from some of the biggest breaches in the healthcare industry.

Lessons Learned from the top Healthcare Information Security Breaches
Speaker: Roy Wattanasin, MITM (MIT Medical)

 The FBI has warned that hackers are or will be targeting your organization. 2014 was a rough year for data security, especially in the healthcare industry. About 43 percent of breaches came from healthcare per the Ponemon Institute. 2015 has been a trickier year with one of the largest healthcare information breaches reported to date. 

This talk highlights and walks through the top 2015 healthcare information security breaches (using public information). It gives an overview of the healthcare information landscape, covers the laws/regulations and offers recommendations to prevent these kinds of breaches whether you are in healthcare or another industry.

Where: W20-407
When: Wednesday, July 15, 2015, 12:00 – 1:30 pm, includes free lunch
How to sign up: Please email security_sig_events@mit.edu.

We hope to see you there!

If you haven’t yet joined the IT Security Special Interest Group mailing list, please subscribe here.

EVENT: State of Cybersecurity Today Webcast

Register for a free webcast hosted by MS-ISAC, occurring on Wednesday, June 24th, 3:00 – 4:00pm EST:

The State of CyberSecurity Today: How Far We Have Come & Where We Are Going
Presenter: Jeff Man, Tenable Network Security

This session provides a little history based on the presenter’s 20 years of experience in internet security. It explores how far we’ve come, the new and emerging challenges we face, and why old challenges continue to haunt security operations across the public and private sectors. It will dig into why we’re plagued by persistent issues, the factors driving cyber threats and what we can do to minimize their impact. It will look at information security policies, the role of compliance, and how no amount of “silver bullet” solutions are a substitute for sound processes that help increase the effectiveness of state, local, tribal and territorial government cybersecurity practices.

Save your seat by registering today.

Event: Laptop Tagging and Registration, May 6th

Come next week to Lobby 10 to register and tag your laptop. This is the last opportunity to do so this semester!

Where: Lobby of Building 10
When: Wed., May 6th, 11:00 am – 1:15 pm

How to pay: $10 cash (no cards) or MIT Cost Object

Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for laptops. The tag is affixed to the device, has a unique number, and is registered with a world-wide database.

Capt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to be returned to their rightful owners.

Read recovery stories here of laptops with STOP tags.

Laptop tagging and registration takes a break during the summer and we will post the next laptop tagging session when available. Laptop registration at MIT.

Phishing Attack List: E-Z Pass Virus Spam

This is a new category I will be including in the newsletter: phishing attacks that are currently trending and which you may see some examples of in your inbox. If you have any examples to share with the list, please forward it to me with a link to the information or news story that describes the phishing attack.

A series of fake E-Z Pass virus spam emails are going around, that claim you owe money for driving on a toll road. A zip file attached to the spam email contains a javascript file that downloads malware. The javascript files aren’t for execution by a browser but by Windows Script Host, so Windows machines are vulnerable. If you use Windows + Internet Explorer you will receive a randomly-named .gif file that is actually an .exe file.

Read more about this phishing attack here.

May 2015 Event: SANS Cyber Talent Fair

The 2015 SANS CyberTalent Fair will attract thousands of online attendees seeking opportunities in cybersecurity.

If you are a candidate for a job in cybersecurity, this is for you. See more information here.

If you are seeking candidates for security positions, visit this page for registration. Employers such as Deloitte, the US Army’s INSCOM, United Health Group, MSSP leader Solutionary, Next Jump, Workday, and more have already signed up. It’s open to any employer who has cyber vacancies or interested jobseekers. Please contact mshuftan@sans.org or visit https://app.brazenconnect.com/events/SANS-cybertalent-fair to sign up.