C-IT Security Podcast

“Diligence is the mother of good fortune and idleness, its opposite never brought a man to the goal of any of his best wishes.” -Miguel De Cervantes JPMorgan Chase customers targeted in massive phishing campaign http://www.scmagazine.com/jpmorgan-chase-customers-targeted-in-massive-phishing-campaign/article/367615/ http://www.darkreading.com/jp-morgan-targeted-in-new-phishing-campaign/d/d-id/1306589? C-IT Recommendation Provide social engineering awareness for your customers. Ensure you communicate specifically how your organization will communicate […]

“Out there in some garage is an entrepreneur who’s forging a bullet with your company’s name on it.” -Gary Hamel Cybercriminals Deliver Point-of-Sale Malware to 51 UPS Store Locations http://www.securityweek.com/cybercriminals-deliver-point-sale-malware-51-ups-store-locations http://www.scmagazine.com/ups-announces-breach-impacting-51-us-locations/article/367257/ C-IT Recommendation Create new non-intuitive usernames for POS accounts.  Disable  the default usernames. Use Strong password for Terminal log in accounts and change them […]

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey http://www.securityweek.com/bulk-ex-employees-retain-access-corporate-apps-survey http://www.infosecurity-magazine.com/news/uk-smbs-manage-exemployee-risk/ C-IT Recommendation Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization. Use Role based Access Control. Roles should be specifically defined by the […]

“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” – Charles Darwin Windows tech support scammers take root in the U.S. http://www.csoonline.com/article/2464030/security-leadership/windows-tech-support-scammers-take-root-in-the-u-s.html Article Resources Malwarebytes blog on the scare tactic https://blog.malwarebytes.org/fraud-scam/2014/08/beware-of-us-based-tech-support-scams/   2014 So Far: The Year of the Data Breach http://www.infosecurity-magazine.com/news/2014-the-year-of-the-data-breach/ C-IT […]

“It doesn’t take great men to do things, but it is doing things that make men great.” -Arnold Glasow PCI Council Publishes Guidance on Working With Third-party Providers http://www.securityweek.com/pci-council-publishes-guidance-working-third-party-providers http://www.scmagazine.com/pci-council-releases-third-party-security-assurance-guidance/article/365658/ C-IT Recommendation Require your third party service provider to provide a report of compliance and require the entity to conform to conducting a risk analysis […]

“Great men undertake great things because they are great; fools, because they think them easy.” -Luc de Vauvenargues Hackers Demand Automakers Get Serious About Security http://www.securityweek.com/hackers-demand-automakers-get-serious-about-security http://www.darkreading.com/application-security/automakers-openly-challenged-to-bake-in-security/d/d-id/1297902 C-IT Recommendation Find out if your organization has Security embedded into the Product Development Life Cycle. There should be no new systems released to the public or deployed […]

“The purpose of business is to create and keep a customer.” ― Peter F. Drucker Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco http://www.csoonline.com/article/2459954/data-protection/cisco-patches-traffic-snooping-flaw-in-operating-systems-used-by-networking-gear.html C-IT Recommendation Perform regular security assessments in your organization Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly […]

“Genius is one percent inspiration and ninety–nine percent perspiration.” – Thomas A. Edison Android malware SandroRAT disguised as mobile security app http://www.scmagazine.com/android-malware-sandrorat-disguised-as-mobile-security-app/article/364455/ Article Resources McAfee Blog Post http://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing Emory Libraries Information Security Awareness covering Phishing http://it.emory.edu/security/security_awareness/phishing.html   Most Top Free and Paid Mobile Apps Pose Threat to Enterprises: Report https://www.securityweek.com/most-top-free-and-paid-mobile-apps-pose-threat-enterprises-report C-IT Recommendation Perform an asset […]

“If you work just for money, you’ll never make it, but if you love what you’re doing and you always put the customer first, success will be yours.” – Ray Kroc C-Level Execs to CISOs: No Seat for You! https://www.securityweek.com/c-level-execs-cisos-no-seat-you http://www.scmagazine.com/study-ciso-leadership-capacity-undervalued-by-most-c-level-execs/article/364231/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security […]

“Opportunity is missed by most people because it is dressed in overalls and looks like work.” – Thomas Edison Vulnerability impacting multiple versions of Android could enable device takeover http://www.scmagazine.com/vulnerability-impacting-multiple-versions-of-android-could-enable-device-takeover/article/363414/ http://www.securityweek.com/android-fake-id-vulnerability-lets-malicious-apps-impersonate-trusted-apps C-IT Recommendation Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration […]

“The golden rule for every business man is this: Put yourself in your customer’s place.” Orison Swett Marden Cybercriminals Abuse Amazon Cloud to Host Linux DDoS Trojans http://www.securityweek.com/cybercriminals-abuse-amazon-cloud-host-linux-ddos-trojans C-IT Recommendation Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including Not having have total control Having your data […]

“My own business always bores me to death; I prefer other people’s.” ―Oscar Wilde WordPress Plugin Vulnerability Exploited to Compromise Thousands of Websites https://www.securityweek.com/wordpress-plugin-vulnerability-exploited-compromise-thousands-websites http://www.csoonline.com/article/2457668/data-protection/thousands-of-sites-compromised-through-wordpress-plug-in-vulnerability.html C-IT Recommendation From the Website Perspective Ensure your organization has a strong asset inventory with an accurate configuration management database. Identify if any of your websites are using WordPress and […]

“Good executives never put off until tomorrow what they can get someone else to do today.” -Anonymous eBay faces class-action suit over breach http://www.scmagazine.com/ebay-faces-class-action-suit-over-breach/article/362670/ http://www.csoonline.com/article/2457981/data-protection/ebay-faces-class-action-suit-over-data-breach.html Article Resources Ebay’s publication of Breach http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords The Courtroom Paperwork for the Lawsuit http://media.scmagazine.com/documents/88/ebaysuit_21893.pdf   Sony to shell out $15M in PSN breach settlement http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/ Article Resources Original Court Filings […]

“The two basic processes of education are knowing and valuing.” -Robert J. Havighurst StubHub Hit in Cyber-Attack That May Have Stolen $10M in Tickets http://www.securityweek.com/stubhub-hit-cyber-attack-may-have-stolen-10m-tickets http://www.scmagazine.com/six-charged-in-global-stubhub-scheme-company-defrauded-out-of-1-million/article/362482/ C-IT Recommendation Ensure your organization has a security awareness program that educates users on basic security practices including not utilizing the same passwords on multiple systems. Ensure your systems […]

“Every man, however wise, needs the advice of some sagacious friend in the affairs of life.” -Plautus Quarter of UK Shoppers Don’t Trust Retailers on Card Fraud http://www.infosecurity-magazine.com/view/39417/quarter-of-uk-shoppers-dont-trust-retailers-on-card-fraud/ C-IT Recommendation Pay attention to the news regarding data breach. Communicate your security efforts to your customer base Provide customer awareness and communicate the importance of the […]

“He that will not reason is a bigot; he that cannot reason is a fool; and he that dares not reason is a slave.” -Sir William Drummond Password Misuse is Rampant at US Businesses http://www.infosecurity-magazine.com/view/39408/password-misuse-is-rampant-at-us-businesses/ C-IT Recommendation Ensure your organization has a security awareness program that educates users on basic security practices including not utilizing […]

“The successful man is the one who finds out what is the matter with his business before his competitors do.” –Roy L. Smith 31 percent of IT security teams don’t speak to company execs http://www.scmagazine.com/report-31-percent-of-it-security-teams-dont-speak-to-company-execs/article/361263/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational […]

“We generate fears while we sit. We over come them by action. Fear is natures way of warning us to get busy.” -Dr. HenryLink Amazon Web Services Increasingly Used to Host Malware http://www.securityweek.com/amazon-web-services-increasingly-used-host-malware-report C-IT Recommendation Perform an information security risk assessment to see if the partnering organization handles risk in accordance with your company’s risk […]

“Even if you are on the right track, You’ll get run over if you just sit there.” – Will Rogers Active Directory flaw opens enterprise services to unauthorized access http://www.scmagazine.com/active-directory-flaw-opens-enterprise-services-to-unauthorized-access/article/361017/ http://www.securityweek.com/active-directory-vulnerability-puts-enterprise-services-risk http://www.darkreading.com/active-directory-flaw-lets-attackers-change-passwords/d/d-id/1297298? http://www.csoonline.com/article/2454367/identity-access/why-the-microsoft-active-directory-design-flaw-isnt-serious.html Aorato Mitigation Techniques Detecting authentication protocol anomalies. For instance, the use of a non-default encryption algorithm. Identifying the attack by correlating the […]

“You are not your resume, you are your work.” – Seth Godin Chinese man charged with hack of Boeing, Lockheed Martin aircraft data http://www.scmagazine.com/chinese-man-charged-with-hack-of-boeing-lockheed-martin-aircraft-data/article/360786/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list. Verify your […]

“ Progress comes from the intelligent use of experience. ” — Elbert Hubbard Hotel Business Centers Fall Victim to Key Logger Malware http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/ Government recommendations Display a banner to users when logging onto business center computers; this should include warnings that highlight the risks of using publicly accessible machines. Create individual, unique log on credentials […]

“The best executive is the one who has sense enough to pick good men to do what he wants done, and self-restraint enough to keep from meddling with them while they do it.” -Theodore Roosevelt Hackers Attack Shipping and Logistics Firms Using Malware-Laden Handheld Scanners http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners C-IT Security Recommendation From the product development perspective Find […]

“Hopeless cases: Executives who assert themselves by saying No when they should say Yes.” -Malcolm Forbes Attackers brute-force POS systems utilizing RDP in global botnet operation http://www.scmagazine.com/attackers-brute-force-pos-systems-utilizing-rdp-in-global-botnet-operation/article/360156/ http://www.securityweek.com/brutpos-botnet-targets-pos-systems-brute-force-attacks http://www.csoonline.com/article/2451773/data-protection/botnet-brute-forces-remote-access-to-point-of-sale-systems.html C-IT Recommendation Create new non-intuitive usernames for POS accounts.  Disable  the default usernames. Use Strong password for Terminal log in accounts and change them regularly Keep […]

“A man doesn’t need brilliance or genius, all he needs is energy.” -Albert Monroe Greenfield AV, anti-malware most used controls for APT defense http://www.scmagazine.com/study-av-anti-malware-most-used-controls-for-apt-defense/article/359932/ http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACA-Global-APT-Survey.aspx C-IT Recommendation Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National […]

“Lack of will power and drive cause more failure than lack of imagination and ability.” -Dennis Mahon Restaurants in Pacific Northwest Face Card Compromises http://www.infosecurity-magazine.com/view/39193/restaurants-in-pacific-northwest-face-card-compromises/ C-IT Recommendation Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including Not having have total control Having your data protected by someone […]

“Ignorance is not innocence but sin.” – Robert Browning Spear phishers abuse Word programming feature to infect targets http://www.scmagazine.com/spear-phishers-abuse-word-programming-feature-to-infect-targets/article/359387/ C-IT Recommendation Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses. Consult with your email security team to validate the email security solution is running on […]

“Things done well and with a care, exempt themselves from fear. ” — William Shakespeare Brazilian ‘Bolware’ Gang Targeted $3.75B in Transactions, RSA finds http://www.scmagazine.com/brazilian-bolware-gang-targeted-375b-in-transactions-rsa-finds/article/359083/ http://www.securityweek.com/cybercriminals-may-have-stolen-billions-brazilian-boletos C-IT Recommendation Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses. Consult with your email security team to validate […]

“Working on the right thing is probably more important than working hard.” —Caterina Fake Houston Astros hacked, trade conversations posted online http://www.scmagazine.com/houston-astros-hacked-trade-conversations-posted-online/article/358952/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list. Verify your security appliances […]

“Don’t be cocky. Don’t be flashy. There’s always someone better than you.” —Tony Hsieh ‘Lite Zeus’ has fewer tricks, but updated encryption http://www.scmagazine.com/lite-zeus-has-fewer-tricks-but-updated-encryption/article/358593/   EMOTET banking malware captures data sent over secured HTTPS connections http://www.scmagazine.com/emotet-banking-malware-captures-data-sent-over-secured-https-connections/article/358586/ http://www.securityweek.com/emotet-banking-malware-steals-data-network-sniffing C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs […]

“I knew that if I failed I wouldn’t regret that, but I knew the one thing I might regret is not trying.” —Jeff Bezos Rare SMS worm targets Android devices http://www.csoonline.com/article/2369336/rare-sms-worm-targets-android-devices.html C-IT Recommends Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration […]

“Anything that is measured and watched, improves.” —Bob Parsons US airports compromised during major APT hacking campaign, says CIS http://www.csoonline.com/article/2369043/us-airports-compromised-during-major-apt-hacking-campaign-says-cis.html C-IT Recommendation Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses. Consult with your email security team to validate the email security solution is running […]

“Every day that we spent not improving our products was a wasted day.” —Joel Spolsky Montana Notifying 1.3 Million After State Health Agency Server Hacked http://www.securityweek.com/montana-notifying-13-million-after-state-health-agency-server-hacked http://www.csoonline.com/article/2367661/montana-data-breach-exposed-13-million-records.html C-IT Recommendation Verify your company has an effective and enforced access control standard and policy which defines roles and baselines for system administrators. Ensure the standard and policy […]

“Your reputation is more important than your paycheck, and your integrity is worth more than your career.” — Ryan Freitas Caphaw trojan being served up to visitors of AskMen.com, according to Websense http://www.scmagazine.com/caphaw-trojan-being-served-up-to-visitors-of-askmencom-according-to-websense/article/357631/ http://www.securityweek.com/askmen-compromised-distribute-financial-malware-report C-IT Recommendation From the end-user perspective Ensure your organization has a strong asset inventory with an accurate configuration management database. Identify […]

“ Progress is the activity of today and the assurance of tomorrow. ” — Ralph Waldo Emerson Domino’s extortion breach highlights rise in ransom-based attacks http://www.scmagazine.com/dominos-extortion-breach-highlights-rise-in-ransom-based-attacks/article/355997/ http://www.csoonline.com/article/2364323/cyber-attacks-espionage/domino-s-pizza-large-breach-with-a-side-of-ransom.html http://www.securityweek.com/dominos-pizza-refuses-extortion-demand-after-customer-data-stolen http://www.infosecurity-magazine.com/view/38876/dominos-pizza-customers-exposed-after-massive-data-breach/ C-IT Recommendation Ensure your company is using a strong Web Code review process before publishing sites Use a software code security analysis tool to check your […]

“People will forget what you said, people will forget what you did, but people will never forget how you made them feel.” – Maya Angelou Target top security officer reporting to CIO seen as a mistake http://www.csoonline.com/article/2363210/data-protection/target-top-security-officer-reporting-to-cio-seen-as-a-mistake.html C-IT Recommendation Analyze the reporting structure of your organization Interview your CISO and ask him or her where […]

“Vigilance is not only the price of liberty, but of success of any sort.” -Henry Ward Beecher P.F. Chang’s Confirms Credit Card Breach http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/ Article Resources P.F. Chang’s Security Compromise Update http://pfchangs.com/security/   PLXsert warns Fortune 500 companies of evolving Zeus threat http://www.scmagazine.com/plxsert-warns-fortune-500-companies-of-evolving-zeus-threat/article/355543/ http://www.infosecurity-magazine.com/view/38832/zeus-used-to-mastermind-ddos-and-attacks-on-cloud-apps/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place […]

“If you really want to do something, you’ll find a way. If you don’t, you’ll find an excuse.” –Jim Rohn P.F. Chang’s Investigates Possible Breach of Customer Credit Cards http://www.securityweek.com/pf-changs-investigates-possible-breach-customer-credit-cards http://www.infosecurity-magazine.com/view/38818/pf-changs-may-have-leaked-info-on-thousands-of-credit-cards-/ http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/   Survey respondents praise, but neglect, continuous monitoring http://www.scmagazine.com/survey-respondents-praise-but-neglect-continuous-monitoring/article/355322/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable […]

 “An amazing thing, the human brain. Capable of understanding incredibly complex and intricate concepts. Yet at times unable to recognize the obvious and simple.” -Jay Abraham Cybercrime Costs Businesses More than $400 Billion Globally: Report http://www.securityweek.com/cybercrime-costs-businesses-more-400-billion-globally-report http://www.csoonline.com/article/2361011/security0/annual-cost-of-cybercrime-hits-near-400-billion.html http://www.darkreading.com/worldwide-cost-of-cybercrime-estimated-at-$400-billion/d/d-id/1269527? C-IT Recommendation Ensure your organization has a structure framework to address security. Frameworks provide a foundation to […]

“We can evade reality but we cannot evade the consequences of evading reality.” –Ayn Rand RIG Exploit Kit Used to Deliver “Cryptowall” Ransomware http://www.securityweek.com/rig-exploit-kit-used-deliver-cryptowall-ransomware http://www.infosecurity-magazine.com/view/38751/malvertising-and-cryptowall-mark-the-appearance-of-the-rig-exploit-kit-/ C-IT Recommendation Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites. Validate the web content filtering solution is up to date with […]

“To see what is right and not do it is a lack of courage.” –Confucius Seven vulnerabilities addressed in OpenSSL update, one enables MitM attack http://www.scmagazine.com/seven-vulnerabilities-addressed-in-openssl-update-one-enables-mitm-attack/article/351323/ http://www.securityweek.com/new-mitm-vulnerability-plagues-client-server-versions-openssl C-IT Recommendation Ensure your organization has a strong asset inventory with an accurate configuration management database. Identify all devices which have the vulnerable versions of OpenSSL both on […]

 “For success, attitude is equally as important as ability.” -Harry F. Banks Android/Simplocker could be the first Android ransomware to encrypt files http://www.scmagazine.com/androidsimplocker-could-be-the-first-android-ransomware-to-encrypt-files/article/350070/ http://www.securityweek.com/new-ransomware-encrypts-android-files-eset http://www.infosecurity-magazine.com/view/38716/experts-discover-fileencrypting-android-ransomware/ C-IT Recommendation Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices […]

“Restlessness and discontent are the first necessities of progress.” -Thomas A. Edison Soraya Malware Mixes Capabilities of Zeus and Dexter to Target Payment Card Data http://www.securityweek.com/soraya-malware-mixes-capabilities-zeus-and-dexter-target-payment-card-data http://www.scmagazine.com/soraya-malware-targets-payment-card-data-on-pos-devices-and-home-computers/article/349880/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs Ensure your organization has a solid anti-malware solution at […]

“Truth is the cry of all, but the game of the few.” -George Berkeley Gameover Zeus, CryptoLocker Hit in Massive Takedown Operation http://www.securityweek.com/gameover-zeus-cryptolocker-hit-massive-takedown-operation http://www.infosecurity-magazine.com/view/38670/international-law-enforcement-sinkhole-gameover-zeus-and-cryptolocker-botnets/ http://www.csoonline.com/article/2358623/data-protection/businesses-can-do-more-in-battle-against-gameover-zeus-like-botnets.html C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs Ensure your organization has a solid anti-malware solution at the end […]

Senate committee OKs bill to give DHS broader security hiring authority http://www.scmagazine.com/senate-committee-oks-bill-to-give-dhs-broader-security-hiring-authority/article/348427/ C-IT Recommendation Assess your organization’s security capability to handle events an incidents. If your organization currently Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the […]

“The measure of progress of civilization is the progress of the people.” – George Bancroft Sleeping companies lose big from employee, executive fraud http://www.csoonline.com/article/2158625/fraud-prevention/sleeping-companies-lose-big-from-employee-executive-fraud.html http://www.darkreading.com/vulnerabilities—threats/insider-threats/privileged-use-also-a-state-of-mind-report-finds/d/d-id/1269145? C-IT Recommendations Set up a fraud reporting hotline educate employees on the kind of activity considered fraudulent to eliminate any grey areas. Verify your company has an effective and enforced […]

“In business, what’s dangerous is not to evolve.” -Jeff Bezos eBay hacked, all users asked to change passwords http://www.scmagazine.com/ebay-hacked-all-users-asked-to-change-passwords/article/347967/ http://www.securityweek.com/after-cyberattack-ebay-recommends-password-change http://www.infosecurity-magazine.com/view/38528/researchers-blast-ebay-over-data-breach/ http://www.darkreading.com/attacks-breaches/ebay-database-hacked-with-stolen-employee-credentials-/d/d-id/1269093? http://www.csoonline.com/article/2158083/data-protection/how-to-protect-your-company-from-an-ebay-like-breach.html C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts of malicious activity Verify your security appliances are reporting to a Security Information and […]

“Most people do not listen with the intent to understand; they listen with the intent to reply.” – Stephen Covey Man pleads guilty to selling compromised POS systems, loading up Subway gift cards http://www.scmagazine.com/man-pleads-guilty-to-selling-compromised-pos-systems-loading-up-subway-gift-cards/article/347146/ http://www.securityweek.com/former-subway-franchise-owner-pleads-guilty-pos-system-hacking C-IT Recommendation Use Strong password for Terminal log in accounts and change them regularly Keep POS operating systems and POS […]