C-it Security Podcast

“You are not your resume, you are your work.” – Seth Godin Chinese man charged with hack of Boeing, Lockheed Martin aircraft data http://www.scmagazine.com/chinese-man-charged-with-hack-of-boeing-lockheed-martin-aircraft-data/article/360786/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list. Verify your […]

“ Progress comes from the intelligent use of experience. ” — Elbert Hubbard Hotel Business Centers Fall Victim to Key Logger Malware http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/ Government recommendations Display a banner to users when logging onto business center computers; this should include warnings that highlight the risks of using publicly accessible machines. Create individual, unique log on credentials […]

“The best executive is the one who has sense enough to pick good men to do what he wants done, and self-restraint enough to keep from meddling with them while they do it.” -Theodore Roosevelt Hackers Attack Shipping and Logistics Firms Using Malware-Laden Handheld Scanners http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners C-IT Security Recommendation From the product development perspective Find […]

“Hopeless cases: Executives who assert themselves by saying No when they should say Yes.” -Malcolm Forbes Attackers brute-force POS systems utilizing RDP in global botnet operation http://www.scmagazine.com/attackers-brute-force-pos-systems-utilizing-rdp-in-global-botnet-operation/article/360156/ http://www.securityweek.com/brutpos-botnet-targets-pos-systems-brute-force-attacks http://www.csoonline.com/article/2451773/data-protection/botnet-brute-forces-remote-access-to-point-of-sale-systems.html C-IT Recommendation Create new non-intuitive usernames for POS accounts.  Disable  the default usernames. Use Strong password for Terminal log in accounts and change them regularly Keep […]

“A man doesn’t need brilliance or genius, all he needs is energy.” -Albert Monroe Greenfield AV, anti-malware most used controls for APT defense http://www.scmagazine.com/study-av-anti-malware-most-used-controls-for-apt-defense/article/359932/ http://www.isaca.org/About-ISACA/Press-room/News-Releases/2014/Pages/ISACA-Global-APT-Survey.aspx C-IT Recommendation Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the National […]

“Lack of will power and drive cause more failure than lack of imagination and ability.” -Dennis Mahon Restaurants in Pacific Northwest Face Card Compromises http://www.infosecurity-magazine.com/view/39193/restaurants-in-pacific-northwest-face-card-compromises/ C-IT Recommendation Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including Not having have total control Having your data protected by someone […]

“Ignorance is not innocence but sin.” – Robert Browning Spear phishers abuse Word programming feature to infect targets http://www.scmagazine.com/spear-phishers-abuse-word-programming-feature-to-infect-targets/article/359387/ C-IT Recommendation Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses. Consult with your email security team to validate the email security solution is running on […]

“Things done well and with a care, exempt themselves from fear. ” — William Shakespeare Brazilian ‘Bolware’ Gang Targeted $3.75B in Transactions, RSA finds http://www.scmagazine.com/brazilian-bolware-gang-targeted-375b-in-transactions-rsa-finds/article/359083/ http://www.securityweek.com/cybercriminals-may-have-stolen-billions-brazilian-boletos C-IT Recommendation Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses. Consult with your email security team to validate […]

“Working on the right thing is probably more important than working hard.” —Caterina Fake Houston Astros hacked, trade conversations posted online http://www.scmagazine.com/houston-astros-hacked-trade-conversations-posted-online/article/358952/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list. Verify your security appliances […]

“Don’t be cocky. Don’t be flashy. There’s always someone better than you.” —Tony Hsieh ‘Lite Zeus’ has fewer tricks, but updated encryption http://www.scmagazine.com/lite-zeus-has-fewer-tricks-but-updated-encryption/article/358593/   EMOTET banking malware captures data sent over secured HTTPS connections http://www.scmagazine.com/emotet-banking-malware-captures-data-sent-over-secured-https-connections/article/358586/ http://www.securityweek.com/emotet-banking-malware-steals-data-network-sniffing C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs […]

“I knew that if I failed I wouldn’t regret that, but I knew the one thing I might regret is not trying.” —Jeff Bezos Rare SMS worm targets Android devices http://www.csoonline.com/article/2369336/rare-sms-worm-targets-android-devices.html C-IT Recommends Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration […]

“Anything that is measured and watched, improves.” —Bob Parsons US airports compromised during major APT hacking campaign, says CIS http://www.csoonline.com/article/2369043/us-airports-compromised-during-major-apt-hacking-campaign-says-cis.html C-IT Recommendation Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses. Consult with your email security team to validate the email security solution is running […]

“Every day that we spent not improving our products was a wasted day.” —Joel Spolsky Montana Notifying 1.3 Million After State Health Agency Server Hacked http://www.securityweek.com/montana-notifying-13-million-after-state-health-agency-server-hacked http://www.csoonline.com/article/2367661/montana-data-breach-exposed-13-million-records.html C-IT Recommendation Verify your company has an effective and enforced access control standard and policy which defines roles and baselines for system administrators. Ensure the standard and policy […]

“Your reputation is more important than your paycheck, and your integrity is worth more than your career.” — Ryan Freitas Caphaw trojan being served up to visitors of AskMen.com, according to Websense http://www.scmagazine.com/caphaw-trojan-being-served-up-to-visitors-of-askmencom-according-to-websense/article/357631/ http://www.securityweek.com/askmen-compromised-distribute-financial-malware-report C-IT Recommendation From the end-user perspective Ensure your organization has a strong asset inventory with an accurate configuration management database. Identify […]

“ Progress is the activity of today and the assurance of tomorrow. ” — Ralph Waldo Emerson Domino’s extortion breach highlights rise in ransom-based attacks http://www.scmagazine.com/dominos-extortion-breach-highlights-rise-in-ransom-based-attacks/article/355997/ http://www.csoonline.com/article/2364323/cyber-attacks-espionage/domino-s-pizza-large-breach-with-a-side-of-ransom.html http://www.securityweek.com/dominos-pizza-refuses-extortion-demand-after-customer-data-stolen http://www.infosecurity-magazine.com/view/38876/dominos-pizza-customers-exposed-after-massive-data-breach/ C-IT Recommendation Ensure your company is using a strong Web Code review process before publishing sites Use a software code security analysis tool to check your […]

“People will forget what you said, people will forget what you did, but people will never forget how you made them feel.” – Maya Angelou Target top security officer reporting to CIO seen as a mistake http://www.csoonline.com/article/2363210/data-protection/target-top-security-officer-reporting-to-cio-seen-as-a-mistake.html C-IT Recommendation Analyze the reporting structure of your organization Interview your CISO and ask him or her where […]

“Vigilance is not only the price of liberty, but of success of any sort.” -Henry Ward Beecher P.F. Chang’s Confirms Credit Card Breach http://krebsonsecurity.com/2014/06/p-f-changs-confirms-credit-card-breach/ Article Resources P.F. Chang’s Security Compromise Update http://pfchangs.com/security/   PLXsert warns Fortune 500 companies of evolving Zeus threat http://www.scmagazine.com/plxsert-warns-fortune-500-companies-of-evolving-zeus-threat/article/355543/ http://www.infosecurity-magazine.com/view/38832/zeus-used-to-mastermind-ddos-and-attacks-on-cloud-apps/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place […]

“If you really want to do something, you’ll find a way. If you don’t, you’ll find an excuse.” –Jim Rohn P.F. Chang’s Investigates Possible Breach of Customer Credit Cards http://www.securityweek.com/pf-changs-investigates-possible-breach-customer-credit-cards http://www.infosecurity-magazine.com/view/38818/pf-changs-may-have-leaked-info-on-thousands-of-credit-cards-/ http://krebsonsecurity.com/2014/06/banks-credit-card-breach-at-p-f-changs/   Survey respondents praise, but neglect, continuous monitoring http://www.scmagazine.com/survey-respondents-praise-but-neglect-continuous-monitoring/article/355322/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable […]

 “An amazing thing, the human brain. Capable of understanding incredibly complex and intricate concepts. Yet at times unable to recognize the obvious and simple.” -Jay Abraham Cybercrime Costs Businesses More than $400 Billion Globally: Report http://www.securityweek.com/cybercrime-costs-businesses-more-400-billion-globally-report http://www.csoonline.com/article/2361011/security0/annual-cost-of-cybercrime-hits-near-400-billion.html http://www.darkreading.com/worldwide-cost-of-cybercrime-estimated-at-$400-billion/d/d-id/1269527? C-IT Recommendation Ensure your organization has a structure framework to address security. Frameworks provide a foundation to […]

“We can evade reality but we cannot evade the consequences of evading reality.” –Ayn Rand RIG Exploit Kit Used to Deliver “Cryptowall” Ransomware http://www.securityweek.com/rig-exploit-kit-used-deliver-cryptowall-ransomware http://www.infosecurity-magazine.com/view/38751/malvertising-and-cryptowall-mark-the-appearance-of-the-rig-exploit-kit-/ C-IT Recommendation Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites. Validate the web content filtering solution is up to date with […]