C-it Security Podcast

“To see what is right and not do it is a lack of courage.” –Confucius Seven vulnerabilities addressed in OpenSSL update, one enables MitM attack http://www.scmagazine.com/seven-vulnerabilities-addressed-in-openssl-update-one-enables-mitm-attack/article/351323/ http://www.securityweek.com/new-mitm-vulnerability-plagues-client-server-versions-openssl C-IT Recommendation Ensure your organization has a strong asset inventory with an accurate configuration management database. Identify all devices which have the vulnerable versions of OpenSSL both on […]

 “For success, attitude is equally as important as ability.” -Harry F. Banks Android/Simplocker could be the first Android ransomware to encrypt files http://www.scmagazine.com/androidsimplocker-could-be-the-first-android-ransomware-to-encrypt-files/article/350070/ http://www.securityweek.com/new-ransomware-encrypts-android-files-eset http://www.infosecurity-magazine.com/view/38716/experts-discover-fileencrypting-android-ransomware/ C-IT Recommendation Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration management database to show which devices […]

“Restlessness and discontent are the first necessities of progress.” -Thomas A. Edison Soraya Malware Mixes Capabilities of Zeus and Dexter to Target Payment Card Data http://www.securityweek.com/soraya-malware-mixes-capabilities-zeus-and-dexter-target-payment-card-data http://www.scmagazine.com/soraya-malware-targets-payment-card-data-on-pos-devices-and-home-computers/article/349880/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs Ensure your organization has a solid anti-malware solution at […]

“Truth is the cry of all, but the game of the few.” -George Berkeley Gameover Zeus, CryptoLocker Hit in Massive Takedown Operation http://www.securityweek.com/gameover-zeus-cryptolocker-hit-massive-takedown-operation http://www.infosecurity-magazine.com/view/38670/international-law-enforcement-sinkhole-gameover-zeus-and-cryptolocker-botnets/ http://www.csoonline.com/article/2358623/data-protection/businesses-can-do-more-in-battle-against-gameover-zeus-like-botnets.html C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that will block incoming attempts to infect PCs Ensure your organization has a solid anti-malware solution at the end […]

“The measure of progress of civilization is the progress of the people.” – George Bancroft Sleeping companies lose big from employee, executive fraud http://www.csoonline.com/article/2158625/fraud-prevention/sleeping-companies-lose-big-from-employee-executive-fraud.html http://www.darkreading.com/vulnerabilities—threats/insider-threats/privileged-use-also-a-state-of-mind-report-finds/d/d-id/1269145? C-IT Recommendations Set up a fraud reporting hotline educate employees on the kind of activity considered fraudulent to eliminate any grey areas. Verify your company has an effective and enforced […]

Senate committee OKs bill to give DHS broader security hiring authority http://www.scmagazine.com/senate-committee-oks-bill-to-give-dhs-broader-security-hiring-authority/article/348427/ C-IT Recommendation Assess your organization’s security capability to handle events an incidents. If your organization currently Ensure your organization has a structure framework to address security. Frameworks provide a foundation to build effective security practices within an organization. Examples of frameworks include the […]

“In business, what’s dangerous is not to evolve.” -Jeff Bezos eBay hacked, all users asked to change passwords http://www.scmagazine.com/ebay-hacked-all-users-asked-to-change-passwords/article/347967/ http://www.securityweek.com/after-cyberattack-ebay-recommends-password-change http://www.infosecurity-magazine.com/view/38528/researchers-blast-ebay-over-data-breach/ http://www.darkreading.com/attacks-breaches/ebay-database-hacked-with-stolen-employee-credentials-/d/d-id/1269093? http://www.csoonline.com/article/2158083/data-protection/how-to-protect-your-company-from-an-ebay-like-breach.html C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts of malicious activity Verify your security appliances are reporting to a Security Information and […]

“Most people do not listen with the intent to understand; they listen with the intent to reply.” – Stephen Covey Man pleads guilty to selling compromised POS systems, loading up Subway gift cards http://www.scmagazine.com/man-pleads-guilty-to-selling-compromised-pos-systems-loading-up-subway-gift-cards/article/347146/ http://www.securityweek.com/former-subway-franchise-owner-pleads-guilty-pos-system-hacking C-IT Recommendation Use Strong password for Terminal log in accounts and change them regularly Keep POS operating systems and POS […]