C-it Security Podcast

“Diligence is the mother of good fortune and idleness, its opposite never brought a man to the goal of any of his best wishes.” -Miguel De Cervantes JPMorgan Chase customers targeted in massive phishing campaign http://www.scmagazine.com/jpmorgan-chase-customers-targeted-in-massive-phishing-campaign/article/367615/ http://www.darkreading.com/jp-morgan-targeted-in-new-phishing-campaign/d/d-id/1306589? C-IT Recommendation Provide social engineering awareness for your customers. Ensure you communicate specifically how your organization will communicate […]

“Out there in some garage is an entrepreneur who’s forging a bullet with your company’s name on it.” -Gary Hamel Cybercriminals Deliver Point-of-Sale Malware to 51 UPS Store Locations http://www.securityweek.com/cybercriminals-deliver-point-sale-malware-51-ups-store-locations http://www.scmagazine.com/ups-announces-breach-impacting-51-us-locations/article/367257/ C-IT Recommendation Create new non-intuitive usernames for POS accounts.  Disable  the default usernames. Use Strong password for Terminal log in accounts and change them […]

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey http://www.securityweek.com/bulk-ex-employees-retain-access-corporate-apps-survey http://www.infosecurity-magazine.com/news/uk-smbs-manage-exemployee-risk/ C-IT Recommendation Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization. Use Role based Access Control. Roles should be specifically defined by the […]

“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” – Charles Darwin Windows tech support scammers take root in the U.S. http://www.csoonline.com/article/2464030/security-leadership/windows-tech-support-scammers-take-root-in-the-u-s.html Article Resources Malwarebytes blog on the scare tactic https://blog.malwarebytes.org/fraud-scam/2014/08/beware-of-us-based-tech-support-scams/   2014 So Far: The Year of the Data Breach http://www.infosecurity-magazine.com/news/2014-the-year-of-the-data-breach/ C-IT […]

“It doesn’t take great men to do things, but it is doing things that make men great.” -Arnold Glasow PCI Council Publishes Guidance on Working With Third-party Providers http://www.securityweek.com/pci-council-publishes-guidance-working-third-party-providers http://www.scmagazine.com/pci-council-releases-third-party-security-assurance-guidance/article/365658/ C-IT Recommendation Require your third party service provider to provide a report of compliance and require the entity to conform to conducting a risk analysis […]

“Great men undertake great things because they are great; fools, because they think them easy.” -Luc de Vauvenargues Hackers Demand Automakers Get Serious About Security http://www.securityweek.com/hackers-demand-automakers-get-serious-about-security http://www.darkreading.com/application-security/automakers-openly-challenged-to-bake-in-security/d/d-id/1297902 C-IT Recommendation Find out if your organization has Security embedded into the Product Development Life Cycle. There should be no new systems released to the public or deployed […]

“The purpose of business is to create and keep a customer.” ― Peter F. Drucker Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco http://www.csoonline.com/article/2459954/data-protection/cisco-patches-traffic-snooping-flaw-in-operating-systems-used-by-networking-gear.html C-IT Recommendation Perform regular security assessments in your organization Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly […]

“Genius is one percent inspiration and ninety–nine percent perspiration.” – Thomas A. Edison Android malware SandroRAT disguised as mobile security app http://www.scmagazine.com/android-malware-sandrorat-disguised-as-mobile-security-app/article/364455/ Article Resources McAfee Blog Post http://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing Emory Libraries Information Security Awareness covering Phishing http://it.emory.edu/security/security_awareness/phishing.html   Most Top Free and Paid Mobile Apps Pose Threat to Enterprises: Report https://www.securityweek.com/most-top-free-and-paid-mobile-apps-pose-threat-enterprises-report C-IT Recommendation Perform an asset […]

“If you work just for money, you’ll never make it, but if you love what you’re doing and you always put the customer first, success will be yours.” – Ray Kroc C-Level Execs to CISOs: No Seat for You! https://www.securityweek.com/c-level-execs-cisos-no-seat-you http://www.scmagazine.com/study-ciso-leadership-capacity-undervalued-by-most-c-level-execs/article/364231/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security […]

“Opportunity is missed by most people because it is dressed in overalls and looks like work.” – Thomas Edison Vulnerability impacting multiple versions of Android could enable device takeover http://www.scmagazine.com/vulnerability-impacting-multiple-versions-of-android-could-enable-device-takeover/article/363414/ http://www.securityweek.com/android-fake-id-vulnerability-lets-malicious-apps-impersonate-trusted-apps C-IT Recommendation Perform an asset inventory of all company owned Android devices using company provided cell phone service. Your company should have a configuration […]

“The golden rule for every business man is this: Put yourself in your customer’s place.” Orison Swett Marden Cybercriminals Abuse Amazon Cloud to Host Linux DDoS Trojans http://www.securityweek.com/cybercriminals-abuse-amazon-cloud-host-linux-ddos-trojans C-IT Recommendation Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including Not having have total control Having your data […]

“My own business always bores me to death; I prefer other people’s.” ―Oscar Wilde WordPress Plugin Vulnerability Exploited to Compromise Thousands of Websites https://www.securityweek.com/wordpress-plugin-vulnerability-exploited-compromise-thousands-websites http://www.csoonline.com/article/2457668/data-protection/thousands-of-sites-compromised-through-wordpress-plug-in-vulnerability.html C-IT Recommendation From the Website Perspective Ensure your organization has a strong asset inventory with an accurate configuration management database. Identify if any of your websites are using WordPress and […]

“Good executives never put off until tomorrow what they can get someone else to do today.” -Anonymous eBay faces class-action suit over breach http://www.scmagazine.com/ebay-faces-class-action-suit-over-breach/article/362670/ http://www.csoonline.com/article/2457981/data-protection/ebay-faces-class-action-suit-over-data-breach.html Article Resources Ebay’s publication of Breach http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords The Courtroom Paperwork for the Lawsuit http://media.scmagazine.com/documents/88/ebaysuit_21893.pdf   Sony to shell out $15M in PSN breach settlement http://www.scmagazine.com/sony-to-shell-out-15m-in-psn-breach-settlement/article/362720/ Article Resources Original Court Filings […]

“The two basic processes of education are knowing and valuing.” -Robert J. Havighurst StubHub Hit in Cyber-Attack That May Have Stolen $10M in Tickets http://www.securityweek.com/stubhub-hit-cyber-attack-may-have-stolen-10m-tickets http://www.scmagazine.com/six-charged-in-global-stubhub-scheme-company-defrauded-out-of-1-million/article/362482/ C-IT Recommendation Ensure your organization has a security awareness program that educates users on basic security practices including not utilizing the same passwords on multiple systems. Ensure your systems […]

“Every man, however wise, needs the advice of some sagacious friend in the affairs of life.” -Plautus Quarter of UK Shoppers Don’t Trust Retailers on Card Fraud http://www.infosecurity-magazine.com/view/39417/quarter-of-uk-shoppers-dont-trust-retailers-on-card-fraud/ C-IT Recommendation Pay attention to the news regarding data breach. Communicate your security efforts to your customer base Provide customer awareness and communicate the importance of the […]

“He that will not reason is a bigot; he that cannot reason is a fool; and he that dares not reason is a slave.” -Sir William Drummond Password Misuse is Rampant at US Businesses http://www.infosecurity-magazine.com/view/39408/password-misuse-is-rampant-at-us-businesses/ C-IT Recommendation Ensure your organization has a security awareness program that educates users on basic security practices including not utilizing […]

“The successful man is the one who finds out what is the matter with his business before his competitors do.” –Roy L. Smith 31 percent of IT security teams don’t speak to company execs http://www.scmagazine.com/report-31-percent-of-it-security-teams-dont-speak-to-company-execs/article/361263/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational […]

“We generate fears while we sit. We over come them by action. Fear is natures way of warning us to get busy.” -Dr. HenryLink Amazon Web Services Increasingly Used to Host Malware http://www.securityweek.com/amazon-web-services-increasingly-used-host-malware-report C-IT Recommendation Perform an information security risk assessment to see if the partnering organization handles risk in accordance with your company’s risk […]

“Even if you are on the right track, You’ll get run over if you just sit there.” – Will Rogers Active Directory flaw opens enterprise services to unauthorized access http://www.scmagazine.com/active-directory-flaw-opens-enterprise-services-to-unauthorized-access/article/361017/ http://www.securityweek.com/active-directory-vulnerability-puts-enterprise-services-risk http://www.darkreading.com/active-directory-flaw-lets-attackers-change-passwords/d/d-id/1297298? http://www.csoonline.com/article/2454367/identity-access/why-the-microsoft-active-directory-design-flaw-isnt-serious.html Aorato Mitigation Techniques Detecting authentication protocol anomalies. For instance, the use of a non-default encryption algorithm. Identifying the attack by correlating the […]