Archive for the ‘Physical Safeguards’ Category

Microsoft confirms zero day outbreak that can effect SCADA systems

Monday, July 19th, 2010

Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw.

Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware – which has been detected in the wild – executes automatically if an infected USB stick is accessed in Windows Explorer.

All versions of Windows – including Win XP SP2, widely used despite the discontinuation of further security updates earlier this month – are vulnerable. Disabling Windows AutoPlay and AutoRun – the normal defense against malware on USB sticks – has no effect.

The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the user clicks the displayed icon of a specially crafted shortcut. This vulnerability is most likely to be exploited through removable drives.

Additional information can be found on the Internet Storm Center site: Click Here.

Tags: , ,
Posted in Botnets, Cyber Risk Management, Physical Safeguards, Technical Safeguards | No Comments »

Microsoft will retire XP SP2 July 13th

Monday, June 7th, 2010

Half of the enterprise computers running the aged Windows XP operating system are still relying on the soon-to-be-retired Service Pack 2 (SP2), a researcher said today.

SP3 was released two years ago. Similar situations have existed with Internet Explorer 6 being phased out and being a security risk but users are reluctant to upgrade.

Microsoft will officially retire Windows XP SP2 on July 13. After that date, although it will continue to provide security updates for XP SP3, it will stop issuing patches for the older SP2.

This will make defending XP SP2 systems increasingly more difficult.

Patching is one leg in a multi-layer defense in depth security strategy. Many forms of malware are easily defeated by keeping systems patched and up to date. Other tiers of that strategy need to include network monitoring for malware and dynamic blacklisting, all features of RiskAnalytics Cyber Risk Tools S2 sensor.

Tags:
Posted in Administrative Safeguards, Cyber Risk Management, Physical Safeguards, Technical Safeguards | No Comments »

Is it possible to measure IT security success?

Friday, May 28th, 2010

It is a commonly held principle in many areas of business that if you can’t measure something “quantitatively”, it will be difficult to raise the quality objectively. The applicability of this statement to the world of IT security is clear. Without having some form of metrics in place, it is tough, if not impossible, to judge whether security is getting better over time. Indeed, it is probably fair to say that many organisations have only one way to assess security – namely, “did anything go wrong” – but this is hardly a metric for the forward-looking.

Meanwhile, of course, the drivers for proactively monitoring ’security’ and the associated effectiveness of security solutions are becoming increasingly high-profile. Regulatory pressures on organisations to secure their operations are more explicit than in the past, while customers and shareholders are less prepared to tolerate IT security breaches. The continuing spread of legislation dictating that organisations actively notify affected parties when data is potentially lost or at risk is certain to add to the pressure to demonstrate that security measures are properly established.

This is exactly what RiskAnalytics Cyber Risk Tools does. It monitors and defends in real time but also offers a wealth of quantifiable information on exactly which way is IT security headed in an organization. Is it getting better or worse? More importantly from a productivity standpoint, the system will tell you what areas represent the largest risk to the organization and thus IT should focus efforts to “clean up” those issues first.

We have many clients that when they started with us, they would swear their network was clean, in reality, most are massively infected with malware and employees often engage in electronic policy violations that can lead to information leakage.

CRT will alert in real time to security and policy issues that face an organization. Over time, the combination of real time alerting of events, shunning malware and addressing user policy issues will lead to a measurable reduction in security issues.

Tags: ,
Posted in Administrative Safeguards, Botnets, Cyber Risk Management, Personal Identifiable Information (PII), Physical Safeguards, Technical Safeguards | No Comments »

Ongoing Botnet Penetration: 2500 companies and counting

Friday, February 19th, 2010

Large scale botnet penetrations continue to make the news. This really highlights the fact that what the mainstream security industry is offering is not working. Botnet infestations can easily be defeated by passive monitoring and a dynamic blacklist, components included in Cyber RiskTools.

Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said.

Criminal hackers have penetrated the networks of almost 2,500 companies and government agencies in a coordinated campaign that began 18 months ago and continues to steal email passwords, login credentials, and other sensitive data to this day, a computer security company said.

The infections by a variant of the Zeus botnet began in late 2008 and have turned more than 74,000 PCs into remote spying platforms that have siphoned highly proprietary information out of at least 10 federal agencies and thousands of companies, according to research from NetWitness, a Herndon, Virginia-based network forensics firm. Many of the victims are Fortune 500 firms in the financial, energy, and high technology industries.

Company researchers have already reported the attacks to federal authorities and are in the process of notifying individual victims.

Tags: ,
Posted in Botnets, Cyber Risk Management, Personal Identifiable Information (PII), Phishing, Physical Safeguards, Technical Safeguards | No Comments »

Is your Google Email at Risk?

Thursday, January 21st, 2010

The code that was used to hack Gmail accounts in China is now publicly available on the Internet. Computer users throughout the world are being warned not to use Internet Explorer 6 until a patch can be developed.

The hack involves Internet Explorer 6, the browser that came with the Windows XP operating system and dangerously compromised. Many users still use IE 6.

On Thursday, the code that was used to hack Gmail accounts in China and led Google to threaten to close shop there was posted to a malware-analysis Web site. By Friday, a demonstration of just how easily the exploit can be used to gain complete control over a computer.

The software is intended to let security professionals test out security threats via penetration testing. Such testing is beneficial to discover security holes.

Microsoft has yet to patch the hole in IE 6, a flaw so serious it’s prompted the German government to suggest citizens avoid IE. Microsoft has posted a security advisory detailing the problem, and urging users to upgrade to newer browsers.

Tags:
Posted in Administrative Safeguards, Cyber Risk Management, Email Scams, Phishing, Physical Safeguards, Technical Safeguards | No Comments »

Lincoln National Discloses Breach Of 1.2 Million Customers

Friday, January 15th, 2010

Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers.

The company disclosed the breach via letter and did not offer technical details.

“This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies,” the letter says. “The sharing of usernames and passwords is not permitted under the LNC security policy.”

Such policy violations can be detected and reported with a robust monitoring/software solution.

The forensic team that investigated the breach found no evidence that the data had been used outside of the company, either by hackers or former employers, according to the letter. The portfolio management system consolidates data about customer accounts — and therefore contains a good deal of personal information — but it doesn’t allow the user to actually access those accounts, the letter says.

Lincoln says it has “discontinued” all shared usernames and passwords in its systems, and it is notifiying customers, offering them identity theft services.

Tags: ,
Posted in Administrative Safeguards, Cyber Risk Management, Passwords, Personal Identifiable Information (PII), Physical Safeguards, Technical Safeguards | No Comments »