6-17-14 Podcast References

“ Progress is the activity of today and the assurance of tomorrow. ”

— Ralph Waldo Emerson


Domino’s extortion breach highlights rise in ransom-based attacks

http://www.scmagazine.com/dominos-extortion-breach-highlights-rise-in-ransom-based-attacks/article/355997/

http://www.csoonline.com/article/2364323/cyber-attacks-espionage/domino-s-pizza-large-breach-with-a-side-of-ransom.html

http://www.securityweek.com/dominos-pizza-refuses-extortion-demand-after-customer-data-stolen

http://www.infosecurity-magazine.com/view/38876/dominos-pizza-customers-exposed-after-massive-data-breach/

C-IT Recommendation

  1. Ensure your company is using a strong Web Code review process before publishing sites
  2. Use a software code security analysis tool to check your website for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your externally facing websites.
  4. If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved
  5. Consider purchasing a web application firewall

 

New Remote Access Trojan  Bypasses SSL Protection, Targets Bank Credentials

http://www.securityweek.com/new-rat-bypasses-ssl-protection-targets-bank-credentials-phishme

C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes
  7. Restrict administrative access on local machines and browsers to only users which absolutely need access to install programs for business purposes

Phishme Recommendations

1. Remove above emails from inboxes

2. Check your proxy logs for traffic to Cubby, downloading zip files containing the name “documents” or “invoice”

3. Search for traffic / block the IPs 85.25.148.6, 217.12.207.151, and 192.99.6.61

4. IDS rules looking for double POST within a short period of time (this will catch copy cats, too)

5. Look for zip files containing .exe or .scr files (web, IDS, host-based, etc)

Article Resources

Phishme article detailing Project Drye Malware

http://phishme.com/project-dyre-new-rat-slurps-bank-credentials-bypasses-ssl/


 

Why businesses should use caution with HTML5-based mobile apps

http://www.csoonline.com/article/2364322/data-protection/why-businesses-should-use-caution-with-html5-based-mobile-apps.html

C-IT Recommendation

  1. Ensure your company is using a strong Web Code review process before publishing mobile apps
  2. Use a software code security analysis tool to check your mobile apps for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your mobile apps.
  4. If apps are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved

Article Resources

Mobile Security Conference Paper on HTML5 Attacks

http://mostconf.org/2014/papers/s3p5.pdf

Mobile Security Conference Slides on HTML5 Attacks

http://mostconf.org/2014/slides/s3p5-slides.pptx

Gartner report on Hybrid Mobile Apps

http://www.gartner.com/newsroom/id/2324917

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *