6-25-14 Podcast References

“Your reputation is more important than your paycheck, and your integrity is worth more than your career.”

— Ryan Freitas

Caphaw trojan being served up to visitors of AskMen.com, according to Websense



C-IT Recommendation

From the end-user perspective

  1. Ensure your organization has a strong asset inventory with an accurate configuration management database.
  2. Identify all devices which have Windows Operating Systems
  3. Enforce a patch management standard in your organization which requires security patches to be deployed in the production environment within a reasonable time after they are tested within your test environment.
  4. Test business functionality of each type of device and record any issues impacting any business functions on the devices.
  5. If no issues result in the testing, deploy the security updates to the production systems. If functionality impacting issues occur on the test devices, engage Adobe support and/or vendor support if specific applications are negatively impacted.
  6. Finally, as always it is good practice to run a vulnerability scan against the devices to ensure the vulnerability has been addressed.

From the Website Perspective

  1. Ensure your company is using a strong Web Code review process before publishing sites
  2. Use a software code security analysis tool to check your website for potential vulnerabilities
  3. Require your security team to perform penetration testing after any code changes to your externally facing websites.
  4. If websites are deemed vulnerable after penetration testing, require through policy that the web development teams roll back to the previous version of the website until vulnerabilities are resolved


Content Widget Maker Taboola Is Hacked On Reuters



C-IT Recommendation

  1. Ensure your company has an effective spam gateway or email content filter solution that quarantines junk mail, detects viruses.
  2. Consult with your email security team to validate the email security solution is running on the latest stable version with the latest signature updates.
  3. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  4. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  5. Thoroughly educate your end users on phishing attacks and how to avoid them. Additionally educate your users not to use the same username and passwords across multiple systems. Encourage the use of a strong password manager to keep passwords distinct and manageable.
  6. Encourage your end users through your information security policy not to give their company email out for non-business related purposes

Article Resources

Taboola’s Breach Disclosure


PC Magazine’s Review of the Best Password Managers



HackingTeam tool makes use of mobile malware targeting all major platforms




Leave a Reply

Your email address will not be published. Required fields are marked *