2014-02-19 MCS-StL Weekly IT Security News & Threat Summary
MCS-StL Weekly IT Security
News & Threat Summary
Welcome to this week’s post. Please feel free to leave your comments and suggestions at the bottom of this post. If you have a great source of IT Security related material please pass it along.
(Sophos 60 Second Security Video)
Symantic Endpoint Protection Vulnerable
The award-winning and longtime leader … Symantec Endpoint Protection, developed by the US-based Symantec Corp. was shipped without removing several critical security vulnerabilities. The vulnerabilities were discovered in a routine ’99er’ security crash test by experts of the SEC Consult Vulnerability Lab. In a 99er security crash test, SEC Consult white-hat experts evaluate the product security for the maximum of 99 working hours to determine if this specific release of a product can be compromised by attackers.
The unremoved vulnerabilities enable state-sponsored or criminal hackers to take full control of the ‘Symantec Endpoint Protection Manager’ server. With the full control of the server the attackers could obliterate the endpoint protection provided by the Symantec solution as they would have full access to the protection features of the endpoints. SEC Consult experts recommend immediately installing the update released by the vendor to counter these vulnerabilities.
Click the link below to read the full post from SEC Consult Security Advisory titled:
Posted on darkreading.com by SEC Consult Security Advisory on 2/18/2014
For further information please contact: Johannes Greil Head of SEC Consult Vulnerability Lab Phone: +43189030430 firstname.lastname@example.org
US Gov “Epic Failure” At Basic Security Measures
For years now, officials have warned that the top threat to the US comes in the guise of a cyber attack, leading to increased computer security budgets amongst government agencies.
Despite this, a new report, The Federal Government’s Track Record on Cybersecurity and Critical Infrastructure, paints a pretty bleak picture of the nation’s defences.
Unpatched software, weak passwords and inadequate controls were responsible for what the report refers to as over 48,000 cyber “incidents” amongst government entities reporting to the Department of Homeland Security.
At the Department of Homeland Security, for instance, the report discovered “hundreds of vulnerabilities on the DHS cyber team’s systems, including failures to update basic software like Microsoft applications, Adobe Acrobat and Java, the sort of basic security measure just about any American with a computer has performed.”
The irony here is that those observations were made just one month after Homeland Security was tasked with supervising cyber security across all of the government’s networks.
Click the link below to read the full post from Lee Munson titled:
How Many Identity Breaches?
According to Redspin‘s Breach Report 2013 – Protected Health Information, the protected health information (PHI) of almost 30 million Americans has been breached or inadvertently disclosed since 2009.
In 2013 alone, according to the report, 199 PHI data breaches were reported to the U.S. Department of Health and Human Services, impacting more than 7 million patient records — that’s a 138 percent increase over 2012.
“I think the 138 percent increase in patient records breached caught a lot of people by surprise,” Redspin president and CEO Daniel W. Berger said in a statement. “There was a sense that the government’s ‘carrot and stick’ approach – requiring HIPAA security assessments to qualify for meaningful use incentives and increasing OCR enforcement initiatives – was driving real progress.”
A single breach in 2013, the theft of four computers from Advocate Medical Group, may have exposed more than 4 million such records — in 2013, 83 percent of all stolen medical records were exposed as a result of device theft. According to Redspin, the lack of encryption on portable devices presents one of the greatest risks to PHI.
“It’s only going to get worse given the surge in the use of personally-owned mobile devices at work,” Berger said. “We understand it can be painful to implement and enforce encryption but it’s less painful than a large breach costing millions of dollars.”
Full post titled:
What Are Your Security Plans For 2014
With security expertise continuing to be in short supply, managed and cloud services will play a greater role in securing companies in 2014.
Benefiting from the knowledge of managed security service providers — or the built-in expertise in existing cloud security services — can help nontechnical companies build the infrastructure needed to stay secure. For more security-savvy companies, service providers can take over the day-to-day security drudge work and allow internal security teams to focus on bigger security issues that may be affecting the company, says Neil MacDonald, a vice president and fellow at business-intelligence firm Gartner.
“If I’m an organization with limited resources, I would rather free up my security team’s time to focus on more advanced threats rather than the more routine things like log monitoring, firewall management, and vulnerability management,” he says.
Click the link below to read the full post from Robert Lemos titled:
“Patch Tuesday” bulletins shows benefits
of stripping admin rights
92% of all vulnerabilities reported by Microsoft with a critical severity rating can be mitigated by removing admin rights, according to new research from Avecto.
The market leading privilege management firm analyzed data from security bulletins issued by Microsoft throughout 2013.
The results also revealed that removing admin rights would mitigate 96% of critical vulnerabilities affecting Windows operating systems, 91% critical vulnerabilities affecting Microsoft Office and 100% of vulnerabilities in Internet Explorer.
Microsoft bulletins are issued on the second Tuesday of each month, a date known commonly as Patch Tuesday, and provide fixes for known security issues.
If malware infects a user with admin rights, it can cause incredible damage locally, as well as on a wider network. Additionally, employees with admin rights have access to install, modify and delete software and files as well as change system settings.
Paul Kenyon, co-founder and EVP of Avecto said: “It’s astounding just how many vulnerabilities can be overcome by the removal of admin rights.
Click the link below to read the full post from Avecto titled:
Posted on Yahoo Finance by Avecto on 2/18/2014
IT Security Myths
By definition, if a business processes credit card or debit card payments they must adhere to the regulations of the Payment Card Industry (PCI). Pretty straightforward, right? Wrong. Despite the mandate, there remains a great deal of confusion on the part of businesses (large and small) as to what PCI compliance actually entails. Fortunately, much of this misunderstanding falls into one of our four major myths of PCI Compliance. Let’s take a closer look at more than just the facts.
Myth #1: Compliance Equals Certification.
Myth #2: PCI Compliance is a Technical Problem.
Myth #3: PCI Compliance is Forever.
Myth #4: Enterprise Compliance is easier to manage in-house.
Kevan has some very good thoughts. Kevan works for ipswitch and therefore is discussing his products, which are fine products. They are not, however, the only way to achieve PCI compliance. Please feel free to call us at 314-487-6660 to discuss other options.
Click the link below to read the full post from Kevan Bard titled:
Who Got Hacked?
Teenagers Hack Teacher Database – Change Grades
A group of teenagers from Orange County, California, have been expelled from school for breaking into teacher accounts to cheat on tests and adjust their grades. The 11 youths, … used a hardware keylogger to snoop on their teachers’ login and password details.
They then used the stolen login codes to access information on upcoming tests, and to change grades from earlier periods of their education.
They are believed to have acquired the keylogging device from a private tutor, who is also alleged to have taught them how to operate it.
School networks and computer systems tend to be harder to secure than those in business settings, combining low budgets for equipment, software and skilled administrators with diverse requirements and locations.
Click the link below to read the full post from John Hawes titled:
Major Hotel Chains Hacked
White Lodging, the company behind some of the hotels in the US chains Hilton, Marriott, Sheraton and Westin, has been leaking thousands of guests’ credit and debit card information throughout much of 2013.
Security journalist Brian Krebs reports hearing from banking industry sources in January regarding a pattern of fraud on cards used at the hotels from about 23 March 2013 up until the end of 2013.
The fraud popped up in specific hotels located in the US cities of Austin, in Texas; Chicago, in Illinois; Denver, in Colorado; Los Angeles, in California; Louisville, in Kentucky; and Tampa, in Florida.
The common denominator, it turns out, is that all of the affected hotels in those locations contain businesses run by White Lodging Services Corporation, which owns, develops and/or manages premium hotel brands.
Krebs’s sources said that it was mainly the restaurants, gift shops and other businesses that White Lodging runs within some of the hotels that were targeted, as opposed to the front desk computers that check guests in and out.
Click the link below to read the full post from Lisa Vaas titled:
Apple OSX Malware
Date Discovered: February 9th, 2014
Updated: February 13, 2014
Added: Feb 13th 2014: Wednesday evening, Apple updated XProtect to defend against the two known variants of OSX/CoinThief.
SecureMac has more information on how the CoinThief malware is initially installed on infected systems, with steps it takes to disguise its behavior:
The malware is taking the place of the main binary in the trojanized versions of Bitcoin Ticker TTM and Litecoin Ticker, and is set up to run as an agent with a setting for LSUIElement in the Info.plist file. This makes it so the app doesn’t appear in the Dock. A copy of the real Bitcoin Ticker TTM/Litecoin Ticker main binary is hidden in the app bundle. The first time a user runs the trojanized version of Bitcoin Ticker TTM or Litecoin Ticker, the invisible malware program is launched instead.
At that time, the malware program unpacks and installs its payload (the background process and web browser plugins), then moves the correct app binary for Bitcoin Ticker TTM/Litecoin Ticker back into place, and removes the LSUIElement entry from the app’s Info.plist file. It then launches the original Bitcoin Ticker TTM/Litecoin Ticker app, which is now back in the correct path for the app bundle, and the user is none the wiser that a piece of malware just installed itself on their system.
Click the link below to read the full post titled:
Updated on securemac on 2/13/2014
US-CERT Vulnerability Report
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) /United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
- Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
- Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
NO REPORT ISSUED THIS WEEK
A Little Something Extra
Below you will find an ebook, whitepaper or infographic that you might be interested in. I like infographics because they help bring a specific thought or idea a little more perspective by condensing ideas and statistics into a small graphic. Ebooks provide a lot of info on a given subject and whitepapers provide concise info as it relates to a very specific topic. I hope you find these resources interesting!
Would like a copy of this resource? Send me an email to Info@MCS-StL or leave a comment below, and I will email it to you.
If you would like to discuss how Managed Computer Services LLC (MCS-StL) can protect your business from the constant onslaught of security threats, please call us at (636) 614-0866 or (314) 487-6660 and schedule a no cost, no obligation consultation.
Managed Computer Services, LLC (MCS-StL)
(314) 487-6660 or (636) 614-0866
MCS also offers top tier backup and recovery with both local and cloud solutions. And, if you're looking for secure guest WiFi and/or secure file syncing and sharing, hosted Exchange and hosted PBX, we can provide that too.
Call us today at 314-487-6660 to set up a time for us to discuss how we can help your business.
Latest posts by Donald (Don) Weir (see all)
- 2014-07-30 MCS-StL Weekly IT Security News & Threat Summary - July 30, 2014
- 2014-07-29 – PAU – Weekend Patch Report from CIG - July 29, 2014
- 2014-07-28 – US-CERT Vulnerability Report - July 28, 2014