“Diligence is the mother of good fortune and idleness, its opposite never brought a man to the goal of any of his best wishes.” -Miguel De Cervantes JPMorgan Chase customers targeted in massive phishing campaign http://www.scmagazine.com/jpmorgan-chase-customers-targeted-in-massive-phishing-campaign/article/367615/ http://www.darkreading.com/jp-morgan-targeted-in-new-phishing-campaign/d/d-id/1306589? C-IT Recommendation Provide social engineering awareness for your customers. Ensure you...

“Out there in some garage is an entrepreneur who’s forging a bullet with your company’s name on it.” -Gary Hamel Cybercriminals Deliver Point-of-Sale Malware to 51 UPS Store Locations http://www.securityweek.com/cybercriminals-deliver-point-sale-malware-51-ups-store-locations http://www.scmagazine.com/ups-announces-breach-impacting-51-us-locations/article/367257/ C-IT Recommendation Create new non-intuitive usernames for POS accounts.  Disable  the default usernames. Use Strong password for...

Bulk of Ex-Employees Retain Access to Corporate Apps: Survey http://www.securityweek.com/bulk-ex-employees-retain-access-corporate-apps-survey http://www.infosecurity-magazine.com/news/uk-smbs-manage-exemployee-risk/ C-IT Recommendation Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization. Use Role based Access Control. Roles should be...

“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” – Charles Darwin Windows tech support scammers take root in the U.S. http://www.csoonline.com/article/2464030/security-leadership/windows-tech-support-scammers-take-root-in-the-u-s.html Article Resources Malwarebytes blog on the scare tactic https://blog.malwarebytes.org/fraud-scam/2014/08/beware-of-us-based-tech-support-scams/   2014 So Far: The Year of the Data Breach...

“It doesn’t take great men to do things, but it is doing things that make men great.” -Arnold Glasow PCI Council Publishes Guidance on Working With Third-party Providers http://www.securityweek.com/pci-council-publishes-guidance-working-third-party-providers http://www.scmagazine.com/pci-council-releases-third-party-security-assurance-guidance/article/365658/ C-IT Recommendation Require your third party service provider to provide a report of compliance and require the entity to conform to...

“Great men undertake great things because they are great; fools, because they think them easy.” -Luc de Vauvenargues Hackers Demand Automakers Get Serious About Security http://www.securityweek.com/hackers-demand-automakers-get-serious-about-security http://www.darkreading.com/application-security/automakers-openly-challenged-to-bake-in-security/d/d-id/1297902 C-IT Recommendation Find out if your organization has Security embedded into the Product Development Life Cycle. There should be no...

“The purpose of business is to create and keep a customer.” ― Peter F. Drucker Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco http://www.csoonline.com/article/2459954/data-protection/cisco-patches-traffic-snooping-flaw-in-operating-systems-used-by-networking-gear.html C-IT Recommendation Perform regular security assessments in your organization Corporate leaders must establish a security...

“Genius is one percent inspiration and ninety–nine percent perspiration.” – Thomas A. Edison Android malware SandroRAT disguised as mobile security app http://www.scmagazine.com/android-malware-sandrorat-disguised-as-mobile-security-app/article/364455/ Article Resources McAfee Blog Post http://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing Emory Libraries Information Security Awareness covering Phishing...

“If you work just for money, you’ll never make it, but if you love what you’re doing and you always put the customer first, success will be yours.” – Ray Kroc C-Level Execs to CISOs: No Seat for You! https://www.securityweek.com/c-level-execs-cisos-no-seat-you http://www.scmagazine.com/study-ciso-leadership-capacity-undervalued-by-most-c-level-execs/article/364231/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security […]

“Opportunity is missed by most people because it is dressed in overalls and looks like work.” – Thomas Edison Vulnerability impacting multiple versions of Android could enable device takeover http://www.scmagazine.com/vulnerability-impacting-multiple-versions-of-android-could-enable-device-takeover/article/363414/ http://www.securityweek.com/android-fake-id-vulnerability-lets-malicious-apps-impersonate-trusted-apps C-IT Recommendation Perform an asset inventory of all company owned Android...

“The golden rule for every business man is this: Put yourself in your customer’s place.” Orison Swett Marden Cybercriminals Abuse Amazon Cloud to Host Linux DDoS Trojans http://www.securityweek.com/cybercriminals-abuse-amazon-cloud-host-linux-ddos-trojans C-IT Recommendation Perform a risk analysis for utilizing cloud based services. Understand your limitations of using the cloud including Not having have total control Having your data […]

“My own business always bores me to death; I prefer other people’s.” ―Oscar Wilde WordPress Plugin Vulnerability Exploited to Compromise Thousands of Websites https://www.securityweek.com/wordpress-plugin-vulnerability-exploited-compromise-thousands-websites http://www.csoonline.com/article/2457668/data-protection/thousands-of-sites-compromised-through-wordpress-plug-in-vulnerability.html C-IT Recommendation From the Website Perspective Ensure your organization has a strong asset inventory...

“Good executives never put off until tomorrow what they can get someone else to do today.” -Anonymous eBay faces class-action suit over breach http://www.scmagazine.com/ebay-faces-class-action-suit-over-breach/article/362670/ http://www.csoonline.com/article/2457981/data-protection/ebay-faces-class-action-suit-over-data-breach.html Article Resources Ebay’s publication of Breach http://www.ebayinc.com/in_the_news/story/ebay-inc-ask-ebay-users-change-passwords The Courtroom Paperwork for the...

“The two basic processes of education are knowing and valuing.” -Robert J. Havighurst StubHub Hit in Cyber-Attack That May Have Stolen $10M in Tickets http://www.securityweek.com/stubhub-hit-cyber-attack-may-have-stolen-10m-tickets http://www.scmagazine.com/six-charged-in-global-stubhub-scheme-company-defrauded-out-of-1-million/article/362482/ C-IT Recommendation Ensure your organization has a security awareness program that educates users on basic security practices including not utilizing...

“Every man, however wise, needs the advice of some sagacious friend in the affairs of life.” -Plautus Quarter of UK Shoppers Don’t Trust Retailers on Card Fraud http://www.infosecurity-magazine.com/view/39417/quarter-of-uk-shoppers-dont-trust-retailers-on-card-fraud/ C-IT Recommendation Pay attention to the news regarding data breach. Communicate your security efforts to your customer base Provide customer awareness and communicate the importance of the […]

“He that will not reason is a bigot; he that cannot reason is a fool; and he that dares not reason is a slave.” -Sir William Drummond Password Misuse is Rampant at US Businesses http://www.infosecurity-magazine.com/view/39408/password-misuse-is-rampant-at-us-businesses/ C-IT Recommendation Ensure your organization has a security awareness program that educates users on basic security practices including not utilizing […]

“The successful man is the one who finds out what is the matter with his business before his competitors do.” –Roy L. Smith 31 percent of IT security teams don’t speak to company execs http://www.scmagazine.com/report-31-percent-of-it-security-teams-dont-speak-to-company-execs/article/361263/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational […]

“We generate fears while we sit. We over come them by action. Fear is natures way of warning us to get busy.” -Dr. HenryLink Amazon Web Services Increasingly Used to Host Malware http://www.securityweek.com/amazon-web-services-increasingly-used-host-malware-report C-IT Recommendation Perform an information security risk assessment to see if the partnering organization handles risk in accordance with your company’s risk […]

“Even if you are on the right track, You’ll get run over if you just sit there.” – Will Rogers Active Directory flaw opens enterprise services to unauthorized access http://www.scmagazine.com/active-directory-flaw-opens-enterprise-services-to-unauthorized-access/article/361017/ http://www.securityweek.com/active-directory-vulnerability-puts-enterprise-services-risk http://www.darkreading.com/active-directory-flaw-lets-attackers-change-passwords/d/d-id/1297298?...

“You are not your resume, you are your work.” – Seth Godin Chinese man charged with hack of Boeing, Lockheed Martin aircraft data http://www.scmagazine.com/chinese-man-charged-with-hack-of-boeing-lockheed-martin-aircraft-data/article/360786/ C-IT Recommendation Ensure your organization has Firewalls/Intrusion Prevention Solutions in place that is capable of block incoming attempts from bad reputation IP addresses from countries on the watch list. Verify your […]

“ Progress comes from the intelligent use of experience. ” — Elbert Hubbard Hotel Business Centers Fall Victim to Key Logger Malware http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/ Government recommendations Display a banner to users when logging onto business center computers; this should include warnings that highlight the risks of using publicly accessible machines. Create individual, unique log on credentials […]

“The best executive is the one who has sense enough to pick good men to do what he wants done, and self-restraint enough to keep from meddling with them while they do it.” -Theodore Roosevelt Hackers Attack Shipping and Logistics Firms Using Malware-Laden Handheld Scanners http://www.securityweek.com/hackers-attack-shipping-and-logistics-firms-using-malware-laden-handheld-scanners C-IT Security Recommendation From the product development perspective Find […]

“Hopeless cases: Executives who assert themselves by saying No when they should say Yes.” -Malcolm Forbes Attackers brute-force POS systems utilizing RDP in global botnet operation http://www.scmagazine.com/attackers-brute-force-pos-systems-utilizing-rdp-in-global-botnet-operation/article/360156/ http://www.securityweek.com/brutpos-botnet-targets-pos-systems-brute-force-attacks...