WindowSecurity.com Newsletter of April 2012 Sponsored by: ManageEngine

Welcome to the WindowSecurity.com newsletter by Stu Sjouwerman, Founder of Sunbelt Software & CEO of KnowBe4.com . Each month we will bring you interesting and helpful information on the world of Security. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: feedback@windowsecurity.com

How to protect your IT network from insider threat and address the compliance audit requirements?

With ManageEngine EventLog Analyzer, carry out unintrusive monitoring of internal privileged user activities. On timely detection of activities with malicious intensions, take appropriate action to prevent the attacks on your enterprise resources. Get the compliance reports automatically generated for the PCI-DSS, HIPAA, FISMA, SOX & GLBA regulatory acts. Schedule to get the reports periodically. Customize the existing canned compliance reports. Also create reports for the new compliance acts.

Download 30-Day Free trial of EventLog Analyzer.

Editor's Corner

Blast From The Antivirus Past

Remember MS-DOS Version 6? It was released in March 1993. The new 6.0 had a lot of new stuff including a basic anti-virus program and a disk defragmenter. Other improvements were in the memory management area by
the addition of MEMMAKER.

Now, how did you get your anti-virus updates? You had to buy them! Here is a 3-page PDF that shows how. First the instructions how to get a user ID. Grab your 9600 baud modem and dial their Bulletin Board System (BBS). Next follow the download instructions to get your AV updates. The third page is the promo where they sold you on getting a whopping whole TWO anti-virus updates for as little as $9.95 each. Add the sales tax on top of that. Oh boy, what a deal. Here is my blog post with the link to the PDF.
 
And, did you know that Antivirus is 30 years old?

Simon Edwards created a great blog post about this April 12, 2012. He started out with: “Once upon a time, frighteningly not that long ago, Ross M Greenberg wrote the first anti-virus software for the PC. It was called FluShot and it was written in 1982, thirty years ago this year. FluShot was a DOS program that required 10K RAM. Little information is available about it on the web, and what still exists appears to be largely in text files originally distributed over BBS.” I recommend you read the full blog post, it’s quite interesting really.

Quotes Of The Month

"Foolproof systems don't take into account the ingenuity of fools". -- Gene Brown

"This job would be pretty good if it wasn't for the end users, equipment, and management." -- Daniel Nicholson

Email me at feedback@windowsecurity.com

Warm regards,
Stu Sjouwerman
Editor, WindowSecurity.com Monthly Newsletter

Prevent Email Phishing

Image
Sign Up For Your Free Email Exposure

Want to stop Phishing Security Breaches? Did you know that many of the email addresses of your organization are exposed on the Internet and easy to find for cybercriminals? With these addresses they can launch spear-phishing attacks on your organization. This type of attack is very hard to defend against, unless your users are highly ‘security awareness’ trained.

IT Security specialists call it your ‘phishing attack surface‘. The more of your email addresses that are floating out there, the bigger your attack footprint is, and the higher the risk is. Find out now which of your email addresses are exposed with the free Email Exposure Check (EEC). An example would be the email address and password of one of your users on a crime site. Fill out the form and we will email you back with the list of exposed addresses. The number is usually higher than you think.

Sign Up For Your Free Email Exposure Check Now

Security Detail

Mac Malware Wake-up Call

It's been predicted for years, but suddenly 600,000 Macs were infected with the Flashback trojan. Many Apple users are still in denial and don't want to understand what this means. It's time they wake up and smell the coffee.

Once a platform reaches critical mass, attackers will go after it and Apple is no exception. Now, people might say: "Yeah, but it wasn't OS X, it was Java. Same story with Windows for the most part. The problem is unpatched versions of OS X that run vulnerable versions of Java. The more popular the Mac becomes, the more it will be attacked.

The real problem is users that are not complying with best practices, so I recommend you get yourself an OS X antivirus installed on those Mac machines. It's time.

Utah Health Breach Affects 780,000

State officials in Utah have again revised upward the number of individuals affected by a March 30 healthcare information hacking incident. They now estimate that 780,000 patients were affected.      

Howard Anderson reported this at the Healthcare InfoSecurity site. "Of those [780,000], 280,000 had Social Security numbers exposed, according to a statement. All those affected are being notified of the breach, which authorities believe involved East European hackers accessing a state server. Those whose Social Security numbers were exposed will receive one year of free credit monitoring services." Read more.

SMS-controlled Malware Hijacks Android Phones

Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered new Android malware that is controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise. Called TigerBot, the recently discovered malware was found circulating in the wild via non-official Android channels. Once again, this discovery is proving the sensibility of only installing official applications, and only those available from known, legitimate sources such as Google Play.
Article at Securityweek.

How to protect your IT network from insider threat and address the compliance audit requirements?

With ManageEngine EventLog Analyzer, carry out unintrusive monitoring of internal privileged user activities. On timely detection of activities with malicious intensions, take appropriate action to prevent the attacks on your enterprise resources. Get the compliance reports automatically generated for the PCI-DSS, HIPAA, FISMA, SOX & GLBA regulatory acts. Schedule to get the reports periodically. Customize the existing canned compliance reports. Also create reports for the new compliance acts.

Download 30-Day Free trial of EventLog Analyzer.

SecureToolBox

ViewPoint –-Your Take

Write me! This is the spot for your take on things. Let me know what you think about Security, tools, and things that need to be improved. Email me at feedback@windowsecurity.com 

SecOps: What You Need To Know

Law Firms: "Big Money In Security Breach Cases"

It was a matter of time. Law firms love class action lawsuits, because the rewards are potentially enormous. So we've seen asbestos being used for this, then tobacco, at the moment they are going after Big Pharma and their antidepressants, and the next wave might be... you. If you are in healthcare that's right now, and the rest of us, well just give it a little while.

Why? Security breach cases are big money. CSO said: "Indeed, a suit pending against St. Joseph Health System involves the exposure of medical information of about 31,800 patients. At $1,000 each, even if only one violation is involved, it is simple math to see that would yield damages of $31.8 million." Forty percent of that for the lawyers... cha ching!

However, there is a silver lining here. Randy Sabett, an attorney with ZwillGen, a Washington, D.C.-based law firm specializing in legal issues involved in doing business on the Internet said: "Everybody knows, including judges, that 100 percent security on the Internet simply does not exist. Indeed, there are endless examples of breaches of companies that are in compliance, which makes it much more difficult to prove negligence."

One more reason to pay a lot of attention to being actually compliant!

Here is the link to the full article.

What You Need to Know About CISPA

Dan Rowinski over at ReadWriteWeb wrote: "Battle lines are being drawn over the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA). It's a bill that would make it easier for private companies and the U.S. government to share user information concerning possible cyber threats. Microsoft, Facebook and a host of other technology companies are supporting the bill, but many digital rights groups fear that CISPA is another version of the Stop Online Privacy Act... but worse.

What Is CISPA?

CISPA is different from SOPA and PIPA in that it's not primarily about piracy or privacy issues. Instead, it's intended to help fight cyber attacks. But the bills share similarities that raise red flags with digital rights advocates. Foremost, the language of CISPA is vague, broad and leaves much open for interpretation. CISPA would amend a current law that defines how cyber threat intelligence information is used between the U.S. intelligence community and the private sector. Currently, that's often difficult or prohibited. CISPA would remove that firewall."  More.

Malware Getting Backed Up Along With Data

Kelly Jackson Higgins over at Dark Reading reported something interesting: "When malware slips past antivirus, it can get swept up in an enterprise's system backup -- and ultimately reinfect systems when the company restores applications from its contaminated backup. Oliver Friedrichs, head of Sourcefire's cloud technology group, says this cycle occurs more often than you'd think. Friedrichs recently analyzed data collected from more than 2 million Sourcefire users during a one-month period and found that backup and file restoration applications often inadvertently restore malware.

His findings: During a one-month period, DropBox, a file-sharing and backup cloud-based service, restored 17,705 threats; Maxtor Backup and Restore's MaxSynch, 5,076 threats; 2BrightSparks SynchBack backup software, 165 threats; and FreeFileSync, 104 threats. These were users that had been running traditional AV products." More.

How to protect your IT network from insider threat and address the compliance audit requirements?

With ManageEngine EventLog Analyzer, carry out unintrusive monitoring of internal privileged user activities. On timely detection of activities with malicious intensions, take appropriate action to prevent the attacks on your enterprise resources. Get the compliance reports automatically generated for the PCI-DSS, HIPAA, FISMA, SOX & GLBA regulatory acts. Schedule to get the reports periodically. Customize the existing canned compliance reports. Also create reports for the new compliance acts.

Download 30-Day Free trial of EventLog Analyzer.

Hackers’ Haven

I Fell For The Oldest Social Engineering Trick In The Book

Bill Brenner wrote: "I've written countless stories about social engineering, with security experts far and wide telling our readers never to open a link from someone we don't know. We've also published advice about making sure a message from a friend is for real before opening. That didn't stop me from falling for one of the oldest tricks in the book. It came in as a direct message on Twitter Friday, from Network World writer Brandon Butler, who sits in the next cube over from me at the office. He's a nice, mild-mannered chap, so when I got a tweet in his name, I opened the link without thought. Well, that's actually not true. I did have thoughts --based on his tweet: "Hello somebody is saying very bad rumors about you... (URL removed)"  Story here.

Stuxnet Was Planted Via Infected Memory Stick

"Although it has never been confirmed, the speculation that the Stuxnet worm was manufactured for the express reason of disrupting the production at Iran's Natanz uranium enrichment facility is considered to be correct by many security experts. Theories about who actually created it abound, and the one that says the US and Israeli government were behind it has been voiced more often than others. If a report by Industrial Safety and Security Source is to believed, current and former US intelligence sources have confirmed that Israel's intelligence agency Mossad is responsible for the worm's introduction into the plant's systems. Here is the story.

Redmond Patches Critical Windows Zero-Day Exploited By Hackers

This month's Patch Tuesday was interesting, since there is a patch that hackers are actively using to get into your user's systems. It's MS12-027 and it is in an ActiveX control included with every 32-bit version of Office 2003, 2007 and 2010. But Redmond also said that SQL Server, Commerce Server, BizTalk Server, Visual FoxPro and Visual Basic needed the patch. MS12-027 is the FIRST update you should install.

Hackers are as we speak using the hole in malformed text documents, which when opened either in Word or WordPad can hijack a PC, Microsoft acknowledged in a post to its Security Research & Defense (SRD) blog.
 

Fave links & Cool Sites

How to protect your IT network from insider threat and address the compliance audit requirements?

With ManageEngine EventLog Analyzer, carry out unintrusive monitoring of internal privileged user activities. On timely detection of activities with malicious intensions, take appropriate action to prevent the attacks on your enterprise resources. Get the compliance reports automatically generated for the PCI-DSS, HIPAA, FISMA, SOX & GLBA regulatory acts. Schedule to get the reports periodically. Customize the existing canned compliance reports. Also create reports for the new compliance acts.

Download 30-Day Free trial of EventLog Analyzer.