Information Security
3.7K views | +5 today
Information Security
Information Security Focusing on Malware, Browser Based Threats, and solutions.
Curated by Paul Misner
Your new post is loading...
Scooped by Paul Misner
Scoop.it!

SF’s Transit Hack Could’ve Been Way Worse—And Cities Need to Get Ready

SF’s Transit Hack Could’ve Been Way Worse—And Cities Need to Get Ready | Information Security | Scoop.it
THIS WEEKEND, SAN Francisco’s public transit riders got what seemed like a Black Friday surprise: The system wouldn’t take their money. Not that Muni’s bosses didn’t want to, or suddenly forgot about their agency’s budget shortfalls.

Nope—someone had attacked Muni’s  computer system and was demanding a ransom. Monitors in station agent booths were seen with the message, “You Hacked. ALL data encrypted,” and the culprit allegedly demanded 100 Bitcoin (about $73,000).
Paul Misner's insight:

Mass Transit Agencies typically have tight budgets.  There's sensitive data and critical infrastructure that could be hacked. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

ENISA Warns of Information Security of Smart Hospitals

ENISA Warns of Information Security of Smart Hospitals | Information Security | Scoop.it

Theever growing internet of things (IoT) has increased  cybersecurity risks to
hospitals around the globe, according to the European Union’s network and information security agency (ENISA) latest report.

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Taking Action: Effective Measures of Defense - SANS Institute - Webinar Wednesday 11/7 3PM Eastern

Taking Action: Effective Measures of Defense - SANS Institute - Webinar Wednesday 11/7 3PM Eastern | Information Security | Scoop.it
Overview

Many organizations and security practitioners continue to struggle with effective security strategies. The sometimes overwhelming number of potential tools and technologies, which often are not integrated to best effect, often results in an uneven approach to overall security.

This SANS webcast, presented with Forcepoint, will look at the topic of integration to address the critical areas of cybersecurity and discuss how common security scenarios can be addressed with the framework of defending, detecting, deciding and defeating attacks, using real products.
Paul Misner's insight:

Eric Cole is one of the best speakers in the world or cybersecurity.  Please consider attending this event. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Where are the real cybersecurity threats?

Where are the real cybersecurity threats? | Information Security | Scoop.it
In the United States and throughout the world, critical infrastructure essential to our lives are connected to the Internet and vulnerable to hackers be they cybercriminals, terrorists or foreign states.  The damage that a successful attack on any of these areas of our infrastructure could be extensive.
Paul Misner's insight:

Financials, critical infrastructure, and IoT are highlighted. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Source Code Released for Mirai DDoS Malware

Source Code Released for Mirai DDoS Malware | Information Security | Scoop.it
An attacker known as Anna-senpai released source code for the Mirai malware, which was used in a 620 Gbps DDoS attack against Krebs on Security.
Paul Misner's insight:

IoT is already proving to be the next frontier in cyber-attacks. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Education Now Suffers The Most Ransomware Attacks

Education Now Suffers The Most Ransomware Attacks | Information Security | Scoop.it
New data shows ransomware rates worldwide doubling and tripling in past 12 months.
Paul Misner's insight:

Universities and K-12 ... watch out.. Ransonware is heading your way. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

NIST Unveils a Cybersecurity Self-Assessment Tool

NIST Unveils a Cybersecurity Self-Assessment Tool | Information Security | Scoop.it
The National Institute of Standards and Technology has issued a draft of a self-assessment tool that’s designed to help enterprises gauge the impact and
Paul Misner's insight:

This a great tool, that should have some automation added to it, kind of like a Cyber-Security TurboTax

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Data Breach At Oracle’s MICROS Point-of-Sale Division — Krebs on Security

Data Breach At Oracle’s MICROS Point-of-Sale Division — Krebs on Security | Information Security | Scoop.it
Data Breach At Oracle’s MICROS Point-of-Sale Division — Krebs on Security https://t.co/QDXWout16g https://t.co/uKY5bkL3NC
Paul Misner's insight:

The scope of this is incredible, if you eat, or work in a restaurant, your data is in one of these terminals. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Inside the legal case everyone on Wall Street is talking about

Inside the legal case everyone on Wall Street is talking about | Information Security | Scoop.it
In May, five Credit Suisse bankers from the same team walked out the door. Days later, the bank went to court accusing them of stealing confidential documents.
Paul Misner's insight:

Among the problems I see with Credit Suisse in this case.

  • The "vague and hasty" method used to identify what was considered confidential at Credit Suisse. The bank should have  defined, identified secured, and electronically fingerprinted what information was classified.
  • The employees who left were placed on "gardening leave" , but it's pretty apparent that their document access before or during this period wasn't limited or monitored.
  • The arbitration process that was in place was too slow to deal with a case that moved this quickly.
  • Credit Suisse seems to be unable to determine, what was stolen, if it was stolen, and if it was important, to the satisfaction of the courts.
  • There was a change in the compensation program, but no  monitoring in place to identify the possibility of dissatisfied workers leaving the organization. 
  • One good thing, they did restrict access to USB drives, but not printer spools. 

This is a case study in how not to deal with insider theft. If your organization is not looking at this a a problem, you have a big gap in your security program. 

Ironically, 

Take the words of Credit Suiisse themselves "Most organizations are ill prepared to counter threats to cybersecurity because they don’t recognize that most attacks come from insiders."

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Finance department faces biggest insider threat risk, finds research

Finance department faces biggest insider threat risk, finds research | Information Security | Scoop.it
Finance is the department most at risk from insider threats, according to the latest Computing research.

Respondents were asked to rank corporate departments in order of their risk from insider threats, and finance came out just ahead of sales and marketing, and IT.

The rest of the list, in decreasing order of risk, was supply chain, board of directors, legal and research and development.

When respondents were asked what they believe lies behind the increased threats to business from insiders, 83 per cent put it down to a lack of understanding from employees of data security issues.

This suggests that security training schemes are not having the required effect, despite repeated calls from experts for firms to train new starters, and continue to offer refresher courses throughout every employee's career.
Paul Misner's insight:

You can manage both privacy and security, but setting up and sharing and insider threat program with your employees. Happy to talk with you more. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Building Your DLP Strategy and Process

Whitepaper Building Your DLP Strategy & Process. An essential read if you are going to be applying DLP to your business or agency. 

Paul Misner's insight:

This is one of the best whitepapers my company, Forcepoint,, has put out. If you are thinking about implementing DLP, this whitepaper will provide you with simple, no-nonsense language on strategy and process. I'm always available if you want to know more.

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Banner Health nailed by huge cyberattack that compromised personal data of 3.7 million people

Banner Health nailed by huge cyberattack that compromised personal data of 3.7 million people | Information Security | Scoop.it
Individuals’ data may have been compromised by hackers that cracked in via food and beverage payment systems and infiltrated patient healthcare data.
Paul Misner's insight:

Another attack through third party systems. Very important to segment this traffic.

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

How To Prepare For A Data Breach

How To Prepare For A Data Breach | Information Security | Scoop.it
These five from-the-trenches strategies will help you win the fight against today's sophisticated, conniving attackers.
more...
No comment yet.
Rescooped by Paul Misner from Cybercrime and Cybersecurity
Scoop.it!

Mozilla and Tor release urgent update for Firefox 0-day under active attack

Mozilla and Tor release urgent update for Firefox 0-day under active attack | Information Security | Scoop.it
Critical code-execution flaw resides in Windows, Mac, and Linux. Patch now.

Via Oksana Borukh
Paul Misner's insight:

This is important. Update Firefox right now. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Tesco Bank breached: Money stolen from 20,000 accounts

Tesco Bank breached: Money stolen from 20,000 accounts | Information Security | Scoop.it
The UK's Tesco Bank has confirmed that tens of thousands of its customers' current accounts were compromised over the weekend, leading to fraudulen
more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

FCC Adopts New Privacy Rule Limiting What ISPs Can Do With Your Personal Data

FCC Adopts New Privacy Rule Limiting What ISPs Can Do With Your Personal Data | Information Security | Scoop.it
So to that end, the FCC voted today to adopt rules designed to limit how much of internet subscribers’ data ISPs can sell, share, and trade, and to let customers have some more control over the uses of their personal information.

The 3-2 vote today neatly followed the script written by every high-profile proceeding — from net neutrality to LifeLine modernization — of the last few years,
Paul Misner's insight:

This is only part of the discussion that needs to be had. ISP's are just one piece of the privacy issue. The service providers, Google, Facebook, LinkedIn and others have incredible access to this kind of data. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

NSA case highlights growing concerns over insider threats

NSA case highlights growing concerns over insider threats | Information Security | Scoop.it
The arrest of a National Security Agency contractor charged with stealing highly classified material is yet the latest example of a trend that officials say can be every bit as dangerous as an outside hacker: the insider threat.

The federal government has been increasingly concerned about the ability of its own employees and contractors to use their positions to walk away with troves of sensitive information. And it has tried to implement new safeguards to not only better secure important data but also monitor the people with access to it.
more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Nextgov Ebook: Combating the Insider Threat

Nextgov Ebook: Combating the Insider Threat | Information Security | Scoop.it
he federal government continues to battle various threats, and the insider one is particularly insidious. Whether it’s an agency employee who accidentally leaks information or a worker with malicious intent, agencies need to ensure they don’t allow unauthorized access to valuable assets.

A multitude of initiatives across government aim to prevent insider threats. For example, the Defense Department’s DOD Component Insider Threat Records System works to detail national security workers and those cleared for accessing U.S. secrets, flagging who among them could potentially be a risk. At the FBI, the profiling unit—after whom the show “Criminal Minds” was inspired—studies how technology can help detect insider threats. The still-in-progress National Background Investigations Bureau has also considered the idea to implement a score to determine certain individuals’ eligibility to perform secret government work

This ebook reviews some of the efforts agencies are taking on to protect themselves against both the careless employee and the one who went rogue. 
Paul Misner's insight:

Forcepoint has proven solutions to identify, quantify, and stop insider threat. Contact me to engage in a conversation on this topic. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack

A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack | Information Security | Scoop.it
This slightly modified model is a practical way to keep attackers out of your systems.
Paul Misner's insight:

I agree that stopping lateral movement should be something that is added to the kill chain

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

FBI director recommends covering your webcam

FBI director recommends covering your webcam | Information Security | Scoop.it
The head of the FBI covers up the camera on his laptop, and he says you should too.
Paul Misner's insight:

My suggestion is that you dress properly, brush your teeth, and smile instead. 

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

Governments and nation states are now officially training for cyberwarfare: An inside look - TechRepublic

Governments and nation states are now officially training for cyberwarfare: An inside look - TechRepublic | Information Security | Scoop.it
Europe, Canada, USA, Australia, and others are now running training exercises to prepare for the outbreak of cyberwar. Locked Shields is the largest simulation and we take you inside.
Paul Misner's insight:

Actually I am surprised that they haven't been doing this before, and with Apple IIs of all things.

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

The 4 ways Wells Fargo employees were ripping off customers, earning the bank a $185M fine

The 4 ways Wells Fargo employees were ripping off customers, earning the bank a $185M fine | Information Security | Scoop.it

Wells Fargo is on the hook for $185 million in fines after settling charges brought by the Consumer Financial Protection Bureau of widespread abusive and illegal sales practices dating back to the beginning of 2011. 

The company, which is the largest US bank by market capitalization, has fired some 5,300 employees in connection with the scandal, in which workers quietly took advantage of customers in an effort to reap rewards and game an employee-incentive program. 

Paul Misner's insight:

This is a story of insider theft, rolled in a crusty layer of a badly monitored incentive program, topped with a coating of fraud. It's incredible that 5,300 employees acted in this manner for such a long period without getting caught. Proper auditing controls and analysis of non standard deviations from normal user behavior would have cost a whole lot less than the $185 Million that Wells Fargo has to pay in fines. This is not just a lesson for banks, but anyone that provides commission based incentive programs.

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

3 ways to better secure your Facebook account

3 ways to better secure your Facebook account | Information Security | Scoop.it
Is your Facebook as safe as it could be? Try these 3 ways to protec
Paul Misner's insight:

I'm a stickler for locking down Facebook. Facebook's search engine is very powerful, and if you want somebody searching on your location, marital status, hobbies, children, or other things, just keep Facebook open.

more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

'Russian hackers' attack two US voter databases

'Russian hackers' attack two US voter databases | Information Security | Scoop.it
Washington (AFP) - Russian-based hackers may have been responsible for two recent attempts to breach US voter registration databases in two states
more...
No comment yet.
Scooped by Paul Misner
Scoop.it!

5 Tips For Staying Cyber-Secure On Your Summer Vacation

5 Tips For Staying Cyber-Secure On Your Summer Vacation | Information Security | Scoop.it
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
Paul Misner's insight:

I'd also recommend that if no one is in the house, you turn off your wifi, and devices. Always use a VPN when connected to public wifi. 

more...
No comment yet.