ANCHOR CYBER FEED

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . Another cause of system and network vulnerabilities is configuration choices. Modern systems can be very complex, with a bewildering array of potential configuration options. Identifying and understanding these is a major challenge, as is ensuring that all of your systems and devices are configured as intended.Anything man-made will have imperfections. When they are serious and potentially life-threatening, we sometimes spend a lot of time and effort to remedy them. My minivan, for instance, has been in to the dealer for three different recall-related repairs in the eleven years I've had it! Modern software is, in many ways, more complex than any physical thing that can be built. Yet its ephemeral nature makes it relatively easy to modify after its initial "manufacturing" is complete. The consequence of the

Houston Company lost $480k to Email-based Wire Fraud, Sues Insurer Over Denied Claim Ameriforge Group, Inc., of Houston is suing their cyber insurance provider, Federal Insurance, over Federal's denial of a claim. Ameriforge's CFO wired the amount to a bank in China as instructed in an email that purported to be from the company's CEO. The insurer contends that because the incident centered around a voluntary transfer of funds (though prompted by a fraudulent email), the incident is not covered by the policy. The lesson for organizations is two-fold: a) ensure that adequate checks and balances are present in all processes involving transfers of funds, particularly of large amounts, and b) ensure you know exactly what any cyber insurance policy will and will not cover, and check closely into the history of the insurer before purchasing coverage. http://krebsonsecurity.com/2016/01/firm-sues-cyber-insurer-over-480k-loss/ Austrian Aircraft Company Loses $54M to Cyber F

TrendMicro AV Vulnerability Created Major Remote Exploit Potential on Computers Last Monday Google's Project Zero disclosed a vulnerability they had found in TrendMicro's anti-virus software which made it possible for any website a "protected" computer visited to execute arbitrary code on the computer. A related flaw allowed a remote website to potentially harvest any and all stored passwords in the browser. TrendMicro has released a new version fixing the problems (Google held the disclosure until the fix was available). This is an excellent example of the danger of unsound security software -- security software, such as antivirus, is so deeply integrated into the machine that a vulnerability in this software has vast potential for creating mayhem. https://code.google.com/p/google-security-research/issues/detail?id=693 http://arstechnica.com/security/2016/01/google-security-researcher-excoriates-trendmicro-for-critical-av-defects/ Microsoft Patches Six Crit

This post is one in a series of blog posts on the fundamentals of an information security program. You can see the complete list of posts in this series here . Don’t Forget about the Database The bike wheel is often used as the basis of a metaphor when explaining dependencies. The rim and tire are at the outer facing edge, the spokes offer a means of support to the rim, and the hub is at the center holding everything together. This assembly is known to all, simple to understand, and usually contains all of the components needed to communicate complex scenarios at a high level. For these reasons it is also ideal for use when explaining most application environments. In this situation, the application (tire) resides on the servers (rim), is supported by the network (spokes), and communicates back to the database (hub). Yet, although the database is central to all environments and is vital to its operation, it is often overlooked when it comes to security. Here are some ways appli

Microsoft to Drop Support for Internet Explorer Versions Older Than 11 Microsoft's Patch Tuesday this week will see the LAST updates for outdated versions of Internet Explorer. After this week, Microsoft will only provide support and updates for Internet Explorer 11, for all Windows versions on which it is available. Windows platforms for which IE 11 is not available are Windows Server 2012 (original release, not R2), for which IE 10 will remain supported, and Windows Vista SP2 and Windows Server 2008 SP2 (original release, not R2), for which IE 9 will remain supported. https://blogs.msdn.microsoft.com/ie/2014/08/07/stay-up-to-date-with-internet-explorer/ First Known Javascript-Based Ransomware Malware Discovered, Affects Multiple Platforms Ransomware, which acts by encrypting locally-stored files in order to deny organizations access to their own data until they pay a ransom, is one of the most common threats to organizations' computer systems in recent years. A new

Outsourced Security Services Continue to Grow It is estimated that 1 MILLION information security jobs will go unfilled in the US this year. Hiring experienced and competent information security personnel is difficult in this job market, even as more organizations are feeling a need to have dedicated security personnel as part of their IT staffs. This job market reality will likely fuel accelerating growth in the adoption of security-as-a-service offerings, as organizations outsource security roles to providers such as managed security service providers (MSSPs). Increasing Use of Stolen Data for Extortion The Ashley Madison breach last year demonstrated the potential of information obtained via data breaches as fodder for extortion. To date, such information has typically been leaked to the media or otherwise made public, with the intent of embarrassing the subjects (the Sony breach is another example, as are countless past “hacktivist” incidents). However, in the future we a

Adobe Flash Becomes Clearly the Biggest Source of Desktop Vulnerabilities Flash has been viewed as very seriously problematic for some time now, but it shared mind-share with Java, IE, Acrobat, and Office as a source of vulnerabilities on the desktop. All of these have continued to provide new client-side vulnerabilities for hackers to exploit (though Java and Acrobat/Reader have had very few in the past year compared to previous years), but this year Flash clearly dwarfed them all. There were 279 Flash vulnerabilities published on the CVE (Common Vulnerabilities and Exposures) list during 2015 with CVSS (Common Vulnerability Scoring System) scores of 9 or higher (10 is the highest possible score, and a LOT of these 279 have scores of 10). Some industry sources estimated that 2/3 of the desktop breaches in 2015 were due to Adobe Flash. If you don't have a method in place to ensure Flash is patched rapidly when an update is available, be sure to get one. ​During one particular

This week's news brief is two weeks' worth due to the holiday. Also, be sure to check out our Annual Infosec News Brief for the top stories and trends from 2015. Out-of-Cycle Flash Update Issued to Fix Zero-Day Vulnerability Adobe released an unscheduled Flash update in December due to a vulnerability (CVE-2015-8651) that was being actively exploited; the update fixes eighteen other flaws as well. The update appears to be the one originally planned for release the second Tuesday in January. Updating Flash as soon as possible is a must. The best solution may be to disable Flash entirely, but there are still enough sites and applications that require it to make that problematic. An alternative solution is to leave Flash (and other plugins, like Java) installed on an alternative browser and use that browser only for sites that require the plugins. An even better solution may be to enable " click to play ." All major browsers have some form of setting that allow