C-IT Security Podcast
C-IT Security Podcast
Charles Whitby: Business Security Thought Leader
Fostering creative thinking for the prudent business leader to make intelligent security decisions
8-25-14 An attack targeting JP Morgan and Chase Customers in the United States
“Diligence is the mother of good fortune and idleness, its opposite never brought a man to the goal of any of his best wishes.” -Miguel De Cervantes JPMorgan Chase customers targeted in massive phishing campaign http://www.scmagazine.com/jpmorgan-chase-customers-targeted-in-massive-phishing-campaign/article/367615/ http://www.darkreading.com/jp-morgan-targeted-in-new-phishing-campaign/d/d-id/1306589? C-IT Recommendation Provide social engineering awareness for your customers. Ensure you communicate specifically how your organization will communicate […]
Aug 25, 2014
8 min
8-20-14
“Out there in some garage is an entrepreneur who’s forging a bullet with your company’s name on it.” -Gary Hamel Cybercriminals Deliver Point-of-Sale Malware to 51 UPS Store Locations http://www.securityweek.com/cybercriminals-deliver-point-sale-malware-51-ups-store-locations http://www.scmagazine.com/ups-announces-breach-impacting-51-us-locations/article/367257/ C-IT Recommendation Create new non-intuitive usernames for POS accounts.  Disable  the default usernames. Use Strong password for Terminal log in accounts and change them […]
Aug 21, 2014
9 min
8-19-14
Aug 19, 2014
7 min
8-18-14 The problem with former employees retaining access to companies they no longer work for
Bulk of Ex-Employees Retain Access to Corporate Apps: Survey http://www.securityweek.com/bulk-ex-employees-retain-access-corporate-apps-survey http://www.infosecurity-magazine.com/news/uk-smbs-manage-exemployee-risk/ C-IT Recommendation Verify your company has an effective and enforced access control standard and policy which requires that access be removed when an employee transfers within the organization or leaves the organization. Use Role based Access Control. Roles should be specifically defined by the […]
Aug 18, 2014
9 min
8-13-14 A tech support scam targeting trusting users, a report describing 2014 as the year of the data breach, Microsoft’s plan to stop supporting older versions of Internet Explorer
“It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” – Charles Darwin Windows tech support scammers take root in the U.S. http://www.csoonline.com/article/2464030/security-leadership/windows-tech-support-scammers-take-root-in-the-u-s.html Article Resources Malwarebytes blog on the scare tactic https://blog.malwarebytes.org/fraud-scam/2014/08/beware-of-us-based-tech-support-scams/   2014 So Far: The Year of the Data Breach http://www.infosecurity-magazine.com/news/2014-the-year-of-the-data-breach/ C-IT […]
Aug 13, 2014
11 min
8-12-14 The PCI Council publication advising companies how to ensure security compliance with third party service providers, New malware that hides in media files, Microsoft patch Tuesday bulletins
“It doesn’t take great men to do things, but it is doing things that make men great.” -Arnold Glasow PCI Council Publishes Guidance on Working With Third-party Providers http://www.securityweek.com/pci-council-publishes-guidance-working-third-party-providers http://www.scmagazine.com/pci-council-releases-third-party-security-assurance-guidance/article/365658/ C-IT Recommendation Require your third party service provider to provide a report of compliance and require the entity to conform to conducting a risk analysis […]
Aug 12, 2014
14 min
8-11-14 A letter issued to Automotive CEOs to beef up automobile security, New bank malware activity in the United States, a website vulnerability that your company may need to fix
“Great men undertake great things because they are great; fools, because they think them easy.” -Luc de Vauvenargues Hackers Demand Automakers Get Serious About Security http://www.securityweek.com/hackers-demand-automakers-get-serious-about-security http://www.darkreading.com/application-security/automakers-openly-challenged-to-bake-in-security/d/d-id/1297902 C-IT Recommendation Find out if your organization has Security embedded into the Product Development Life Cycle. There should be no new systems released to the public or deployed […]
Aug 12, 2014
12 min
8-7-14 A report by Cisco Systems alleging most enterprises are exposed to browser attack, 1.2 Billion email accounts globally hacked by a Russian attack group
“The purpose of business is to create and keep a customer.” ― Peter F. Drucker Over 90% of Enterprises Exposed to Man-in-the-Browser Attacks: Cisco http://www.securityweek.com/over-90-enterprises-exposed-man-browser-attacks-cisco http://www.csoonline.com/article/2459954/data-protection/cisco-patches-traffic-snooping-flaw-in-operating-systems-used-by-networking-gear.html C-IT Recommendation Perform regular security assessments in your organization Corporate leaders must establish a security debrief cadence with the information security teams. CSOs/CISO’s should meet with operational teams weekly […]
Aug 7, 2014
16 min
8-5-14 Data thieving software posing as a security application on Android Devices, a report explaining that most top free and paid mobile apps pose threats to organizations
“Genius is one percent inspiration and ninety–nine percent perspiration.” – Thomas A. Edison Android malware SandroRAT disguised as mobile security app http://www.scmagazine.com/android-malware-sandrorat-disguised-as-mobile-security-app/article/364455/ Article Resources McAfee Blog Post http://blogs.mcafee.com/mcafee-labs/sandrorat-android-rat-targeting-polish-banking-users-via-e-mail-phishing Emory Libraries Information Security Awareness covering Phishing http://it.emory.edu/security/security_awareness/phishing.html   Most Top Free and Paid Mobile Apps Pose Threat to Enterprises: Report https://www.securityweek.com/most-top-free-and-paid-mobile-apps-pose-threat-enterprises-report C-IT Recommendation Perform an asset […]
Aug 5, 2014
12 min
8-4-14 A report that shows many c-level executives have little respect for their Information Security Leaders, a social engineering campaign that takes advantage of Microsoft Word weaknesses, The US Department of Homeland Security’s report on Point of Sales system attacks
“If you work just for money, you’ll never make it, but if you love what you’re doing and you always put the customer first, success will be yours.” – Ray Kroc C-Level Execs to CISOs: No Seat for You! https://www.securityweek.com/c-level-execs-cisos-no-seat-you http://www.scmagazine.com/study-ciso-leadership-capacity-undervalued-by-most-c-level-execs/article/364231/ C-IT Recommendation Corporate leaders must establish a security debrief cadence with the information security […]
Aug 4, 2014
20 min
Load more