Debra Shinder WS Blog

If you’re supporting Android phones made by Samsung, either as company-issued handsets or through your BYOD program, you need to know about a vulnerability reported this past week that can be used to gain access to apps, settings or the dialer – even though the phone is locked with a PIN, pattern or other method. Samsung is said to be working on a fix. This works on Galaxy phones and is similar to the lock screen flaw in iPhones that was just recently patched by Apple. See the details here:

http://news.cnet.com/8301-1009_3-57575305-83/samsung-lock-screen-flaw-found-company-working-on-fix/

There’s a new Trojan in town, and it’s gunning for OS X computers, so if you have any Macs in your organization, be aware of this adware plug-in that’s called Trojan.Yontoo.1. There are several different avenues by which the Trojan installs itself, including downloadable software (media player, download accelerator) and via a prompt on movie trailers.

Who’s responsible for the security of cloud applications and infrastructure? Is it the cloud provider? The IT department? The end user? The answer is different, depending on who you ask. What does that portend for those companies that are currently using SaaS or IaaS, or who are considering doing so in the future? Is it significant that almost half of respondents to a recent survey say their organizations have stopped or slowed adoption of cloud services due to security concerns?

This interesting infographic summarizes in pictorial form the results of that survey commissioned by CA Technologies and done by Ponemon as part of the 2013 Security of Cloud Computing Users study. Check it out here:

https://www.dropbox.com/s/j7u9u80g7efe92g/ca_infog_cloudminder_final300.jpg

There are many reasons to be concerned about email security. The mail that your employees send can contain company secrets or other confidential business information that could hurt your position in the marketplace if revealed. The mail that your employees receive can contain malware that could infect the machines on your network and cause you to lose data and/or impair productivity. But another, very important aspect of managing your company’s email is being prepared for it to come under legal scrutiny, either as part of a regulatory audit or in the discovery process if the company is involved in a lawsuit or even a criminal case.

I addressed this issue and how a proper email archiving system can keep you out of hot water in my blog post at
http://www.gfi.com/blog/is-your-email-a-ticking-legal-timebomb/

Tablets have taken the computing world by storm but the proliferation of iPads and a plethora of Android devices that have infiltrated business networks through BYOD programs are causing security headaches. Now there’s an alternative that gives users and admins the best of both worlds: a tablet with the familiar Windows interface that runs legacy Windows applications, that can be managed through Group Policy like any Windows client computer. That’s what the Surface Pro has to offer, and I did a review of it over on TechRepublic that you might find interesting if your organization is looking at allowing tablets to connect to your network.

http://www.techrepublic.com/blog/tablets/going-pro-one-hot-surface-thats-a-joy-to-touch/3083

We know Big Data is one of those buzzwords that’s trendy right now, and it’s being touted as the end-all, be-all that takes business intelligence to the next level by providing analytics that can make sense of that mass of structured and unstructured information that organizations are busily collecting. But is Big Data also the solution to Advanced Threat Protection? Peter Wood, partner and CEO with First Base Technologies, is going to weigh in on that question in this “ethical hacker’s view” to be presented at 6:00 a.m. on March 13 – and it just might be worth getting up early for.
Check it out on the BrightTalk web site here:
https://www.brighttalk.com/webcast/288/66301

For way too long, organizations have been depending on user names and passwords to authenticate users – despite the strongly voiced opinions of many experts in the security field that it’s no longer enough. Gradually, though, some companies are starting to explore other, potentially stronger solutions. Industries such as banking, healthcare and government – where sensitive information proliferates and regulatory restrictions require that such data be secured – such authentication methods as fingerprint scanning, voice recognition and other biometric or physiometric solutions are being tried out. Read more here:

http://www.bankinfosecurity.com/authentication-staying-up-to-date-a-5585?rf=2013-03-08-eb&elq=728247ee8de243c4b2fd3d6dd93e47fa&elqCampaignId=6089

“Sandboxing” has been touted as the ultimate security solution, but the protection it offers is only as strong as the sandbox itself. And when there are vulnerabilities in the sandbox that allow attackers to circumvent it, you don’t get much protection at all.

A researcher in Poland, unhappy with Oracle’s dismissal of a flaw he previously reported, decided to dive deeper and found five brand new vulnerabilities in Java SE 7, which would allow an attacker to do just that.

Have you disabled Java on your organization’s computers yet?

http://threatpost.com/en_us/blogs/prompted-oracle-rejection-researcher-finds-five-new-java-sandbox-vulnerabilities-030413

Phishing attacks have been around for a long time, but they’re increasing in frequency, and they’re also getting more sophisticated. And no one is safe, regardless of what operating system you use since recent attacks of this type are targeted toward the web browser and browser plug-ins rather than the OS.

They still usually begin with an email message. Some of these are pretty obviously phony, like the message I received recently purporting to be from hmrc.gov.uk (Her Majesty’s Revenue & Customs), notifying me that I have been determined to be eligible for a tax refund if I just complete the attached form (which, of course, contains a malware file). The fact that I’ve only been to the U.K. once and have never filed a tax return there was the big clue that this might not be legit. But it’s well done, and might very well fool some U.K. residents.

I received the following quote from CORE Security regarding the advance notification released today for the seven Microsoft security bulletins to be released next Tuesday:

“Preventing future drive-by style attacks and protecting end-users appear to be the theme of this month’s Patch Tuesday. Bulletin number one represents the significance of this update as the Remote Code Execution can be used to target and exploit end-users across all versions of Internet Explorer on Windows desktops. My concern in reviewing these updates isn’t so much centered around the critical nature of the vulnerability, but rather the number of end-user patches that are required to shore them up. These patches can be a hassle for users to deploy and have the potential to create a long enough delay where hackers can take advantage.” – Alex Horan, senior product manager, CORE Security