https://padlet.com/mj_frederick/cx1zfmsym95m Auditing & Accountability en-us 2017-09-02 18:27:22 UTC 2018-09-26 14:41:24 UTC hello@padlet.com https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285279902 This article explains how a botnet was searching for cryptocurrency mining rigs with exposed port 3333, which is the default port an Ethereum miner uses for RPC. If found, the device is forced to join another mining pool and uses the owners ETH wallet. The author says the best defense was to disable the remote admin API. He also mentions that by using network based intrusion detection systems, the abnormal use of the "miner_file" should be easily detected.]]> 2018-09-24 22:36:59 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285279902 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285290856 This article reveals the increase in non-compliance fines for several industries. Financial, retail, healthcare, technology, media and energy & utility industries all saw major increases in non-compliance costs from 2011 to 2017. The largest increase involved healthcare organizations at 106% and the lowest coming from Energy & Utility companies at 6%. This article also talks of the importance of a centralized data governance program in establishing a procedure for the handling of data securely and the highly recommends the regular use of audits. These audits are proven to save millions across industries in studies cited in the article and will ensure sensitive data is not mishandled.]]> 2018-09-24 23:59:45 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285290856 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285338860 Vulnerabilities that have been nicknamed Peekaboo were discovered in NUUO NVRMini2, a video software used in surveillance cameras. These vulnerabilities could potentially allow attackers to potentially grant themselves privileges to not only view, but even alter output from these cameras. These vulnerabilities were discovered by Tenable, the company that provides the Nessus vulnerability scanning tool. This discovery allowed NUUO to start working on a patch before a major attack occurred. ]]> 2018-09-25 05:52:19 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285338860 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285449346 Article offers up 4 questions that healthcare organization should ask before moving their data to the cloud. These question cover auditing the data to know what is being protected and how as well as complying with HIPAA regulations to what to do in case of a breach and who is accountable.
https://www.scmagazine.com/home/opinions/four-security-questions-healthcare-organizations-must-address-when-moving-to-the-cloud/]]> 2018-09-25 12:21:27 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285449346 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285806498 App "Teensafe", an app for iOS devices meant for parents to keep surveillance on their children's web browsing, texting, and other usage, had a vulnerable server which security specialists found that Apple ID's and their passwords were stored in plaintext without any encryption, the emails associated with parent Apple accounts stored in plain text, and the app required users to have two factor authentication turned OFF in order to use it.]]> 2018-09-25 23:08:55 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285806498 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285813237 This article shows vulnerability assessment and penetration done by Fashion Nexus, to identify a server containing a database with customer information, to be unsecured. Though the exposed database contained names, emails, birth dates, and phone numbers, it did not contain any financial information of customers. GO ETHICAL HACKERS! ]]> 2018-09-26 00:00:27 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285813237 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285821294 This Article talks about how a data mining software was being used in a breach with a network packet sniffer to steal personal information from Click2Gov a government portal used to pay for US permits. FireEye was used in the investigation and discovered the data breach and let known how it was completed, so it can be prevented in the future.

https://www.scmagazine.com/home/news/report-hackers-used-data-mining-tool-network-sniffer-to-steal-click2gov-information/]]> 2018-09-26 00:56:16 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285821294 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285822361
https://www.scmagazine.com/home/news/freelancers-baited-with-job-offers-to-download-malicious-macros/

Fiverr and Freelancer.com are two largely trusted sites that are used for freelancers. Anyone can post a profile or send a request to a freelancer for their type of work, anywhere from blogging to making logos. It is hard to discern a true customer or patron from a cybercriminal. Due to the risks of doing business with mass varieties of people, one must take precautions. Disabling Marcos is important, but having a well-made sandbox to run high-risk applications in a completely isolated environment can help immensely if a threat finds its way through to your system. This will protect your system and any of your other files from being corrupted if you run across malware while allowing you to use the application as usual. As soon as a threat is noticed, it must be reported to the company so they can enforce their accountability to their users and their business. 

Aside from reporting such attacks from to entities such as Fiverr and Freelancer.com, it’s important to share suspicious activity with email providers. While somewhat dated, Google’s own software engineer Ela Czajka wrote a fairly detailed post in 2012 detailing exactly how and why various messages get moved over to your spam folder ( https://gmail.googleblog.com/2012/03/learn-why-message-ended-up-in-your-spam.html ), as well as linking to an in-depth guide explaining all-things spam-related ( https://support.google.com/mail/answer/1366858?hl=en ). The takeaway from both of these resources is that a bulk of spam and malicious emails are caught by service providers because end-users report suspicious senders and prompt providers to investigate. Marking such senders as spam or otherwise malicious helps keep other users safe, and ensures that that particular sender’s account won’t make their way into your inbox in the future.

Businesses like Fiverr and Freelancer.com have a duty of ensuring accountability on a large scale. That being said, if businesses don’t have controls in place to deter or counteract the people who would break the rules and exploit the resources they have access to, their users can end up in compromised and have their assets at risk. Companies ensure their accountability through auditing, thus allowing them to know what was done and when because of the records they hold of the actions. By using a combination of established best practices as a situation demands and routine auditing, companies can protect themselves and those they serve.

]]> 2018-09-26 01:04:30 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/285822361 https://padlet.com/mj_frederick/cx1zfmsym95m/wish/286054702 This news talks about Telefonica breach leaves data on millions exposed. Hacker exploited a flaw at Spanish operator Telefonica early Monday and likely exposed all the personal data of millions of the company's customers.  Data that was exposed are identity, payment information, landline, mobile, numbers, national ID numbers, addresses, bank, names, records of calls, and other data.
https://www.scmagazine.com/home/news/data-breach/telefonica-breach-leaves-data-on-millions-exposed/]]> 2018-09-26 14:36:37 UTC https://padlet.com/mj_frederick/cx1zfmsym95m/wish/286054702