Given the number of Thinkpad users in the wild, this is a particularly sensitive vulnerability that should be patched as soon as possible.
https://threatpost.com/lenovo-patches-vulnerabilities-in-system-update-service-2/115482/
Month: November 2015
Vtech breached, customer data stolen. Change your password now!
Parents beware! Given the proximity of the Christmas holiday, this breach is particularly important. You may have set and forgotten these credentials a season ago, so go check, update, and monitor accordingly.
https://nakedsecurity.sophos.com/2015/11/30/childrens-toy-maker-vtech-hacked-online-store-breached/
Sophos Weekly Recap
Security Bug in Dell PCs Shipped Since 8/15
This is a very lucid explanation of the Dell self-signed certificate issue that has spread across the IT security sites and forums the last couple of days. It is being compared to the Lenovo Superfish debacle of earlier in the year, but Dell’s issue appears to be less diabolical and easier to remedy.
http://krebsonsecurity.com/2015/11/security-bug-in-dell-pcs-shipped-since-815/
How to Enable Multifactor Security on Amazon
This is fantastic advice from Brian Krebs for 2-factor authentication at Amazon, especially entering the holiday shopping season.
http://krebsonsecurity.com/2015/11/how-to-enable-multifactor-security-on-amazon/
Sophos Weekly Recap
Department of Education Lambasted Over Database Vulnerabilities
I honestly do not know what to say or where to begin. I cannot say that I am surprised that yet another government agency has failed to fund and execute an effective IT security program. This is a systemic problem and I believe it should be addressed before additional controls are passed down to the private sector. The approach of “do as I say and not as I do” can no longer be allowed to stand.
https://threatpost.com/department-of-education-lambasted-over-database-vulnerabilities/115433/
VirusTotal Adds Sandbox Execution for OS X Apps
Call it what you will – a sign of the times, an inevitability, a sign that Apple has real traction in the desktop space – but malware is alive and well in the world of OS X and VirusTotal is taking this fact seriously.
https://threatpost.com/virustotal-adds-sandbox-execution-for-os-x-apps/115424/
“Onion-Layered” Incidents Among Top Cybercrime Trends Observed by IBM
This is a “sad but true but expected” article to ponder. Kudos to the teams at IBM and Tripwire for shining a light on this problem.
The Irony of Ethics in Malware
I have seen this debate in many different forms and all ring true. Professionalism, consistency of delivery, and customer service are quite relevant regardless of the deliverable. People are clearly willing to pay for prompt service, whether they originally wanted it or not. The lessons to be learned are numerous , but allow me to start with the simplest first. If we as security practitioners approached the proactive controls and the delivery of said controls with the same professionalism, consistency and promptness, would ransomware be as big of problem today?
Virtual Sweater Vest 