Both Oracle and Cisco released patches in the last couple of days, though Oracle’s patches are considered out-of-cycle and critical. Cisco’s patches are part of their standard semi-annual IOS security advisory notice.
Ironic for sure, but this breach makes sense simply because of how rich the target environment is. Verizon has a strong team of IT Security professionals, so I feel confident this will be handled appropriately and expeditiously.
This is yet another example of a well-crafted phishing attack that has resulting in the compromise of significant PII. These issues are not combated by technical controls alone. Organizations must dedicate resources to effective user awareness training and design policies and procedures that allow for proper checks and balances. IT can not solve all problems.
This is a strong play-by-play strategy that every organization should adopt and advance. Kudos to the team at Sophos for continuing the conversation.
This is an important conversation well worth having. Cyber Insurance is an important part of an IT Security risk management strategy. In many industries, despite the best controls, a breach is inevitable. Having a strong policy in place to offset those costs and provide expertise in the areas like forensics and public relations can be the difference between weathering an event and shuttering the doors of the business.
This is a very intriguing discovery by the team as Eset and certainly speaks to the continued need to improve USB port security. Many organizations and corporate entities still do not GPO’s and policies in place to limit USB port usage or auto-application triggers.
Bruce Schneier always makes for an interesting interview. He has a wealth of expertise and no shortage of opinions. Enjoy this discussion from the good people at ThreatPost.