cheap canadian meds online

Subscribe to FeedSubscribe
to Feed
Recent Posts

Archive for April, 2011

Do you know which threats your Anti-Virus won’t stop?

Thursday, April 21st, 2011

News headlines have been a constant reminder every day that data leakage and malware attacks are on the rise, and increasing at high speeds.  Many believe these malicious attacks are targeted towards large corporations with big bucks, but businesses of all size and functions are facing these risks every day.  Your basic anti-virus solution alone won’t stop these attacks; you need to take extra provisions when protecting your organization.

To help you mitigate the risks, InfoSight has put together a list of threats your anti-virus won’t stop.

Threat #1: The Zero Day Threat
Your anti-virus solution doesn’t recognize zero-day threats because they don’t match up with previous threats or patches.  Zero day attacks are used to exploit security deficiencies that haven’t been patched, and then spread to other computers on the network.
Defense: Add additional defenses on top of your signature-based anti-virus solution. Host Intrusion Prevention systems (HIPS) are a great tool to monitor and block suspicious activity.

Threat #2: Working outside of your firewall
Now that more and more employees are working outside of their organizations on personal laptops, Smartphones, etc. The original network or gateway firewall is no longer enough to protect the organizations’ servers and PCs.
Defense: Add a location-aware client firewall on laptops and other endpoint PCs that are used for work outside of the office. HIPS are also helpful to strengthen this defense and to detect suspicious behaviors on unsecured networks.

Threat #3: The Unpatched PC
All it takes is a single unpatched vulnerability in your operating system, browser or application and you’re in for some massive problems.
Defense: Develop an access controller or patch management system that verifies if all systems connected to your network have all the current patches and anti-virus updates in place.  Data Loss prevention systems also allow for encryption of your data along with content scanning to protect your network.

Threat #4: The Uncontrolled Application
We all know that allowing unmanaged applications access to the web brings an unacceptable amount of risk and performance issues to your organization’s network.
Defense: Introduce an application-control software that allows you to block users from installing unnecessary applications.  Fewer applications reduce the amount of vulnerabilities to manage and secure.

Threat #5: Web Insecurity
Cybercriminals (and their techniques) are growing almost as fast as the security solutions themselves. They use the Web as their single biggest distribution point for malware.
Defense: Use a combination of URL filtering tools and continually scan web pages for malware.

Threat #6: The Lost Laptop
It’s not difficult to replace a laptop, but recovering the data can be close to impossible.
Defense: Develop and implement a data encryption policy.

Threat #7: The Misdirected Email
One typo and your email goes to the wrong person, but who are they, and where’d your information go? Misdirected email could expose personal, confidential, and identifiable information about your organization or your customers.
Defense: Use a combination of URL filtering tools and continually scan Web pages for malware.

Threat #8: The Infected USB Device
USB ports are an easy means of attack when plugged into a company computer. The USB drive bypasses other layers of your network defense such as your gateway firewall protection making for an easy attack.
Defense: Implement a device control system that specifies which USB devices and users are permitted to plug into PCs.

How do you manage updates and patches across your organization? If you outsource patch management, are you concerned about the lag between updates?

Got an opinion? The discussion hasn’t started yet. Who don’t you begin it?


Overview of Microsofts March 2011: Patch Tuesdays

Thursday, April 7th, 2011

Microsoft has issued an advanced security notification for the month of March 2011. Patch Tuesday, as nicknamed by Microsoft, where the company releases the latest security patches for Windows, Office, Internet Explorer and other Microsoft branded software on the second Tuesday of every month.

This month is a light one, bringing only three bulletins, one which is labeled Critical, Microsoft’s highest security rating, and the other two labeled as Important. All three patches will fix remote code execution flaws in both the Microsoft Windows operating system and in Microsoft Office.

There hasn’t been any mention if a patch will be released for the MHTML vulnerability found on all supported versions of Windows. The vulnerability exists by the way MHTML interprets MIME-formatted requests, allowing an attacker to run an unauthorized script. We’ll have to wait till March 8 for the patches to be released to determine if the MHTML vulnerability has been patched.

The patches will fix vulnerabilities in the following software:

•Windows XP SP3
•Windows Vista SP1 & SP2
•Windows 7
•Windows Server 2003 SP2
•Windows Server 2008 R2
•Microsoft Office Groove 2007
Some of these updates will require a restart. Affected software includes both 32-bit and 64-bit, where applicable.

Security Patches

MS11-015/KB2510030 – Critical (XP, Vista, 7)/Important (2008 R2): There is a remote code execution vulnerability in DirectShow, Windows Media Player, and Windows Media Center. They can be triggered by opening media files. You’ll want to patch this immediately since we know how people are more than happy to open videos of cats doing cute things. 476KB – 2.2MB

MS11-016/KB2494047 – Important (Microsoft Groove 2007): This patch addresses another in the long line of errors with opening files on a share with a malformed attack DLL. In this case, it’s Microsoft Groove 2007. Install this patch if you use Groove. 3.0MB

MS11-017/KB2508062 – Important (CP, Vista, 7, 2003, 2008, 2008 R2): A problem in the Remote Desktop Client allows attackers to perform remote code execution attacks by putting an EDP file in the same location as a bad DLL file. This is a variation on a common theme over the last few months. Luckily, this is a somewhat uncommon scenario, and the installation of this patch can wait until your usual patch time. 759KB – 4.9MB

Other Update

KB2505438 – This patch resolves an issue with DirectWrite slowing down W7 and 2008 R2 machines. 1.6MB – 2.4MB

“The Usual Suspects”: Updates to the Malicious Software Removal Tool (3.0MB – 12.5MB) and the Junk Email Filter (2.2MB).

Changed, but not significantly:

  • KB972493 – WSUS SP2 Dynamic Installer for Server Manager

Updates since the last Patch Tuesday

There were no security updates released out-of-band.

Minor items added or updated since the last Patch Tuesday:

KB2387530 – Fixes issues with connecting to a Wi-Fi Protected Setup device in Windows 7 192KB

KB2483139 – A massive drop of language packs for Windows 7 SP1 37.3MB – 196.5MB

KB2484033 – Fixes for problems printing XPS documents in W7 and 2008 R2 343KB – 1.1MB

KB2488113 – Reliability update for W7 and 2008 R2, for applications running DirectX in a browser 161KB – 492KB

KB2498472 – W7/2008 R2 reliability update to fix a false message about a corrupted file system 1.9MB – 4.4MB

KB947821 – February update to the System Update Readiness Tool for Vista, W7, 2008, and 2008 R2 41.3MB – 159.6MB

KB976932 – Service Pack 1 for W7 and 2008 R2: According to Microsoft, no new features are introduced in SP1; it’s just a giant collection of existing patches. This was released to Windows Update a few weeks ago, but just now deployed to WSUS servers. 569MB – 947MB

Changed, but not significantly:

  • KB2393802 – MS11-011 (Security Update for W7 and 2008 R2)
  • KB2160841 – MS10-077 (Security Update for .NET Framework 4)
  • KB2416472 – MS10-070 (Security Update for .NET Framework 4)
  • KB968930 – Windows PowerShell 2.0 and WinRM 2.0 for Vista/2008
  • KB971029 – Update to AutoPlay functionality in XP, Vista, 2003, and 2008
  • KB971033/KB972493 – Update for Windows Activation Technologies in W7
  • KB982670 – .NET Framework 4 Client Profile
  • KB982671 – .NET Framework 4


The Bank Cash-Advance Scam: Are your employees prepared?

Tuesday, April 5th, 2011

The Bank Cash-Advance Scam: Are your employees prepared?

Cash advance scams involving credit cards are nothing new; but the scam still works because some banks and credit unions have let their guard down, and the bad guys know this. The most recent cash-advance schemes targeting smaller banking institutions just go to show that the employees of financial institutions could use a refresher course in information security awareness.

The FICO first noticed these scams two years ago, and issued several notices to financial institutions about the methods being used, but apparently bank employees still fall victim to the attacks. This to me is a major warning sign that the security protocols in these banks are not being met or followed, pointing to human error. The old saying, “If you can’t hack the technology, hack the people” holds true. The cash-advance scam is easy to identify and catch, if bank and credit union employees are trained not only to spot them, but to handle them as they come.

Protection & Prevention

Obviously, the first step to prevent these attacks is employee training. Not to sound too much like an advertisement but rather to make a point, InfoSight offers comprehensive information security awareness courses that include social engineering. Our customers often request that training be followed by a “secret shopper” – i.e., one of our security experts who reinforces the training by posing as a scammer, unbeknownst to employees.

Other ways to mitigate the risk is to encourage the communication between institutions, as well as notifying payment processors, along with any associations associated with the bank. It’s important to educate everyone on the scam and the precautions to take.

And it never hurts to show your customers how your institution is taking a proactive approach to these attacks. You might even invite your commercial customers to participate in security awareness training that you provide for them through our education arm, InfoSight-U.

In short, if someone walks into your institution and is not a customer but wants a cash advance, some bells and whistles should go off. Tell me, what measures does your institution take to mitigate the risk of scammers?

What do YOU do? Please help continue our conversations by commenting on this post.