Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Salesforce Passwords At Risk From Dyre
Newest First  |  Oldest First  |  Threaded View
GonzSTL
GonzSTL,
User Rank: Ninja
9/10/2014 | 12:20:50 PM
Re: More user awareness about phishing and social engineering
I do not mean to hammer on CIOs, but what about the CIOs who believe that "all things IT" should belong to them, including security? Do they not realize the inherent conflict of interest in that line of thinking? Unless those CIOs are credentialed or experienced security professionals, they do not possess enough security knowledge or expertise to manage security. Most of them are really engaged in empire building, so that they alone control resources for "all things IT". I believe this is how Target was structured when they were breached, and in spite of that incident, continue to be structured in that way; dare I say, "the old fashioned way". IMHO, this shows a lack of vision by sticking to a strategy that is no longer relevant or effective in today's threat landscape. This very topic was discussed in a Dark Reading Radio discussion a short time back and clearly, the participants were mostly against that strategy (I actually do not recall that anyone was for it).
SgS125
SgS125,
User Rank: Ninja
9/10/2014 | 11:31:37 AM
I bet you meant "now"
"For now, it is recommending that customers not confirm that their anti-malware solutions can detect Dyre."

 

I'll bet you meant to say customers should check to see if the malware is caught by their anti-virus solution.  At least that is what the email said to us.

I find it refreshing that Salesforce took the time to contact it's customers even though the attack has nothing to do with their infrastructure.

We need more proactive measures like this to help us combat the ever more co-ordinated attacks we face in todays world.

 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/10/2014 | 11:26:38 AM
Re: More user awareness about phishing and social engineering
Keep fighting the good fight aws0513! I find this one the most remarkable:
  • CIOs that believe they should have administrative rights to all systems under their perview. (This one turned out to be the cause of a major spear phishing compromise I had to help remediate).
aws0513
aws0513,
User Rank: Ninja
9/10/2014 | 10:50:01 AM
Re: More user awareness about phishing and social engineering
End user awareness of risk associated with IT systems is likely the largest weakness in the war against cybercrime.

The following list hopefully illustrates my point.  It is based upon the incidents I have had to remediate within the last 6 months.  Not in any order.
  • Users that click on any url link thrown at them on any web page or email.
  • Users that open attachments because they look interesting (shiny!!).
  • Users that are managers that feel that security funding is optional.
  • Users that are project managers that fail to integrate security into the project plan.
  • Users that believe that hacking only happens to the other guy.
  • Users that use the same password on all their accounts.
  • Users that use "Passw0rd" as their password...  or similar situation.
  • Users that accept a phone call and believe the caller is a technician from vendor X that is calling to help them with a problem they have detected on the users workstation.
  • Users that decide that playing online games at work is ok.
  • Users that feel they need to be able to install any software whenever they feel it is useful or necessary.
  • Users that consider corporate network web filtering a form of "big brother".
  • Users that believe they have a right to listen to music on their office workstation.
  • Users that believe they have a right to have a CD/DVD drive on their workstation.
  • Users that decide to send regulatory data to anyone that emails them for information.
  • Users that feel they need administrative control of the servers they use for work because they are the system owner (not the system administrative role).
  • CIOs that believe they should have administrative rights to all systems under their perview. (This one turned out to be the cause of a major spear phishing compromise I had to help remediate).
  • Users that think vendor platform X is more secure that vendor platform Y because [insert unsubstantiated reason here].
  • Users that believe they know everything about IT security.  (I'm a IT security pro with 15+ years experience and even I cannot honestly make that claim).

I'm sure some of you out there could add a few more items.

I like to joke that end users are my #1 reason for my job security. 
But I am honestly and forever disenchanted by the fact that a large number of end users are just not on the right track when it comes to IT security.  I fully understand there is a lot to know.  Every day I need to review and revisit concepts to make sure I am on top of the latest developments.  But I believe everyone needs to become more cautious and aware of what bad-ness is out there.

With all security, it only takes one weakness to allow for a compromise.

I will keep fighting the good fight, with the simple hope that somewhere I am helping make a difference.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/10/2014 | 8:11:05 AM
More user awareness about phishing and social engineering
Interesting (and not surprising) that experts recommend increased user awareness training about phishing attacks. That conforms to our current poll on social engineering where we ask Dark Reading community members what is the most dangerous social engineering threat to organizations. Results so far: "Employees aren't  aware of it (56% of respondents) and phishing emails (26%). If you haven't yet weighed in on the poll, you can scroll to the right column on your computer screen, or go to http://www.darkreading.com/editorial-poll/hacking-humans/d/d-id/1307012.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-23628
PUBLISHED: 2023-01-28
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the sett...
CVE-2023-23629
PUBLISHED: 2023-01-28
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard...
CVE-2023-23616
PUBLISHED: 2023-01-28
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...
CVE-2023-23617
PUBLISHED: 2023-01-28
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.
CVE-2023-23620
PUBLISHED: 2023-01-28
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable...