Comments
72% of Government Agencies Hit with Security Incidents
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/29/2017 | 8:09:23 AM
Re: Endpoint Security
No kidding on this one - right now our malware forensics group is tackling a download campaign, looking for "doc.pdf" openings!!!!!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:47:20 PM
Re: Endpoint Security
"Typically users don't understand the potential ramifications of their downloads." I agree, it comes back to awareness trainings, it should be an ongoing process.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:46:15 PM
Re: Endpoint Security
"opening unknown compromised DOC and PDF attachments " That is really true, why would anybody open a document from an unknown source, that is no upside on it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:44:45 PM
Re: Endpoint Security
" If users could simply understand the DANGER of downloading and installing malicious software" That makes sense. Main problem are the users downloading malware from their emails mainly.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:43:25 PM
Re: Endpoint Security
"include regular User Awareness Training" I would agree, awareness would be the key for it.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
8/28/2017 | 4:42:34 PM
72% of Government Agencies
This number seems so big and surprising. It shows the government is seen as a target for many, mainly other governments I would guess.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
8/25/2017 | 7:02:51 AM
Re: Endpoint Security
That's a great point. Typically users don't understand the potential ramifications of their downloads. Many won't until they have been personally burnt by the stove themselves. Reminds me of a statement my father makes, smart people learn from their mistakes but brilliant people learn from others'. Makes me hopeful that this sentiment could be utilized from a security perspective through user awareness.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
8/24/2017 | 3:05:06 PM
Re: Endpoint Security
Agree totally - you hit the three concentric rings of endpoint.  Training which should be mandatory and updated every six months.  A good security department (few firms have a dedicated one), search engine like Carbon Black and firm rules on user access to data (which prevents that other posted subject - data theft).  If users could simply understand the DANGER of downloading and installing malicious software AND opening unknown compromised DOC and PDF attachments --- JUST THOSE 2 THINGS  --- our security world would be MUCH BETTER off.  
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
8/24/2017 | 7:24:51 AM
Endpoint Security
So action items moving forward need to include regular User Awareness Training, some type of SOC either onsite or third party, a heuristics malware detection engine, and limiting of user access (both administrative and internet based).


What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14072
PUBLISHED: 2018-07-15
libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.
CVE-2018-14073
PUBLISHED: 2018-07-15
libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.
CVE-2018-14068
PUBLISHED: 2018-07-15
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.
CVE-2018-14069
PUBLISHED: 2018-07-15
An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.
CVE-2018-14066
PUBLISHED: 2018-07-15
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo p...