CyberheistNews Vol 2, #6
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
Facebook Malware Scam Of The Week
A "worrying number" of Facebook users are sharing a link to a
malware-laden fake CNN news page reporting the U.S. has attacked Iran
and Saudi Arabia, security firm Sophos said Friday. This is a great
example of employees falling for a social engineering trick. You
could send them an email to warn them against this scam, and prevent
workstations in the office and at the house from getting infected.
More:
http://cwonline.computerworld.com/t/7843830/987374514/550432/0/
Next Version of our Security Awareness Training
We are working hard on releasing the next version of our Security
Awareness Training. The existing version focuses a lot on detecting
phishing emails and not clicking on malicious link, and while the
new version still does that, we are expanding it to more training
on other forms of Social Engineering. To get you world-class quality,
we are working with an authority in the area. We hope to release the new version in the
March/April timeframe.
Quotes of the Week
"Reality isn't the way you wish things to be, nor the way they appear to
be, but the way they actually are. You either acknowledge reality and
use it to your benefit or it will automatically work against you." - Robert Ringer
"Governments tend not to solve problems, only to rearrange them." - Ronald Reagan
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Free Simulated Phishing Attack
Always been curious to find out what percentage of your employees
actually are Phish-prone™?
Did you know that almost half of all network malware infections are
caused by social engineering? Because cyber-attacks are rapidly
getting more sophisticated, the frustration level and risk continues
to mount for IT Administrators.
Take the first step now to improve your organization’s defenses against
cybercrime. Fill out the form, and you will be able to start your Free
Simulated Phishing Attack. That allows you to find out what percentage
of your users is Phish-prone. The number is usually much higher than
you think.
You will get immediate access to start the simulated attack. We call it
the 'Phishing Security Test' (PST). Sign Up For Your FREE Simulated
Phishing Attack Now:
http://www.knowbe4.com/simulated-phishing-attack/
Google Reveals Android Malware 'Bouncer,' Scans All Apps
Google last week unveiled an automated system that scans Android apps
for potential malware or unauthorized behavior, a move critics have
long called the company to make. The scanning service, appropriately
codenamed "Bouncer," has been in action "a number of months," said
Hiroshi Lockheimer, the vice president of engineering for Android,
in an interview Thursday. "The interesting thing is that no one
really noticed. It didn't disrupt the end user's experience [in the
Android Market] or disrupt the developers. They didn't have to think
about it at all." They claim 40% reduction in malicious app downloads
in second half of 2011. More at Computerworld:
http://www.computerworld.com/s/article/9223949/Google_reveals_Android_malware_Bouncer_scans_all_apps?
Verisign Must Reveal More about Breaches
Eric Chabrow at the healthcare infosecurity site makes a very good point.
"Verisign Inc. may have followed the letter of the law when revealing a
series of breaches in an SEC filing. But the company that assures the
flow of a hefty portion of Internet traffic should have been more
forthright to ease the minds of its various constituencies. Verisign's
SEC filing is perplexing in so many ways, and raises additional questions
that the company must answer, as companies that might have used Verisign
authentication wares need to know if they might have been compromised
because it could affect how they comply with regulations." If you are
regulated though HIPAA, PCI, SOX or any other, read this article and
the FAQ below:
http://www.healthcareinfosecurity.com/blogs.php?postID=1186
Here is an FAQ about the Verisign Data Breaches:
http://www.csoonline.com/article/699423/faq-about-the-verisign-data-breaches?
Half Of Fortune 500 Firms Infected With DNS Changer. How 'bout You?
Half of all Fortune 500 companies and major U.S. government agencies own
computers infected with the "DNS Changer" malware that redirects users to
fake websites and puts organizations at risk of data theft, a security
company said today. Good read, with hints, tips and how-to's:
http://cwonline.computerworld.com/t/7840343/987374514/550278/0/
Out-of-date Browsers, A Serious Liability
It's a well known fact that older versions of browsers are a security
accident waiting to happen, but it's interesting to see that large
corporations have a hard time with this. Often, legacy apps require old
browser versions to work, but what is the risk? SecurityFocus did some
research and check out these numbers:
Internet Explorer 6 has 150 Advisories and 473 known Vulnerabilities
Internet Explorer 7 has 50 Advisories and 26 known Vulnerabilities
Internet Explorer 8 has 18 Advisories and 62 known Vulnerabilities
And that is only counting the known holes, add a few more unknown
zero-day vulnerabilities for each of these version. If you have an
environment where all three are running, which is not all that uncommon
in large organizations, and your patching process now and then has
issues and updates are not occurring as they should, (which happens
more than we'd like to admit), there are a potential 561+ opportunities
to infect a system. Standardizing on the most recent version of any
browser and religiously making sure that security patches are correctly
applied is of tremendous importance.
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
The sporty 2012 Volkswagen Beetle inspires Bolt the dog to get in
shape, and an intergalactic superstar makes a surprise appearance:
http://www.flixxy.com/the-dog-strikes-back-2012-volkswagen-super-bowl-ad.htm
Toy-sized quadrotors flying in formation. This is very cool:
http://boingboing.net/2012/02/01/toy-sized-quadrotors-flying-in.html
Geekiest marriage proposals of all time:
http://www.networkworld.com/community/blog/geekiest-marriage-proposals-all-time?
"OK Go" drove down a two-mile stretch lined with 1,000 instruments in a Chevy
Sonic for their latest music video / Super Bowl 2012 ad, which took four months
to prepare and four days to shoot:
http://www.flixxy.com/ok-go-needing-getting-chevy-super-bowl.htm
Sir Elton John and The X Factor winner, Melanie Amaro, face off in a medieval
music showdown:
http://www.flixxy.com/elton-john-melanie-amaro-kings-court-super-bowl.htm
Madonna performs live at Super Bowl XLVI with Nicki Minaj, MIA, LMFAO and
Cee Lo Green:
http://www.flixxy.com/super-bowl-2012-madonna-half-time-show.htm
A compilation of some amazing innovations in the world of furniture::
http://www.flixxy.com/modern-furniture.htm
Coolest car on the block or smartest technology in the galaxy? A curious
group of intergalactic creatures check out the Chevy Volt:
http://www.flixxy.com/aliens-come-on-chevy-volt-super-bowl.htm
A family’s pet wolf takes on an unexpected role: Mama cat.
http://www.flixxy.com/wolf-aka-mama-cat.htm