SecureState: What state are you in?
by

The government has been issuing warnings for a month now, and finally organizations are beginning to listen.

On Friday, The Department of Homeland Security (DHS) published a release encouraging retailers using Point of Sale systems (PoS) to proactively check for malware infections. While always a good practice, recent releases are in response to multiple breaches that occurred last week and throughout 2014. So far, seven PoS providers/vendors have confirmed that clients of their in-store cash register systems are affected. Keep in mind, these are only the companies to have publicly come forward. It is estimated that over 1,000 American businesses have been affected; the number may be higher.

by

As Jason mentioned in his post, last week brought yet more breaches to light in the form of Community Health Systems and now UPS Stores. To be fair, the UPS Stores breach affects a much smaller population, however at potentially 105,000 transactions, it still represents a significant concern. Actually, it’s telling that 105k seems small compared to the other numbers we are used to seeing.

by

All too often I hear the phrase, “compliance does not equal security”.  While this statement is absolutely true, the statement in itself does not provide sufficient context.  Compliance does not equal security, it more closely aligns with baseline governance for a subset of data.  Security is merely a piece of the overall governance puzzle.  Many business executives still see compliance as hindrance to success as opposed to a means to mitigate risk.  Compliance is the beginning of the governance process, not the end.  Concepts for the subset of data required to be protected by Federal mandate or Industry regulation can be applied across systems for an overall mitigation strategy, maturing your holistic security program.  

by

As we mentioned in the introduction to this blog series, SecureState has reviewed years of data in order to develop these attack vector results. By a decisive margin, weak passwords is clearly the leading attack vector. Weak Passwords have plagued organizations from day one; however, the startling trend is not the attack vector itself, but the proliferation of bad habits which have been ingrained into our users over the years.

by

During one of the SANS sessions for the For408 course, a question (challenge) was raised by me if it was possible to prevent Windows from logging key user-artifacts.  Many user-artifacts, such as thumbnail views, Internet history, recent file opened, etc., are written to disk in defined areas.  Our test was to attempt to lock down these areas to prevent user-action artifacts from being written and ultimately not being seen by an investigator. 

by

Like most areas of study, there are certain analogies that we learn as students that stick with us for the rest of our careers. In medical school, you might learn to associate the circulatory system with a tree and its branches, likewise a chemist might be taught to think about atoms as building blocks. No wonder, then, that the concept of an information security “kill chain” has so disrupted the way that we look at our own field. This concept, introduced by Lockheed Martin’s Mike Cloppert in 2009 and then formalized in 2011 as the Cyber Kill Chain® is quickly replacing the traditional “onion” mentality of how we defend our networks.

by

dr-evilAccording to a recent article in the New York Times, the security firm Hold Security announced that a Russian gang compromised over a billion username and password combinations and more than 500 million email addresses. This mass amount of data was also apparently verified by independent security researchers according to the New York Times article. The data was apparently gathered from a large botnet controlled by this Russian group, which exploited SQL Injection vulnerabilities in web applications found by the botnet. Ironically, SQL Injection is on the list of SecureState’s Top 5 Attack Vectors Report, which was just released a few weeks ago. SecureState highly recommends you download and review this report to find out more details on why this is such a popular attack vector to exploit.

by

Nearly two months ago, security blogger Brian Krebs broke the news about a credit card data breach at the chain restaurant P.F. Chang’s. This week the company’s CEO has posted an update regarding the compromise along with a list of Frequently Asked Questions.

by

Every year, SecureState performs hundreds of penetration tests, providing our clients with critical insight into their respective security postures and exposure to risk.  Over the last few years, our Attack & Defense Team has witnessed an increasing number of compromises resulting from a common set of attack vectors.  A thorough analysis of this collected data has yielded SecureState’s Top 5 Attack Vectors list:

- Weak Passwords

- Web Management Console

- SQL Injection (SQLi)

- Missing Patches / Updated

- Other – [Social Engineering (Phishing), System Misconfiguration, Ect.]

by

Operation efficiency is a key component for companies to be competitive in today’s business climate. Customers expect instant access to information, quick service, superior quality product and much more. If you have not mastered operation efficiency, you most likely are not meeting your customers’ expectations and risk losing market share to your competition and eventually going out of business.

Operation efficiency isn’t just about reducing costs. Companies who focus on cutting costs to improve operation efficiency usually end up under performing their competition. They are too concerned with cost reduction and lose sight of adding real business value to the customer, which in return improves customer satisfaction, recurring revenue, increased market share and dramatic business growth.