Archive for February 26th, 2016

Microsoft Cloud – New Security tools emerging in 2016

As cloud based storage and application hosting are strategic for the future, improved security tools will be rolled out in 2016 to facilitate management and protection for these critical resources.

http://www.pcworld.com/article/3038043/microsoft-adds-new-security-enhancements-to-its-cloud-offerings.html

http://www.csoonline.com/article/3005736/data-protection/microsoft-touts-new-holistic-approach-to-enterprise-security.html

Microsoft is adding a range of new security management and reporting features to its Office 365 and Azure cloud services as part of the company’s holistic approach to enterprise security announced last year.   In April, the company will release a new product called Microsoft Cloud App Security that will allow customers to gain better visibility, control and security for data hosted in cloud apps like Office 365, Box, SalesForce, ServiceNow and Ariba. The new product is based on technology from Adallom, a cloud access security broker Microsoft acquired in September.

Office 365 will also get some new security management capabilities that will be integrated with Microsoft Cloud App Security. These include security alerts that notify administrators of suspicious activity in the service; cloud app discovery that lets IT departments know the cloud services Office 365 users are connecting to; and app permissions, allowing administrators to revoke or approve third-party services that users can connect to Office 365.

Early in the second quarter, Microsoft plans to roll out Customer Lockbox for SharePoint Online and OneDrive, which will improve the customer approval process and will provide more transparency in situations when Microsoft engineers need to access Office 365 accounts and data to troubleshoot problems. Customer Lockbox is already available for Exchange Online.

The Azure Security Center received additional security management and reporting options. Customers can now configure security policies for resource groups instead for an entire subscription base. This allows them to set different policies for different types of workloads. Microsoft has added a new Power BI Dashboard to allow customers to better visualize, analyze and filter security alerts from any of their systems and devices in order to discover possible attack patterns and trends.

Malware – Fake Zika Virus news alerts spammed in Brazil

Symantec shares a security alert on a massive spam campaign in Brazil that centers around the Zika virus concerns.  Malware authors often sensationalize around major news events as bait to infect home or corporate users. Users should always go to mainstream news sites to verify these claims, rather than clicking on a potentially malicious link.

http://www.symantec.com/connect/blogs/zika-virus-outbreak-concerns-used-spread-malware

On February 1, 2016, the World Health Organization (WHO) declared a Public Health Emergency of International Concern (PHEIC) in response to the outbreak of the Zika virus and its associated birth defects in the Americas. Since this declaration, Symantec Security Response has observed a malicious spam campaign seeking to capitalize on the global interest in what the director of the WHO calls an “extraordinary event.”

Brazil: Curious health advice on Zika virus — The country most notably affected by cases involving the Zika virus is Brazil, so it comes as no surprise that one of the first cases involving Zika-related malicious spam would focus on Brazilian citizens. 

The malicious spam email claims to be from Saúde Curiosa (Curious Health), a health and wellness website in Brazil. The subject of the email says, “ZIKA VIRUS! ISSO MESMO, MATANDO COM ÁGUA!” which translates to: “Zika Virus! That’s Right, killing it with water!” The email itself uses imagery and text taken from a real article on Saúde Curiosa, but includes buttons and attachments to try to capture the recipient’s attention, such as “Eliminating Mosquito! Click Here!” and “Instructions To Follow! Download!” as well as a file attachment.

The links behind these buttons lead to the URL shortening service Bitly, which redirects to the file hosting service Dropbox. Symantec products detect both the file hosted on Dropbox and the file attached to the email as JS.Downloader. Once a user is infected with JS.Downloader, it will attempt to download additional malware onto the compromised computer.

Leadership – Ask probing questions to learn from others

John Maxwell’s leadership blog shares excellent advice on preparing good probing questions in advance. This is beneficial when interviewing users, executives, or others involved in IT or business projects. 

http://www.johnmaxwell.com/blog/my-favorite-questions-to-ask-to-engage-others-and-learn-from-them

Whenever I am preparing for a meeting with someone, I spend time determining what questions I want to ask. I do this because I want to make the most of the time I have, but I also do it to engage with the other person. I want people to know that I value them, and that, if possible, I want to add value to them. To do that, I believe I must get to know them. That requires that I ask questions, they talk, and I listen. And if I hope to receive value from people, again I need to ask questions and listen. You can’t do these things unless you get to know people.

But there are some questions I try to ask everyone. You may want to use them too:

1. What is the greatest lesson you have learned? — By asking this question I seek their wisdom.

2. What are you learning now? — This question allows me to benefit from their passion.

3. How has failure shaped your life? — This question gives insight into their attitude.

4. Who do you know whom I should know? — This allows me to engage with their network.

5. What have you read that I should read? — This question directs my personal growth.

6. What have you done that I should do? — This helps me seek new experiences.

7. How can I add value to you? — This shows my gratitude and desire to add value to them.

Network Vulnerability Analysis – Linux and Unix audit tools

All computers and applicable devices in a corporate environment should be periodically checked using the security audit process and applicable tools.  Some good resources are shared below to facilitate these needs for Linux and UNIX operating systems.

https://isc.sans.edu/forums/diary/Quick+Audit+of+NIX+Systems/20771/

https://blog.sucuri.net/2016/02/investigating-a-compromised-server-with-rootcheck.html

If you think that only computers running Microsoft Windows are targeted by attackers, you’re wrong! UNIX (used here as a generic term, not focusing on a specific distribution or brand) is a key operating system on the Internet. Many websites and other public services are relying on it (Netcraft is compiling interesting stats on this topic). UNIX web servers are constantly visited by bots which are looking for vulnerabilities. When new ones are discovered, it never takes a long time to see new scanners crawling the net.

Therefore it is mandatory to keep an eye on your servers by using proactive and reactive controls. Besides the classic monitoring of log files, reactive security controls may include a deeper check at the operating system level to look for suspicious activity like processes, files, … On the proactive side, misconfigurations must also be tracked.   A few days ago, Daniel Cid published an interesting article about the tool “rootcheck”. It is a component of the well known OSSEC suite but a stand alone version exists. To use it, just follow those simple steps …

Microsoft – Security improvements for Health care records

Microsoft is highlighting the need for improved protection of patient health care records and will be providing assistance in the coming months.

http://www.eweek.com/security/microsoft-calls-for-health-care-security-intervention.html

After a seemingly nonstop series of breaches affecting health care organizations, the software giant announces plans to engage with IT security professionals in the industry.   Overflowing with sensitive personal data and payment information, health care systems are a prime target for hackers.

In October, Accenture estimated that over five years, cyber-attacks will cost U.S. health systems $305 billion in cumulative lifetime revenue. One in 13 patients can expect to have their personal information stolen, including financial details or Social Security numbers, during that time.  Early last year, health insurance provider Anthem reported a data breach affecting 80 million users. Around the same time, fellow health insurer Premera disclosed a breach affecting up to 11 million people.

Faced with these risks, Leslie Sistla, chief information security officer of Microsoft Worldwide Health, is calling for “security intervention in health care.” One industry’s approach to data security can fall short in another industry, particularly health care, where personal, health and financial information often intersect. “The natural tension between safeguarding data and giving clinicians quick access to patient records, often in life-or-death situations, means the practices that serve other industries can’t just be mimicked in a healthcare setting,” said Sistla in a Feb. 24 advisory announcing a new outreach effort by her company.

In addition to new investments in security research and development, Microsoft intends to provide health care IT professionals with strategies and guidance with a new blog series. “In future posts, we’ll look at how to mobilize entire organizations, from the C-suite to the clinic, to support a shared culture of cybersecurity,” she pledged.  The company will be also sharing its findings, including “some surprising gaps in the kinds of data protected under HIPAA [Health Insurance Portability and Accountability Act],” along with recommendations on balancing security with the data accessibility demands of running a health care organization.