Uncategorized Archives - Page 50 of 51

Rombertik malware destroys MBR

Cisco researchers have discovered that the malware named Rombertik, when detected by anti malware systems, attempts to destroy the Master Boot Record (MBR) of the computer it is on. This malware is introduced into systems by phishing emails, where links in the email are clicked on and the malware is downloaded in the background. SC Magazine reported this on May 5, 2015, stating that Rombertik goes to extreme measures to avoid detection and causes harm to infected systems.

“This is the perfect example where layered defense makes a lot of sense,” said Craig Williams, technical leader, Cisco Talos, in an interview with SCMagazine.com.

Layered systems combined with end user awareness is the only defense here. End users are always the targets, and need the highest level of awareness to avoid infection.

Operation Choke Point

After the United States Supreme Court ruled that the 4th Amendment right to keep and bear arms was an individual right, the United States government needed a new way to keep the people from possessing firearms and ammunition. Enter Operation Choke Point.

This is an initiative aimed at the federal banking regulators to prohibit banks from opening accounts, doing business or allowing firearms and ammunition dealers, legitimate businesses in this country, to do credit card transactions.

Much in the same way that the federal government used the IRS to target conservative political groups and deny them non-profit status, the government is maaking it impossible for citizens to purchase firearms. It’s not illegal to own firearms or ammunition, but you can’t buy them. Remember, gun control isn’t about guns, it’s about control.

Complexity

NIST Special Publication 800-161 is out. Complexity of IT Systems decreases your visibility into and understanding of those systems. SR3 helps improve your visibility and understanding of complex IT Systems.

Moving to the Cloud

Does it make sense for Financial Institutions to consider moves to the cloud? Services such as email and file servers in the cloud provide greater resiliency for FI’s in the event of disasters. The opposite side of that coin is the trustworthiness of Technology Service Providers (TSP’s). Reciprocal right to audit is an exceptionally sticky point, and the FFIEC guidelines need to provide clearer guidance as to what constitutes the reciprocal right to audit.

From a financial point of view, outsourcing IT functions makes sense. but from an audit point of view, TSP’s can’t provide enough assurance that services are secure enough to ensure safety. Maybe in the future.

NSA Spying

Cisco is reportedly shipping equipment to fake addresses in order to avoid the NSA injecting spying equipment into Cisco devices. The Constitution apparently means nothing to these rogues. Read Bruce Schneier’s chilling article on the United States government trampling our rights:

https://www.schneier.com/blog/archives/2015/03/cisco_shipping_.html