Sep 252014
 

As with all recent issues with the bugs going around from the Heartbleed to this current Shellshock bug we are noticing that our environments are not as secure as we have believed them to be.    If you are run a webserver or linux distribution as I am, please update your software.  Ensure that there is an update software policy in place and ensure the updates are performed frequently.  I checked for updates after the initial report, but kept checking back every so many hours to ensure the patch was available and then installed.  Here is more information on this bug

http://krebsonsecurity.com/2014/09/shellshock-bug-spells-trouble-for-web-security/

Here is the CERT website on this current bug on the ShellShock bug

[gview file=”https://isc.sans.edu/presentations/ShellShockV2.pdf”]

Sep 242014
 

Another Breach!  Goodwill this time.  Wow! what a month! It seems no one is immune.  I usually thought hackers stayed away from charitable organizations, but apparently not!  Once again Krebs On Security has the story.

Banks: Card Breach at Goodwill Industries — Krebs on Security.

Breach at Goodwill Vendor Lasted 18 Months — Krebs on Security.

Goodwill Data Breach Linked to Third-Party Vendor – eSecurity Planet.

868,000 Payment Cards, 330 Stores Hit in Goodwill Credit Card Breach.

BackOff Not To Blame For GoodWill Breach

Sep 242014
 

In this day and age everyone seems to be getting hacked.  This month we find out about Home Depot getting hacked.  We first learned about this with Brian Krebs and his KrebsonSecurity blog.  Here is the link to his report.  I currently work in retail and am sad about all of these exploits among all the retails in the last couple of years.  These ranged from Jimmy Johns(Signature Systems), Target, TJX, and others.  These attacks seem to be getting more frequent.

Here is a compendium of some of the posts I have found.  Mainly from Krebs, but there are others.

Data: Nearly All U.S. Home Depot Stores Hit — Krebs on Security.

Banks: Credit Card Breach at Home Depot — Krebs on Security.

Home Depot Hit By Same Malware as Target — Krebs on Security.

Home Depot: 56M Cards Impacted, Malware Contained — Krebs on Security.

In Home Depot Breach, Investigation Focuses on Self-Checkout Lanes — Krebs on Security.

Home Depot Statement

Home Depot Hacked After Months of Security Warnings – Businessweek.

Home Depot Was Hacked by Previously Unseen ‘Mozart’ Malware – WSJ.

Home Depot Data Breach Could Be the Largest Yet – NYTimes.com.

Home Depot Hack Is Letting Criminals Drain Money From People’s Bank Accounts.

Home Depot confirms hack, maybe since April – Sep. 8, 2014.


Visit NBCNews.com for breaking news, world news, and news about the economy

 





Sep 152014
 

Back in April, HeartBleed caused quite a stir.  I came across this newsletter today. I thought this was still relevant information even though it is a bit dated.  Even though most of the websites are fixed, it is nice to see what it is/was and what happened.  Some of the questions that are circulating around can be answered here in Ouch!  Here are a couple more links to help out. People have almost forgotten about this since April. I think we need a status update. 66% of websites used this version when it originally came out and lasted over two years, if the site did not update.

http://heartbleed.com/

https://lastpass.com/heartbleed/

The Heartbleed Hit List: The Passwords You Need to Change Right Now.

[gview file=”http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf” save=”1″]

Sep 012014
 

Happy September!  With the change of the month is a new edition of Ouch!  Ouch! is monthly Security newsletter geared towards computer users. This newsletter is distributed under the Creative License.  I will strive to provide the Ouch! Newsletter here every month.

[gview file=”http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-201409_en.pdf” save=”1″]

WordPress Appliance - Powered by TurnKey Linux