info@qualityplusconsulting.com l +1 262-553-6510

Special note for Ubuntu users

Breakfast Bytes podcasts are streaming MP3. In order for Firefox on Ubuntu to play the streaming MP3, install the GStreamer extra plugins that list MP3 as one of the supported formats. GStreamer can be obtained through the Ubuntu Software Center.

Breakfast Bytes - Virtual Patching

12/1/2018

Virtual Patching

MP3 - Virtual Patching, Telecom Fraud, Running VM Server on NAS

 

 

Virtual Patching

This is an argument for micro-segmentation at the network layer.

I find it incomprehensible that something so effective at mitigating risk, patching, is not being done by companies.

They are obsessed by downtime, but then fail to setup the full type of failover resiliency necessary to still allow patching, maintenance, security, and uptime. You cannot have it both ways.

I recently interacted with a support agent for one of the largest CPA and tax preparation software packages out there.

The tech claimed that none of their other customers ever had a problem directly privilege escalating to administrator privileges without additional steps.

What this basically means is that virtually no organizations are setup correctly. CPAs and tax preparation firms are required to comply with the best practices as established by NIST for the protection of PII and financial information.

Yet, if all the users are browsing the internet and doing their daily work with capabilities of an admin, then one of the most basic and effective risk mitigation systems is not in place. Keep in mind that this also means they have incompetent IT support who allows these organizations to be running in a non-compliant fashion.

This is one of the MANY reasons I recommend never providing anyone a copy of your accounting database whether it be QuickBooks or whatever. You must take responsibility for the security of your data. You are better off having them remote into a system you have secured. Of course this means you have to actually have it secured.

Very few organizations actually do what is required in order to setup secure accounting systems or secure remote access to them.

https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/virtual-patching-patch-those-vulnerabilities-before-they-can-be-exploited

Telecom Fraud / Toll Fraud continues

Very interesting and technically sophisticated article that covers the topic in detail.

https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/toll-fraud-irsf-criminals-monetize-hacked-phones-iot-devices-telecom-fraud

 
 
 
 
 
Linkedin