1. Lenovo was a victim of a cyber attack on the heels of the Superfish debacle 2 weeks ago. (Reference)
The attacker used DNS poisoning to change MX records and intercept mail flow.
Lenovo responded to say they are “actively reviewing our network security…”.
Upshot: Auditing third-party vendors before signing contracts and on an annual basis will minimize risk.
2. Researchers found a dozen other apps that pose the same security threats as Superfish. These use SSL-breaking code from the company “Komodia“. (Reference)
The related code library and certificates from Komodia in additional software packages.
Security researchers say Komodia made security errors in their implementation. For example, used simple passwords and allowed self-signed certificates to be trusted without warnings.
Upshot: Check your computer’s “Trusted Root Certificate Authorities” store for certificates from Komodia and remove them. Stay tuned for a response from AV vendors. Watch Steve Gibson’s 22-minute snippet from his podcast, Security Now, to learn more.
3. Target’s latest earnings reports shows it had $191 Million in expenses related to their Q4 2013 breach. (Reference)
In April 2014, Target planned to invest $100 Million to update their technology after the breach occurred. (Timeline)
One of the keys to this breach was Target not changing their IDS to blocking mode (IPS). Also, key security alerts were sent from the IDS, but were not acted upon by its security staff.
Upshot: Budget planning is important to avoid delaying critical technology investments. Enabling an Intrusion Protection System (IPS), also a modern security best practice.
Author: Todd Bey
Equilibrium IT Solutions, Inc.