EQ Security News Weekly - 4

EQ Security News Weekly - 4 | Chicago IT | Equilibrium IT | EQInc.comBelow is a summary of the previous week's security news which is most relevant to CIOs.






1. Lenovo was a victim of a cyber attack on the heels of the Superfish debacle 2 weeks ago. (Reference)
The attacker used DNS poisoning to change MX records and intercept mail flow.
Lenovo responded to say they are “actively reviewing our network security…”.
Upshot: Auditing third-party vendors before signing contracts and on an annual basis will minimize risk.

2. Researchers found a dozen other apps that pose the same security threats as Superfish. These use SSL-breaking code from the company “Komodia“. (Reference)
The related code library and certificates from Komodia in additional software packages.
Security researchers say Komodia made security errors in their implementation. For example, used simple passwords and allowed self-signed certificates to be trusted without warnings.
Upshot: Check your computer’s “Trusted Root Certificate Authorities” store for certificates from Komodia and remove them. Stay tuned for a response from AV vendors. Watch Steve Gibson’s 22-minute snippet from his podcast, Security Now, to learn more.

3. Target’s latest earnings reports shows it had $191 Million in expenses related to their Q4 2013 breach. (Reference)
In April 2014, Target planned to invest $100 Million to update their technology after the breach occurred. (Timeline)
One of the keys to this breach was Target not changing their IDS to blocking mode (IPS). Also, key security alerts were sent from the IDS, but were not acted upon by its security staff.
Upshot: Budget planning is important to avoid delaying critical technology investments. Enabling an Intrusion Protection System (IPS), also a modern security best practice. 

Author: Todd Bey

Equilibrium IT Solutions, Inc.
Chicago, IL
Security Practice

Follow EQ:

EQ Linked-In | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Facebook | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Google+ | Security | Chicago IT | Equilibrium IT | EQInc.com  EQ Twitter | Security | Chicago IT | Equilibrium IT | EQInc.com


Questions?  Call us today in Chicago at 773-205-0200 | Email us at  | Request a FREE Consultation


Contact Us

Call today! 773.205.0200 or use the form below.