Tuesday, May 26, 2015

Advice for Leaving Voice Mails That Result In Return Phone Calls



I try very hard to return phone calls to anyone who is kind enough to leave a voice mail for me.  This is a challenging commitment to live up to but returning calls is one way I can show those who call me that they are important.  However, there is rarely a week that goes by without someone leaving a voice mail that cannot be understood.

From what we can tell, nearly every message that is left on our voice mail system that cannot be understood is left by someone who is on a mobile phone while in transit. 

Here are a few practical ideas for leaving more effective voice mails


Phone Signal

If you’re leaving a voice mail while on your mobile phone, be sure that you have a strong phone signal before dialing.  Stay in one place if at all possible while leaving your message as mobile phone signal strength comes and goes.

Spell Your Name

If your name is not known to the recipient of your message and/or it is the least bit unusual, you might consider spelling your first and last name in your voice mail.  Doing so is tremendously helpful to someone like me when I want to look you up on LinkedIn before calling you back so I know something about the person I’m returning a call to.

Repeat Your Phone Number

Consider leaving your phone number at the beginning and at the end of your message.  If the beginning of your message is clear but the end is not, you’ve given the recipient of your message two opportunities to capture your return phone number.

Slow Down

When you spell your name, leave a phone number and/or leave an email address in your voice mail, it is a good idea to slow down your speech pattern. 

Not everyone is going to be concerned about returning your phone call. However, if you invest time and energy to call me, I want to call you back.  Please make it both easy and possible for me to call you back.


Sunday, May 24, 2015

Cyber Security Vulnerability and Patch Report for the Week of May 24, 2015



Cyber Security Vulnerability and Patch Report

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Important Security Updates
Apple Watch OS: Apple has released OS1.0.1 for its Apple Watch. Updates are available from the iPhone; open the Watch app and tap through My Watch > General > Software Update or from Apple’s website.
AVG Free Edition: AVG has released version 2015.0.5961 of its 64 and 32 bit Free Edition. Updates are available on AVG’s website.
Google Chrome: Google has released Google Chrome version 43.0.2357.65. Updates are available from within the browser or from Google Chrome’s website.
LastPass for Windows: LastPass has released version 3.1.95 of LastPass for Windows. Updates are available from the LastPass website.
Opera: Opera has released version 29.0.1795.60. Updates are available from within the browser or from Opera’s website.
Skype: Skype has released Skype 7.5.0.101. Updates are available from the program or Skype’s website.

Current Software Versions

Adobe Flash  17.0.0.188 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash  17.0.0.188 [Windows 8: IE]
Adobe Flash  17.0.0.188 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.007.20033
Dropbox 3.4.6 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 38.0.1
Google Chrome 43.0.2357.65
Internet Explorer 11.0.9600.17728
Java SE 8 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.76.80.95
Safari 5.1.7 
Safari 7.1.6 [Mac OS X]
Skype 7.5.0.101

Newly Announced Unpatched Vulnerabilities

None
For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates and partial fixes for its Unified Intelligence Center, Adaptive Security Appliance (ASA), Hosted Collaboration Solution (HCS), Unified Customer Voice Portal (CVP), and others. Apply updates.
 If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.
The post Weekend Vulnerability and Patch Report, May 24, 2015 appeared first on Citadel Information Group.

Jeff Snyder’s, SecurityRecruiter.comSecurity Recruiter Blog, 719.686.8810

Cyber Security News and Education for the Week of May 24, 2015


 

CYBER SECURITY NEWS

OF THE WEEK

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


ISSA-LA 7th Annual Information Security Summit

ISSA-LA Seventh Annual Information Security Summit at the Los Angeles Convention Center.
The Summit on June 4, 2015.
  • Keynotes from Bruce Schneier and Dave Kennedy
  • Summit Tracks include Security Management. AppSec. Digital Forensics. Emerging Issues and Technology.
  • Special Forums: The Executive Forum for Board, C-Suite and Trusted Advisors. Healthcare Privacy and Security Forum. CISO Executive Forum.
Summit Training on June 5, 2015.
  • IT Security Management Bootcamp for IT Professionals with Ed Pagett and Mikhael Felker
  • Secure Coding Boot Camp with Jim Manico
  • Build Your Own Cyber Range with Kevin Cardwell

Cyber Crime

Cybercrime Cost Americans more than $800,000,000 Last Year:The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) tallied 269,422 complaints in 2014, totaling $800,492,073 in losses, according to a new report. The center has received 3,175,611 complaints since its establishment in May 2000. Newsweek, May 21, 2015

Cyber Attack

St. Louis Federal Reserve Suffers DNS Breach: The St. Louis Federal Reserve today sent a message to those it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office. Krebs On Security, May 18, 2015

Identity Theft

Carefirst Blue Cross Breach Hits 1.1M: CareFirst BlueCross BlueShield on Wednesday said it had been hit with a data breach that compromised the personal information on approximately 1.1 million customers. There are indications that the same attack methods may have been used in this intrusion as with breaches at Anthem and Premera, incidents that collectively involved data on more than 90 million Americans. Krebs On Security, May 21, 2015

Cyber Privacy

mSpy Denies Breach, Even as Customers Confirm It: Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers. Krebs On Security, May 20, 2015
Dating site hackers expose details of millions of users: Personal information relating to almost four million users of a worldwide online dating website has been leaked by hackers, according to Channel 4 News. Details of users’ sexual preferences – including whether they are gay or straight, and whether they are seeking extramarital affairs – has been compromised, along with email addresses, usernames, dates of birth, postcodes and the unique internet addresses of users’ computers. The Guardian, May 21, 2015
Tech Giants Urge Obama to Reject Policies That Weaken Encryption: SAN FRANCISCO — A collection of tech industry giants like Facebook, Google, Apple and Microsoft, as well as civil liberties organizations and Internet security experts, sent a letter to President Obama on Tuesday warning of the unintended consequences of any policy meant to weaken the encryption technologies that protect Internet communications. New York Times, May 19, 2015
Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked: mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.” Krebs On Security, May 14, 2015

Cyber Threats and Warnings

New Logjam Attack on Diffie-Hellman Threatens Security of Browsers, VPNs: Researchers have uncovered a flaw in the way that some servers handle the Diffie-Hellman key exchange, a bug that’s somewhat similar to the FREAK attack and threatens the security of many Web and mail servers. The bug affects all of the major browsers and any server that supports export-grade 512-bit Diffie-Hellman cryptography. Threat Post, May 20, 2015
Fake PayPal payment reversal notification leads to phishing: PayPal phishing attempts take many forms, and one of the most often used techniques is fake emails containing a warning and a prompt to act quickly. Help Net Security, May 19, 2015
“Failure in Parcel Delivery” Fake Email Drops Malware on USPS Customers’ PC: Please note that the email that appears to be sent by USPS informing that due to incorrect address the firm has failed to deliver a parcel to the recipient is actually a malicious message. If you click on the “Shipping Label” web link present in that email, it will instantly download and install a malware on your PC. HackRead, May 19, 2015

Cyber Security Management

Hiring contractors? 5 areas to check information security practices: Do you know how well your vendors, business associates and contracted third parties (who I will collectively call “contractors”) are protecting the information with which you’ve entrusted them to perform some sort of business activity? You need to know. Dell Power More, May 20, 2015
GCs’ Ability to Mitigate Cybersecurity Risks Remains Top Concern: Managing cybersecurity remains the biggest challenge for most general counsel, according to a new report. It surveyed 200 CEOs, board chairs and directors of NYSE-listed companies who consistently pointed to cybersecurity as the area where general counsel and law departments most need to improve. “Directors believe general counsel would most benefit from additional expertise in the areas of cybersecurity, social media, and crisis management,” the report found. Bloomberg BNA, May 19, 2015
HITS Panel Talks Sony Hack, Cyber Security (CDSA): CENTURY CITY, Calif. — When Sony Pictures was hit with one of the worst cyber attacks in Hollywood history in late November, hackers stole mountains of employee data, leaked high-quality versions of five Sony Pictures films and threatening violence if the studio allowed the comedy “The Interview” to be released as scheduled Christmas Day.It also put the rest of the industry on notice, and had them asking the question: could it happen to us too? [Dr. Stahl moderated this panel.] Content Delivery & Security Association, May 18, 2015
SANS Survey- Organizations Vulnerable to Exposure Through Unmanaged Mobile Workspaces: Last week, a study conducted by SANS and sponsored by IronKey was released. The study surveyed 330 IT and security professionals, and was conducted between January 2015 and April 2015. “The goal of the survey was to better understand the challenges of securing today’s mobile workforce and managing mobile workspaces,” the press release stated. Surf Watch, May 18, 2015
Taking A Security Program From Zero To Hero: Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organization’s security capabilities. Here are six steps to get you started. Dark Reading, May 13, 2015

Cyber Security Management – Cyber Defense

Five precautions for avoiding malware when you download and install software: Roger Mccullough downloaded three separate programs, and Panda Anti-virus Pro found malware in all of them.Downloading a program—especially one from an obscure publisher without a positive reputation—is something of a leap of faith. It’s a bit like letting a total stranger into your home.But if you follow these five steps, you should be okay. PC World, May 21, 2015
How to prevent mobile malware in 3 easy steps: Looking only at the data provided by security firms, the world appears on the verge of a mobile malware apocalypse.The number of samples—which represent unique, but mostly automatically generated variants of malicious programs—exceeded 5 million in the third quarter of 2014, according to security firm McAfee. Using a different counting method, security firm Symantec classified a similar magnitude—1 million of the 6.3 million mobile apps it discovered—as malware in 2014. PC World, May 20, 2015

Securing the Village

Should hackers be tolerated to test public systems?: The purported veering of a jetliner caused by an onboard hacker points up a larger problem, experts say – airlines and other providers of services may be blind to the value such security researchers can offer in the name of public safety. While it’s far from clear that security researcher Chris Roberts actually did commandeer the avionics system of an airplane and force it to steer to one side, the story is prompting other security experts to call for better cooperation between white-hat hackers and industries whose infrastructures they probe. Network World, May 19, 2015
IACP Launches the Law Enforcement Cyber Center: Alexandria, VA – On May 18, 2015, the International Association of Chiefs of Police (IACP) officially launched the Law Enforcement Cyber Center — www.iacpcybercenter.org — at the 39th Annual Law Enforcement Information Management (LEIM) Conference in San Diego, California. Cyber crime is a global threat to the economic and physical security of all nations. Law enforcement organizations must be prepared to recognize and investigate these crimes. “Combating cyber crime is one of my top priorities as President, and I am proud that the launch of this Center is happening during my term,” said Chief Richard Beary, University of Central Florida, Orlando, Florida and IACP President. International Association of Chiefs of Police, May 18, 2015
ISSA-LA to hold premier Los Angeles information security event – Help Net Security: ISSA’s Seventh Annual Information Security Summit offers educational sessions presented by a world-class line up of keynote and featured presenters. This year’s Summit and training classes, which will take place June 4-5, 2015 at the Los Angeles Convention Center, will feature cutting-edge sessions, a wide variety of tracks, and more. Attendees will be provided with the opportunity to engage in thought provoking discussions, hear from industry leaders, have peer-to-peer conversations and network with some of the most interesting and influential people in the industry. Help Net Security, May 18, 2015
ISSA-LA Welcomes CEOWORLD as Media Diamond Sponsor of 7th Annual Information Security Summit: LOS ANGELES, CA–(Marketwired – May 14, 2015) – The Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) is pleased to announce CEOWORLD Magazine as Media Diamond Sponsor of the Seventh Annual Information Security Summit on June 4 – 5, 2015 at the Los Angeles Convention Center. The Summit theme, The Growing Cyber Threat: Protect Your Business, reflects the reality that cybercrime impacts the financial health of all our organizations: businesses, government agencies, healthcare, schools, nonprofits, and others. CEOWORLD Magazine, May 14, 2015

National Cyber Security

New NSA documents reveal plans to deliver malware through the Google Play store: The NSA developed a plan to deliver malware through Google and Samsung app stores, according to newly published documents obtained by Edward Snowden and published by The Intercept. The documents details a program called IRRITANT HORN, which delivers malware by intercepting web traffic to and from mobile application servers. One slide details Samsung’s update protocol, while another pinpoints the Google Play servers in France, used to deliver updates to phones throughout northern Africa. The Verge, May 21, 2015

Cyber Misc

Security Firm Redefines APT: African Phishing Threat: A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites. Krebs On Security, May 20, 2015
House Oversight Committee releases report on cybersecurity firm Tiversa: The Illinois-based nonprofit HIV/AIDS clinic Open Door Clinic has been around since 1977, but the last few years have been pretty rough. In 2008, the clinic received a call from a cybersecurity firm called Tiversa informing Open Door that some of its files had been leaked online. Business Insider, May 19, 2015
United Airlines Will Reward Hackers With Up To A Million Frequent Flyer Miles: You don’t have to be a frequent flier to become a million-miler these days, at least on United Airlines.The aviation giant announced a new “bug bounty program” that will reward hackers who find vulnerabilities in its system. Depending on the severity, tech-savvy bounty hunters will be rewarded with 50,000, 250,000 or 1 million MileagePlus reward miles. Huffington Post, May 16, 2015

Tuesday, May 19, 2015

Security Jobs: Network Security Architect, Phoenix, AZ, Relocation Paid



Network Security Architect
Heavy Cisco Skills

Location: Phoenix, AZ
Compensation: $115,000 - $120,000+, Strong Bonus
Relocation: Yes
Education: BA/BS
Certification: CISSP, MCSE, MCSA, CCSP…CCIE and/or other Cisco Certifications Highly Desired

  
SecurityRecruiter.com has been engaged by a global Fortune 150 client where we have placed the Chief Information Security Officer and most of the information security team. This role reports to a highly accomplished information security leader who possesses significant managerial talent and sincerely enjoys helping deeply skilled technology professionals to advance in their careers. If you’ve always wanted to work for someone who cares about your success and your career development, this hiring manager is one of my favorite clients.

This is a ground-floor opportunity in that some foundational network security architecture is in place but 50% or more of your job description for the future is yet to be defined and will evolve depending on what cyber security threats and security vulnerabilities might arise in the future. You’ll work very closely with the network infrastructure / network architecture team to create the architecture around complex global architecture solutions.

In this role you will play a significant role in analyzing new technologies and recommending upgrades and changes based on your assessment of the organization’s future network security architecture needs.

This environment is heavily invested in Cisco technologies. If securing a Cisco dominated global network environment is your passion, this company needs you.

Responsibilities:

  • Design system level solutions and create implementation plans and support models for technology related to network security architecture.
  • Create both short-term and long-term enterprise network security technology road maps based on strategic requirements, enterprise technology requirements and business needs.
  • Define and review reports to ensure that all network security services are successfully delivered. Proactively step in to correct problems when they are encountered. Use metrics to improve processes.
  • Work with other information security teams and with outsourcing providers to ensure that technology solutions are properly managed and performed.
  • Ensure a thorough analysis of service results and respond to any escalated service delivery issues.
  • Assess the organization’s future technology needs. Set direction and lead improvements of techniques, methodologies and deliverables.
  • Occasional travel could be required in this role but not heavy ongoing travel.

Requires:

  • A BA/BS degree at this level is absolutely required.
  • 8+ years of experience in information technology is required where at least 5+ years of the 8+ years has been invested into network security systems technologies.
  • A mix of certifications such as: CISSP, MCSE, MCSA, CCSP and/or other vendor specific certifications around networking and network security.
  • Demonstrate significant experience with security architecture related to protocols to include SNMP, SOA, Web Services, etc.
  • Demonstrate experience with threat modeling, penetration testing, vulnerability assessment, network security and server security, firewalls, VPN, Anti-Virus, Patch Management, etc.
  • Demonstrate experience with Common Criteria, FIPS, etc.
  • Our client is an equal opportunity employer and does not discriminate.


Monday, May 18, 2015

Security Jobs: Application Security Architect, Phoenix, AZ, Relocation Paid




Application Security Architect

Location: AZ-Phoenix 
Compensation: $100,000 - $120,000+ Base Range, Strong Bonus 
Relocation: Yes 
Education: BA/BS, Masters Preferred 

SecurityRecruiter.com has been engaged by a global client where we've placed the CISO and most of the information security team to find an Application Security Architect.  This role requires a security architect who can design end-to-end solutions around applications.

In this role, you will consult with IT on the acquisition and implementation of vendor applications such as SAP.  You will assist the custom development team with building security into the software development life cycle.  You will perform light penetration testing, assisting the application development team with code analysis and you will collaborate with the internal audit team.  

The security professional who assumes this role will: 


  • Evaluate security technologies to recommend upgrades to the organization’s security needs. 
  • Assess the organization’s technology needs. Set direction and lead improvement of techniques, methodologies and deliverables. 
  • Create solutions and support models for technology encompassing multiple platforms.
  • Create short-term and long-term enterprise system technology road maps based on organizational strategic requirements and business needs. 
  • Use metrics to improve processes. Define and review reports to ensure all services are delivered successfully. 
  • Work closely with information systems teams and outsourcing partners to ensure that technology solutions are effectively delivered. 
  • Ensure a thorough analysis of service results and respond to any escalated service delivery issues. 

Requires: 


  • A BA/BS in Computer Science, Information Systems or related field is required.
  • 8 or more years of experience in information technology with at least 5 years of experience working with information security systems technologies that includes application security.
  • A background in application development / software development preferred.
  • Experience with secure coding / secure software development / application security practices.
  • Skills to include Fortify, Web Inspect, AppScan, Metasploit, nmap, etc. appreciated.
  • Demonstrated understanding of infrastructure design and support concepts. 
  • Demonstrated experience with information security architecture protocols to include Web Services, SOA, HTTP(s), SNMP, etc. 
  • Experience with Microsoft .NET is strongly preferred. 
  • Information security certifications such as: CISSP, MCSE, CSSLP, GSSP-.NET preferred.
  • Experience with threat modeling, vulnerability assessments, network and server security, firewalls, VPN, Anti-Virus, PIM, SIEM, DLP, IAM, IRM, Security Analytics, Patch Management, etc. 
  • Experience with FIPS, Common Criteria, etc preferred.



Cybersecurity Vulnerability and Patch Report for the Week of May 17, 2015

 

CYBER SECURITY Vulnerability and Patch Report

 

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Vulnerability and Patch Report, May 17, 2015

Important Security Updates

Adobe Flash Player: Adobe has released version 17.0.0.188 to fix at least 18 vulnerabilities. Updates are available from Adobe’s website. Updates are also available for Adobe AIR and Acrobat.
Google Chrome: Google has released Google Chrome version 42.0.2311.152. Updates are available from within the browser or from Google Chrome’s website.
Microsoft Patch Tuesday: Microsoft’s Patch Tuesday released 11 updates to address at least 24 vulnerabilities, some of which are highly critical within Windows operating systems, Internet Explorer, Office, and other Microsoft products.
Mozilla Firefox: Mozilla has released version 38.0.1. Updates are available within the browser or from Mozilla’s website.

Current Software Versions

Adobe Flash  17.0.0.188 [Windows 7: IE, Firefox, Mozilla]
Adobe Flash  17.0.0.188 [Windows 8: IE]
Adobe Flash  17.0.0.188 [Macintosh OS X: Firefox, Opera, Safari]
Adobe Reader DC 2015.007.20033
Dropbox 3.4.6 [Citadel warns against relying on Dropbox security. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the Dropbox password be at least 15 characters long and different from other passwords.]
Firefox 38.0.1
Google Chrome 42.0.2311.152
Internet Explorer 11.0.9600.17728
Java SE 8 Update 45 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
QuickTime 7.76.80.95
Safari 5.1.7 
Safari 7.1.6 [Mac OS X]
Skype 7.4.0.102

Newly Announced Unpatched Vulnerabilities

None
For an updated list of previously announced Unpatched Vulnerabilities, please see the resources section of Citadel’s website.

For Your IT Department

Cisco Multiple Products: Secunia reports Cisco has released updates and partial fixes for its MediaSense, Email Security Appliance, IOS Voice Gateway, TelePresence, Wireless LAN Controller (WLC), Secure ACS, WebEx, Cisco Security Manager (CSM), Unified Communications Manager, and others. Apply updates.
 If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2015 Citadel Information Group. All rights reserved.
.


SecurityRecruiter.com's Security Recruiter Blog