Information Security Newsletter
December 2015
The New Information Security Newsletter
Welcome to the first monthly newsletter from Information Security! You have been auto-enrolled in the security-bulletins@avant.com distribution list. This distribution list will have newsletters, bulletins and advisories relevant to the security of Avant technology.
Inside this newsletter:
- Updates on what Information Security is doing throughout Avant
- Tips on how to stay safe at Avant and at home this holiday season
- Information Security industry news
- How to contact Information Security
What is Information Security Up To?
Hiring
Do you or a friend want to be an integral part of starting up a world-class security team? We are looking for great candidates to fill two key positions to help secure Avant's customers, networks, development and intellectual property. Apply at the links below:
- Manager, Software Security Engineering - responsible for ensuring the integrity of all software and third-party service providers throughout Avant.
- Manager, Incident Response and Security Operations - responsible for security monitoring, analysis, and response to threats targeting Avant.
Why the Death Star Needed Information Security
It is a period of cyber war. In an effort to sustain commerce during these challenging times, the Galactic Trade Federation has required the Empire retain the services of a consultancy on Kessel (a best-value provider, and only twelve parsecs away) to assess the state of their security before signing off on the newly-constructed DEATH STAR campus.
Star Wars Episode IV.1.d: The Pentesters Strike Back
December Security Tips
Stay Safe During the Holidays
Phishing is any type of email-based social engineering attack, and is the favored method used by cyber criminals and nation-state actors to carry out malware and drive-by attacks. These are fraudulent emails disguised as legitimate communication that attempt to trick the recipient into responding – by clicking a link, opening an attachment, or directly providing sensitive information. These responses give attackers a foothold in corporate networks, and access to vital information such as intellectual property. Phishing emails are often carefully crafted and targeted to specific recipients, making them appear genuine to many users.
Phishing is effective, low-cost, bypasses most detection methods, and offers criminals little chance of capture or retribution. It’s little wonder then that several prominent security firms have confirmed it to be the top attack method threatening the enterprise today, with security firm TrendMicro noting that spear phishing accounts for 91% of targeted attacks, incident response consultant Mandiant citing spear phishing as Chinese hacking group APT1’s most common attack method, and Verizon tracing 95% of state-affiliated espionage attacks to phishing.
Use these tips to spot common holiday phishing attacks this season:
- Bookmark shopping sites. Avoid using search engines to find good deals. Limiting your search to trusted shopping sites can reduce the chances of you landing on a spoofed site.
- Always check the hyperlinks. To verify the legitimacy of the URL, move your cursor over the embedded link before even clicking it. False links can be deceiving as scammers can use URLs with the relevant terms.
- Spoofed emails usually contain a generic greeting. The user’s email address can also be used rather than directly addressing the recipient with his/her name, and that's a red flag.
- Watch out for poor grammar or dodgy spellings. Legitimate emails do not contain glaring errors.
- Recognize sloppily-designed emails. Wrong or out of place logos and layouts are signs that a message isn’t from a trusted source.
- Beware of websites that ask for your password. Never give away passwords or sensitive information to untrusted or third party sites.
- Stay clear of emails or sites that demand urgent action. Some messages will include desperate calls to action such as clicking certain links or disclosing personal information.
- Be wary of too-good-to-be-true offers. There's a saying that goes, “if something seems too good to be true, it probably is,” and it applies to online shopping. Be wary of items offered at very low prices.
- Routinely check your card statements. Be on the lookout for unauthorized transactions.
Information Security News
- New EU Law makes companies report their breaches
- New York Prepares Cyber Security Guidance for Banks
- Insiders are a bigger threat than the perimeter
- Why Apple's CEO thinks we can have both encryption and national security
- Juniper faces questions about spying software planted in code
- Deadline for better encryption on payment systems pushed back two years
Contact Us
Avant takes security seriously. If you see something suspicious, get in touch with us:
- security@avant.com: report security issues, phishing emails or get in touch
- security-bulletins@avant.com: relevant security announcements and bulletins.
- #security on Slack - for security discussions and inquiries
- shyama.rose@avant.com - for urgent issues