Explain the NetTraveler Microsoft Office vulnerability using the OWASP web application risk rating methodology and how the Cloud Control Matrix can be used to defend an enterprise from a similar attack.
- [Instructor] Our final case study is named NetTraveler, … which is a spear phishing advanced persistent threat … that targets two publicly known … Microsoft Office vulnerabilities that organizations … should have patched. … Many malicious external groups initiate this attack … by sending spear phishing emails to an employee … containing either a URL link to a site … that has executable programs … or a Word attachment that delivers an executable payload. … Opening the file leads to NetTraveler exploiting … a weakness in Microsoft Windows common controls ActiveX, … which allows a remote attacker to execute … arbitrary code on the system … with the privileges of the victim. … Employees who are not properly trained … to recognize and deal with phishing attacks … are potential victims. … Furthermore, systems must be sufficiently hardened … in order to prevent successful attacks. … Both data breaches and data loss … can result from this attack. … In some cases, military intelligence may also …
AuthorKevin L. Jackson
- Cloud computing drivers
- Deployment and services models
- Attack vectors
- Cyberthreats to financial services
- Regional requirements for data privacy and protection
- Regional risk and compliance requirements
- Case studies in financial cloud security
Skill Level Beginner
IT Security: Key Policies and Resourceswith Gregory Michaelidis23m 44s Intermediate
Amazon Web Services: Data Securitywith Lynn Langit3h 46m Intermediate
1. Cloud Computing Overview
2. Financial Services Industry's Approach to Cybersecurity
3. Regional Data Protection and Privacy Requirements
4. Regional Risk and Compliance Requirements
5. Key Threats and Controls in Financial Cloud Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.