BuzzSec

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xx/60

from SANS Institute | Newsletters - Newsbites - RSS https://www.sans.org/newsletters/newsbites/xx/59

Like everything else in this world, data breaches are costing organizations more too. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/you-cant-afford-a-data-breach-and-theyre-only-getting-more-expensive

Heed the warning found in the story of a Virginia bank that was not breached once, but twice in an 8-month period of time ! from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/breach-you-once-shame-on-you.-breach-you-twice-still..-shame-on-you

This guide outlines three steps you can take to shift your thinking when it comes to viewing your organization as a technology company. Once you shift your thinking and buy into this idea, you will begin to think differently about the way you protect your organization and set you up for future success. Change your mentality today! from SBS CyberSecurity https://sbscyber.com/resources/articleType/ArticleView/articleId/2517/download-you-are-a-technology-company

Employee testing is a necessary part of a well-executed and flexible security awareness program. For testing to be effective, however, it needs to be well thought-out, making an impression on the employees and evoking a response that will help build your organizational security culture. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/no-shame-on-you-when-it-comes-to-cybersecurity-testing

The Diqee 360 robotic vacuum cleaner can be turned into a surveillance device . The attack requires physical access to the device, so in the scheme of things it's not a big deal. But why in the world is the vacuum equipped with a microphone? from Schneier on Security https://www.schneier.com/blog/archives/2018/07/hacking_a_robot.html

It’s time to publish the timeline of the main cyber attacks occurred between July 1 and July 15 2018 (and from HACKMAGEDDON https://www.hackmageddon.com/2018/07/31/1-15-july-2018-cyber-attacks-timeline/

Several state government offices in the US have received CDs by mail, infected with malware. It's a clumsy attempt, according to an alert the Multi-State Information Sharing and Analysis Center (MS-ISAC) shared with state and local governments. The CD shows up in the mail with a Chinese postmark and accompanied by what MS-ISAC calls a "confusingly worded typed letter with occasional Chinese characters." The CD itself holds Mandarin-language Word files. Some of the documents are seeded with malicious Visual Basic scripts. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/snail-mail-phishing-with-a-cd-as-bait

– JOIN TRUSTEDSEC and MARSH ON September 12th, 2018 AT 2:00 PM EDT – The automotive industry is experiencing a level of change and innovation not seen since the introduction of the passenger car. While this sector has traditionally been dominated by original equipment manufacturers (OEMs) and their suppliers, today it welcomes a host of new players from Uber/Lyft to Zipcar and Getaround that are transforming the world’s relationship with vehicles. As a result of this massive technology integration in the automotive industry, security and safety has become one of the largest public concerns. Join  experts from Marsh’s US Manufacturing & Automotive Industry on September 12, 2018 at 2 p.m. EDT for a complimentary one-hour webcast –  Navigating the Risks & Rewards of Evolution in the Automotive Industry.  Our panel of speakers will discuss emerging trends in the automotive industry and explore the implications for your business and the insurance industry We’ll Cover: Mobili

CJ Cox talks about the highs, lows, hows and why’s of security policy. // Show Notes Why are we doing this? Do you hate your audience? GDPR was bad enough. My Methodology The Rant Cross between Bob Cat Goldthwaite and Dennis Miller Policy is the foundation to the foundation Don’t we all just love Policy […] The post PODCAST: Security Policy: Fact Fiction or Implement the Marquis de Management appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/podcast-security-policy-fact-fiction-or-implement-the-marquis-de-management/

Original release date: July 30, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD , which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 Medium - Vulnerabilities will be labeled Medium severity