SBS CyberSecurity - In The Wild 119


 
 

In The Wild - CyberSecurity Newsletter

Welcome to the 119th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[CyberByte Video] Web Application Security

SBS Educational Resources

Vulnerabilities lurking in a web application is one of the leading causes of a data breach. Learn how to conduct a self-assessment to identify any vulnerabilities within your web apps.

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

What Differentiates the Strongest Cybersecurity Programs?

HelpNetSecurity

Financial institutions spend an average of around $2,300 per full-time employee on cybersecurity annually, reveals a survey released by Deloitte and the Financial Services Information Sharing and Analysis Center (FS-ISAC). The report looked at various components of a financial institution’s cybersecurity operation, including how it is organized and governed, who the CISO reports to, the level of board interest in the CISO’s work, as well as which cyber capability areas were prioritized in terms of spending.

7 Simple Ways to Protect Your Digital Privacy

The New York Times

What little privacy people don’t give away, companies tend to take. Given this reality, to get complete privacy you’d need to install a labyrinthine series of software tools that make the internet slow and unusable — think specialty Web browsers, encrypted email and chat; virtual private networks; and security-focused incognito operating systems. Or you’d need to stay off the internet altogether. But don’t lose hope. Although total privacy is all but unattainable, you can protect yourself in two ways: Lock down your devices and accounts, so they don’t give away your data, and practice cautious behavior online.
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


What Colorado Learned From Treating a Cyberattack Like a Disaster

StateScoop

The Colorado Department of Transportation joined the ranks of dozens of other U.S. government entities affected by the SamSam ransomware virus when it was infected with the malware in February 2018. While the incident was costly — nearly 2,000 computers, servers, and network devices were encrypted, while the state spent about $1.5 million to undo the damage after refusing to pay the ransom — Colorado also created a new model for state and local governments dealing with cyberattacks in handling it like it would a natural disaster.

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

The Hacker News

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again. Now, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs.

Security Awareness Training Should Always Lead to Changes in Behavior

Security Intelligence

When striving for success, you must have a definite purpose. As it relates to information security and, specifically, user awareness and training, what’s the main goal? Is it to train everyone to the highest possible level so they can be a part of the security solution? Perhaps it’s to set your business up for success by controlling users’ actions through policies and technologies? Maybe it’s to check the security awareness training box that auditors look for? Looking at the myriad approaches and possible outcomes of a security awareness and training program, no matter how it’s done, it all comes down to one thing: behavioral changes.

How to Be Less Reactive and More Proactive

Medium

‘I have no time to think strategically.’ ‘I feel like I don’t have space to breathe.’ ‘I’m totally overwhelmed.’ Even if we aren’t saying it out loud, these are statements that every manager can relate to. Startups are non-stop. Every closet is full of skeletons, waiting to jump out and surprise you. If you’ve ever reached the end of the workday only to realize that you haven’t done anything on your original to-do list, here’s what you can do about it.

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"