SBS CyberSecurity - In The Wild 119


 
 

In The Wild - CyberSecurity Newsletter

Welcome to the 119th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information you may find helpful.
Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy.

[CyberByte Video] Web Application Security

SBS Educational Resources

Vulnerabilities lurking in a web application is one of the leading causes of a data breach. Learn how to conduct a self-assessment to identify any vulnerabilities within your web apps.
Read Here »  

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003, citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.
Read Here »  

What Differentiates the Strongest Cybersecurity Programs?

HelpNetSecurity

Financial institutions spend an average of around $2,300 per full-time employee on cybersecurity annually, reveals a survey released by Deloitte and the Financial Services Information Sharing and Analysis Center (FS-ISAC). The report looked at various components of a financial institution’s cybersecurity operation, including how it is organized and governed, who the CISO reports to, the level of board interest in the CISO’s work, as well as which cyber capability areas were prioritized in terms of spending.
Read Here »  

7 Simple Ways to Protect Your Digital Privacy

The New York Times

What little privacy people don’t give away, companies tend to take. Given this reality, to get complete privacy you’d need to install a labyrinthine series of software tools that make the internet slow and unusable — think specialty Web browsers, encrypted email and chat; virtual private networks; and security-focused incognito operating systems. Or you’d need to stay off the internet altogether. But don’t lose hope. Although total privacy is all but unattainable, you can protect yourself in two ways: Lock down your devices and accounts, so they don’t give away your data, and practice cautious behavior online.
Read Here »  
Do you know which SBS Institute Certification Programs are coming up? Check out the Certification Calendar and share with your clients. Find Out Here! »


What Colorado Learned From Treating a Cyberattack Like a Disaster

StateScoop

The Colorado Department of Transportation joined the ranks of dozens of other U.S. government entities affected by the SamSam ransomware virus when it was infected with the malware in February 2018. While the incident was costly — nearly 2,000 computers, servers, and network devices were encrypted, while the state spent about $1.5 million to undo the damage after refusing to pay the ransom — Colorado also created a new model for state and local governments dealing with cyberattacks in handling it like it would a natural disaster.
Read Here »  

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

The Hacker News

Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again. Now, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs.
Read Here »  

Security Awareness Training Should Always Lead to Changes in Behavior

Security Intelligence

When striving for success, you must have a definite purpose. As it relates to information security and, specifically, user awareness and training, what’s the main goal? Is it to train everyone to the highest possible level so they can be a part of the security solution? Perhaps it’s to set your business up for success by controlling users’ actions through policies and technologies? Maybe it’s to check the security awareness training box that auditors look for? Looking at the myriad approaches and possible outcomes of a security awareness and training program, no matter how it’s done, it all comes down to one thing: behavioral changes.
Read Here »  

How to Be Less Reactive and More Proactive

Medium

‘I have no time to think strategically.’ ‘I feel like I don’t have space to breathe.’ ‘I’m totally overwhelmed.’ Even if we aren’t saying it out loud, these are statements that every manager can relate to. Startups are non-stop. Every closet is full of skeletons, waiting to jump out and surprise you. If you’ve ever reached the end of the workday only to realize that you haven’t done anything on your original to-do list, here’s what you can do about it.
Read Here »

10 Other Interesting Links From This Week

There were too many fantastic reads from this past weeks’ worth of cybersecurity and technology news, so here are a few additional quick-hit links for your reading pleasure:
·         KrebsOnSecurity: Feds Target $100M ‘GozNym’ Cybercrime Network
·         KrebsOnSecurity: Account Hijacking Forum OGusers Hacked
·         Bleeping Computer: Google is using Your Gmail Account to Track Your Purchases
·         Bleeping Computer: Cisco Upgrades Remote Code Execution Flaws to Critical Severity
·         The Hacker News: Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement
·         Tech HQ: Why the CISO should report direct to the CEO
·         HelpNetSecurity: CISOs - What would you do over?
·         ProPublica: Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
·         TechRepublic: Why cybersecurity pros want to share information to combat threats
·         Baltimore Sun: Ransomware used in Baltimore attack indicates hackers needed 'unfettered access' to city computers

Comments

Post a Comment

Popular posts from this blog

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"

Image
Eric Howes , KnowBe4 Principal Lab Researcher, found out about another insidious bad guy trick: " If you work in IT there has undoubtedly come a dark moment when you wondered to yourself just who among your employee users would be gullible enough to click through a phishing email and potentially bring down your organization. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/when-users-add-their-names-to-a-wall-of-shame
Read more

Krebs - NY Charges First American Financial for Massive Data Leak

Image
In May 2019, KrebsOnSecurity broke the news that the website of mortgage title insurance giant First American Financial Corp. had exposed approximately 885 million records related to mortgage deals going back to 2003. On Wednesday, regulators in New York announced that First American was the target of their first ever cybersecurity enforcement action in connection with the incident, charges that could bring steep financial penalties. First American Financial Corp. Santa Ana, Calif.-based  First American [ NYSE:FAF ] is a leading provider of title insurance and settlement services to the real estate and mortgage industries. It employs some 18,000 people and brought in $6.2 billion in 2019 . As first reported here last year , First American’s website exposed 16 years worth of digitized mortgage title insurance records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images. The docum
Read more

SBS CyberSecurity - In The Wild 166

Image
  In The Wild - CyberSecurity Newsletter Welcome to the 166 th issue of In The Wild, SBS’ weekly CyberSecurity newsletter. The objective of this newsletter is to share threat intelligence, news articles that are relevant, new and updated guidance, and other information to help you make better cybersecurity decisions. Follow SBS CyberSecurity on Social Media for more articles, stories, news, and resources!           Below, you will find some of the latest-and-greatest news stories, articles, videos, and links from the past week in cybersecurity. Some of the following stories have been shared by consultants, others by the SBS Institute, and others yet simply been found in the far corners of the Internet. We hope you find the following stories relevant, interesting, and – most of all – useful. Enjoy. CyberRiskNOW Virtual Conference SBS Educational Resources This virtual conference is designed to provide interactive training on evo
Read more