INFOSECURITY NEWSLETTER

April 25, 2018

[White Paper] Understanding The Challenges of Cloud Monitoring and Security

While cloud providers offer many security measures, organizations are ultimately responsible for securing their own data, their own applications, and their own services in the cloud. We discuss how companies are adapting to new cloud security challenges and the important considerations they need to make before choosing a cloud monitoring solution.

Download My Copy

Q&A: Common Misconceptions About Threat Hunting and Compromise Assessments

Devesh Panchwagh, deltarisk.com, April 19, 2018

In advance of our upcoming webinar on “Threat Hunting Versus Compromise Assessments: What’s the Difference?” Dev Panchwagh spoke with the presenters, Delta Risk’s Andrew Cook and Infocyte Founder and Chief Product Officer Chris Gerritz. In Part I of this two-part blog series, the team discusses some of the common misconceptions around threat hunting and compromise assessments. Join our webinar on April 25 at 1 PM ET when we’ll share more insights on this topic.

Read More


Misconfigured Clouds Compromise 424% More Records in 2017

Kelly Sheridan, darkreading.com, April 4, 2018

Insider mistakes like networked backup incidents and misconfigured cloud servers caused nearly 70% of all compromised records in 2017, according to new data from IBM X-Force. These types of incidents affected 424% more records last year than the year prior, they report. It wasn’t all bad news from the IBM X-Force Threat Intelligence Index, which pulls insights on data from millions of endpoints across hundreds of countries. Researchers found 2.9 billion records were reported breached, nearly 25% less than the 4B reported in 2016.

Read More

Survey Reveals Users Have No Clue About Router Security

Catalin Cimpanu, bleepingcomputer.com, April 23, 2018

A recent survey of 2,205 regular users has proven once again that most people don’t update router firmware, don’t change default credentials, and don’t generally know how to secure their devices. For the past two-three years, there has been a deluge of news articles and research papers detailing large botnets built by exploiting router vulnerabilities and by hijacking devices still running default login credentials. These are the two main methods exploited by attackers.

Read More


Why SSL is Part of the Problem Behind a Dramatic Increase in Malware and Ramsomware in Q1 2018

Jason Hiner, techrepublic.com, April 20, 2018

Attackers are using HTTPS to carry malware, which means companies need to do DPI on SSL packets to guard against it. Bill Conner, CEO of SonicWall, spoke with TechRepublic at this year’s RSA Conference about the increase in malware and ransomware, and how his company is prepared to deal with that.

Read More

Energy Security Pros Worry About Catastrophic Failure Due to Cyberattacks

Help Net Security Staff, helpnetsecurity.com, April 20, 2018

70 percent of energy security professionals are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, a recent survey has shown. Of the 151 IT and operational technology (OT) security pros at energy and oil and gas companies that were polled, 97 percent are concerned that attacks could cause operational shutdowns, and 96 percent believe they could impact the safety of their employees.

Read More

This Ransomware was Rewritten to Mine Cryptocurrency – and Destroy Your Files

Danny Palmer, zdnet.com, April 19, 2018

Cybercriminals are known to be shifting away from ransomware in favour of cryptocurrency mining, but those behind one form of malicious software have pivoted by re-purposing what was file-encrypting malware into something which now highjacks PCs for mining. Uncovered by researchers at Trend Micro, the cryptocurrency miner is said to be “distinctly similar” to XiaoBa, a form of ransomware which first appeared in October last year, leading researchers to the conclusion that the ransomware code has been repurposed to fulfil a new task.

Read More

10 Bits of Career Wisdom for Beginning Cybersecurity Professionals

Scott Matteson, techrepublic.com, April 20, 2018

Cybersecurity can be a demanding and rewarding field. Here are some tips for those just starting out, based on the experience of two seasoned security pros. The art of working cybersecurity is about more than just protecting systems and networks; it requires a strategic perspective, lots of planning and building a comprehensive roadmap of priorities and goals for the future. Technology continues to evolve and so the ways in which it can be put at risk evolve as well, necessitating a constant pace of career development.

Read More


Ransomware Moving into Business-Critical Systems; Employees a Key Weakness, Research Shows

Filip Truta, securityboulevard.com, April 18, 2018

Ransomware attacks are moving away from the consumer space and into business-critical systems, encrypting entire databases and servers, commanding bigger ransom requests and inflicting more damage than ever, according to an analysis of data from 67 organizations. Verizon’s 2018 Data Breach Investigations Report (DBIR), in its 11th edition, offers an analysis of the ransomware phenomenon based on more than 53,000 incidents and 2,216 breaches from 65 countries.

Read More

SunTrust Bank Says Former Employee Stole Details on 1.5 Million Customers

Catalin Cimpanu, bleepingcomputer.com, April 21, 2018

US-based SunTrust Bank said it is working with law enforcement after it discovered that a former employee had stolen private information belonging to nearly 1.5 million customers. “In conjunction with law enforcement, we discovered that a former employee while employed at SunTrust may have attempted to print information on approximately 1.5 million clients and share this information with a criminal third party,” SunTrust CEO William Rogers said in a press conference on Friday.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points