January 3, 2018
In this webinar, we’ll take a look at 2017 cloud data breaches: what went wrong and how to avoid the same fate. What are some of the telltale signs a misconfiguration is going to put your critical assets at risk? How can you avoid a misconfiguration in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Joel Gridley, deltarisk.com, December 21, 2017
Tickets predate the well-known ticket tracking software. Long ago, the process of tracking issues by index cards were taken from analog to digital processes However, the usefulness of ticketing has waned in the past decade or so — except in organizations that jealously maintain the culture of quality ticketing.
Catalin Cimpanu, bleepingcomputer.com, December 20, 2017
US data analytics provider Alteryx has left an Amazon S3 storage bucket exposed online, leaking the sensitive details of over 123 million US households in the process. The unprotected server was found by US cyber-security firm UpGuard, which also discovered a similar Amazon S3 server containing sensitive NSA files, and another leaky S3 server containing data from the US Army’s CENTCOM and PACOM divisions.
John Oltsik, csoonline.com, January 2, 2018
Happy 2018, everyone — let’s hope that this is a good year for cybersecurity professionals and global cyber safety. Of course, an organization’s cybersecurity success is often a function of the effectiveness of the CISO. A strong CISO can mean the difference between functional cybersecurity and constant chaos.
Meghan Bogardus Cortez, edtechmagazine.com, December 20, 2017
Higher education institutions made a lot of headlines for security this year, and not in a good way. Data breaches in the education sector went up 103 percent in just the first half of 2017, security firm Gemalto reported.The Digital Citizens Alliance found 14 million email addresses and passwords from faculty, staff, students and alumni at U.S. universities for sale on the dark web.
Daniel Oberhaus, motherboard.vice.com, December 20, 2017
On Tuesday the Defense Advanced Research Projects Agency (DARPA) announced it will be spending $3.6 million to develop a computer with hardware that is billed by its creators as an “unsolvable puzzle.” The project is called MORPHEUS, a homage to the ancient Greek god of dreams, and is intended to be a more robust alternative to today’s so-called “patch and pray” approach to cybersecurity.
Dark Reading Staff, darkreading.com, December 26, 2017
A file containing hundreds of thousands of RootsWeb users’ email, login information, and passwords was found externally exposed, genealogy site says. Ancestry’s RootsWeb.com server, which hosts a free genealogical community site, exposed a file containing emails, login information, and passwords of 300,000 users.
Hyrum Anderson, huffingtonpost.com, December 20, 2017
Before I bring out my crystal ball on what problems AL/ML might solve in 2018, let me just categorically state that: (1) ML can be really useful for detecting “unknown threats”, but (2) I don’t believe that ML is going to be a silver bullet panacea for all security problems in 2018. Rules and signatures and IOCs and threat intelligence and especially hard-working infosec professionals are all going to be critical for solving infosec problems in 2018.
Catalin Cimpanu, bleepingcomputer.com, December 25, 2017
Here’s something to be cheery on Christmas Day —a vulnerability affecting a web server that’s been embedded in hundreds of thousands of IoT devices. The said vulnerability affects GoAhead, a tiny web server package created by Embedthis Software LLC, a company based in Seattle, USA.On GoAhead’s homepage, Embedthis claims its product is currently deployed inside products released by big industry names such as Comcast, Oracle, D-Link, ZTE, HP, Siemens, Canon, and many others.
Zeljka Zorz , helpnetsecurity.com, January 2, 2018
For one, avoid the most often used passwords. SplashData’s most recent list of the top 100 worst passwords (of the past year) contains many of the usual suspects (“123456”, “password”, and “qwerty”), but also shows that using common words, personal names, expressions, expletives, consecutive number strings, and one’s year of birth as password is a bad idea. If you devise your own passwords, make them a memorable and relatively long (e.g. 16 characters) passphrase that, preferably, makes sense only to you.