INFOSECURITY NEWSLETTER

January 3, 2018

[Webinar] Flying Blind: 2017 Cloud Configurations Gone Wrong

In this webinar, we’ll take a look at 2017 cloud data breaches: what went wrong and how to avoid the same fate. What are some of the telltale signs a misconfiguration is going to put your critical assets at risk? How can you avoid a misconfiguration in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

View it On Demand

Beware of These 7 Ticketing System Pitfalls

Joel Gridley, deltarisk.com, December 21, 2017

Tickets predate the well-known ticket tracking software. Long ago, the process of tracking issues by index cards were taken from analog to digital processes However, the usefulness of ticketing has waned in the past decade or so — except in organizations that jealously maintain the culture of quality ticketing.

Read More


Unsecured Amazon S3 Bucket Exposes Details on 123 Million American Households

Catalin Cimpanu, bleepingcomputer.com, December 20, 2017

US data analytics provider Alteryx has left an Amazon S3 storage bucket exposed online, leaking the sensitive details of over 123 million US households in the process. The unprotected server was found by US cyber-security firm UpGuard, which also discovered a similar Amazon S3 server containing sensitive NSA files, and another leaky S3 server containing data from the US Army’s CENTCOM and PACOM divisions.

Read More

Why do CISOs Change Jobs so Frequently?

John Oltsik, csoonline.com, January 2, 2018

Happy 2018, everyone — let’s hope that this is a good year for cybersecurity professionals and global cyber safety. Of course, an organization’s cybersecurity success is often a function of the effectiveness of the CISO. A strong CISO can mean the difference between functional cybersecurity and constant chaos.

Read More


4 Security Resolutions for Higher Education Institutions

Meghan Bogardus Cortez, edtechmagazine.com, December 20, 2017

Higher education institutions made a lot of headlines for security this year, and not in a good way. Data breaches in the education sector went up 103 percent in just the first half of 2017, security firm Gemalto reported.The Digital Citizens Alliance found 14 million email addresses and passwords from faculty, staff, students and alumni at U.S. universities for sale on the dark web.

Read More

A New Type of Computer Could Render Many Software Hacks Obsolete

Daniel Oberhaus, motherboard.vice.com, December 20, 2017

On Tuesday the Defense Advanced Research Projects Agency (DARPA) announced it will be spending $3.6 million to develop a computer with hardware that is billed by its creators as an “unsolvable puzzle.” The project is called MORPHEUS, a homage to the ancient Greek god of dreams, and is intended to be a more robust alternative to today’s so-called “patch and pray” approach to cybersecurity.

Read More

Exposed File From Ancestry’s RootsWeb.com Contains Data on 300,000 Users

Dark Reading Staff, darkreading.com, December 26, 2017

A file containing hundreds of thousands of RootsWeb users’ email, login information, and passwords was found externally exposed, genealogy site says. Ancestry’s RootsWeb.com server, which hosts a free genealogical community site, exposed a file containing emails, login information, and passwords of 300,000 users.

Read More

How Will Machine Learning Address Cyber Security Problems in 2018?

Hyrum Anderson, huffingtonpost.com, December 20, 2017

Before I bring out my crystal ball on what problems AL/ML might solve in 2018, let me just categorically state that: (1) ML can be really useful for detecting “unknown threats”, but (2) I don’t believe that ML is going to be a silver bullet panacea for all security problems in 2018. Rules and signatures and IOCs and threat intelligence and especially hard-working infosec professionals are all going to be critical for solving infosec problems in 2018.

Read More


Vulnerability Affects Hundreds of Thousands of IoT Devices

Catalin Cimpanu, bleepingcomputer.com, December 25, 2017

Here’s something to be cheery on Christmas Day —a vulnerability affecting a web server that’s been embedded in hundreds of thousands of IoT devices. The said vulnerability affects GoAhead, a tiny web server package created by Embedthis Software LLC, a company based in Seattle, USA.On GoAhead’s homepage, Embedthis claims its product is currently deployed inside products released by big industry names such as Comcast, Oracle, D-Link, ZTE, HP, Siemens, Canon, and many others.

Read More

Make 2018 Your Year of Taking Password Security More Seriously

Zeljka Zorz , helpnetsecurity.com, January 2, 2018

For one, avoid the most often used passwords. SplashData’s most recent list of the top 100 worst passwords (of the past year) contains many of the usual suspects (“123456”, “password”, and “qwerty”), but also shows that using common words, personal names, expressions, expletives, consecutive number strings, and one’s year of birth as password is a bad idea. If you devise your own passwords, make them a memorable and relatively long (e.g. 16 characters) passphrase that, preferably, makes sense only to you.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points