January 31, 2018
In today’s threat landscape, it isn’t a question of if you’ll experience an incident, but when. When a security incident strikes, you’ll need a well-prepared staff and with a battle-tested plan. A mature incident response plan keeps everyone on the same page. Join our incident response experts for a 45-minute webinar to learn how you can quickly contain the impact of a breach, resolve an incident, and get back to business as quickly as possible.
Cloud Security Learning Curve Remains High: Latest Amazon S3 Misconfiguration Illustrates Need for Safety Nets
John Hawley, deltarisk.com, January 25, 2018
We can add yet another sensitive data breach to our lessons learned catalog. This one, involving a large volume of sensitive medical records exposed to the world, goes in the fat folder related to misconfigured storage services. A U.S.-based digital records management company stored this information in a large PDF file, which was then stored in an Amazon Web Services (AWS) Cloud S3 storage bucket. Anyone who had the unique URL associated with the S3 bucket could bypass Amazon encryption to access this privileged information.
Phil Muncaster, inforsecurity-magazine.com, January 25, 2018
Over a third (36%) of global organizations were breached last year, a 10% increase from 2016, according to new figures from Thales. The security and defense contractor polled 1200 senior IT executives in Germany, Japan, India, the Netherlands, Sweden, South Korea, the UK and the US to compile its 2018 Thales Data Threat Report.
Lawrence Abrams, bleepingcomputer.com, January 23, 2018
A new ransomware is being spread called Rapid Ransomware that stays active after initially encrypting a computer and encrypts any new files that are created. While this behavior is not unique to Rapid, it is not a common behavior we see too often. While it is not known how the Rapid Ransomware is being distributed, it has been infecting numerous people starting in January.
Mirko Zorz, helpnetsecurity.com, January 24, 2018
A new KnowBe4 study of phishing statistics for top industries, shows small insurance companies have the highest percentage of phish-prone employees in the small to mid–size organization category. Not-for-profit organizations take the lead in large organizations. The study, drawn from a data set of more than six million users across nearly 11,000 organizations, benchmarks real-world phishing results.
Tim Johnson, McClatchy, govtech.com, January 25, 2018
Ellison Anne Williams has a Ph.D. in mathematics, vast experience at the den of wizards known as the National Security Agency and entrepreneurial chops. She’s accomplished and smart. So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity. “I was in the room and the fellow walked in. He stopped dead in his tracks and the first words out of his mouth were, ‘You’re a girl.’ And I said, ‘Yes, what were you expecting?’” said Williams, founder and chief executive of Enveil, a Fulton, Md., data security company.
Help Net Security Staff, helpnetsecurity.com, January 26, 2018
“Surprising no one, 2017 marked another ‘worst year ever’ in data breaches and cyber incidents around the world,” said Jeff Wilbur, director of the OTA initiative at the Internet Society. “This year’s big increase in cyberattacks can be attributed to the skyrocketing instances of ransomware and the bold new methods of criminals using this attack.”
David Wagner, informationsecuritybuzz.com, January 29, 2018
2017 was another watershed year for cybersecurity. The breaches at Equifax and Yahoo! stand out for their size, but the more troubling development is how much more targeted attacks have become. The HBO attack showed us that hackers are willing to focus on valuable intellectual property or private conversations and hold them hostage for a hefty ransom. The continued attention on the Democratic National Committee hack also revealed that hackers have political agendas that can transcend financial motives.
Joe Oltsik, csoonline.com, Janaury 23, 2018
A few years ago (2016), my esteemed colleague Doug Cahill and I spoke with 30 enterprise organizations about their endpoint security requirements and strategies. Based upon these discussions, we came up with a concept called the endpoint security continuum. On one end of the continuum lies advanced threat prevention. This software is sometimes referred to as “next-generation AV” because it uses technologies such as machine learning and threat intelligence integration to improve the threat prevention capabilities of traditional AV products.
Brendan M. Egan, zdnet.com, January 31, 2018
Technology has quickly engulfed the world around us. Everything we do, both at a business and personal level, seems to involve technology in one way or another. However, as that happens, small businesses continue to be a top target for hackers, with the number of organizations hit by cybercrime rising each year.