INFOSECURITY NEWSLETTER

March 21, 2018

[White Paper] Understanding The Challenges of Cloud Monitoring and Security

Security teams remain challenged to identify cyber security threats in the cloud. In this white paper, our cloud security experts share methods for choosing the right monitoring solution to improve cloud visibility into your network and critical assets.

Download My Copy

9 Cyber Security Tips SMBs Can Implement Now

Ryan Clancy, deltarisk.com, March 16, 2018

Although organizations of all sizes are targeted by cyber criminals, small and medium-sized businesses (SMBs) have turned into a preferred target. In fact, according to Aberdeen research, the risk of a single data breach is 63 percent higher for SMBs than it is for larger organizations with over 1,000 employees. Overall, The Ponemon Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Businesses report (released last September) revealed that 61 percent of businesses experienced an attack in 2017. The most prevalent attacks against SMBs include social engineering and web-based attacks.

Read More


Report: 77% of Companies Don’t Have a Consistent Cybersecurity Response Plan

Conner Forrest, techrepublic.com, March 14, 2018

Despite the rapid proliferation of new cyber threats, 77% of business leaders admitted that they don’t have a formal cybersecurity incident response plan (CSIRP) that’s applied consistently in their organization. That statistic comes from a new IBM report on cybersecurity resilience—a study of 2,800 security and IT professionals from around the world—released Wednesday. Although a form CSIRP can be considered a core part of cyber readiness, nearly half of those surveyed said that their response plan is informal or ad hoc, if it even exists at all.

Read More

Insider Threat Examples: 7 Insiders Who Breached Security

Christina Wood, csoonline.com, March 19, 2018

You can build a wall, set up perimeter defenses, and spend massive resources maintaining it all. But if your enemy is within, that wall will do you no good. There is even a chance that you will have — or will have someday — an enemy within.

Read More


Open AWS S3 Bucket Managed by Walmart Jewelry Partner Exposes Info on 1.3 M Customers

Teri Robinson, scmagazine.com, March 16, 2018

Personal information belonging to 1.3 million customers of Walmart jewelry partner MBM Company has been exposed because yet another Amazon S3 bucket was left open on the internet. The open S3 bucket, named “walmartsql,” housed an MSSQL database backup, named MBMWEB_backup_2018_01_13_003008_2864410.bak, that “contained internal MBM mailing lists, encrypted credit card details, payment details, promo codes, and item orders, which gives the appearance that this is the main customer database for MBM Company Inc.,” according to a report by Kromtech Security, which discovered the open server on Feb. 3. Dates on the records ranged from 2000 to early 2018.

Read More

Lawmakers Look to Boost Energy’s Cybersecurity Role

Chase Gunter, fcw.com, March 14, 2018

To protect the energy sector and other critical infrastructure against cyber threats, lawmakers are looking to boost the Department of Energy’s cybersecurity role and questioned the future role of its new cybersecurity office. Government needs to “make sure we’re doing everything we can to protect our electric grid” and the energy sector as a whole from emerging threats and emergencies as they arise, said Chairman Greg Walden (R-Ore.) at a March 14 House Energy and Commerce Committee hearing.

Read More

[Opinion] Cryptomining: The New Lottery for Cybercriminals

Chris Olson, csoonline.com, March 14, 2018

Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous, but legitimate online businesses, cryptomining is quickly becoming a major concern for enterprise IT who frequently don’t know their digital assets have been compromised.

Read More

3 Reasons Why CIOs Will Feel More Heat in 2018

Jason Miller, federalnewsradio.com, March 19, 2018

When Rep. Will Hurd (R-Texas) opened the House Oversight and Government Reform Subcommittee on IT’s hearing about the State of Federal IT last Wednesday, he focused on not losing momentum that built up over the last few years. From the Office of Management and Budget’s IT modernization strategy to the CIO Council’s State of Federal IT report to Congress passing the Modernizing Government Technology (MGT) Act as part of the Defense authorization bill , agencies have tools and data to continue to swing the pendulum away from unsecured legacy technologies.

Read More


Pre-installed Malware on Android Devices Made $115k Revenue in 10 Days

Waqas Amin, hackread.com, March 16, 2018

Check Point Mobile Security Team discovered a massive, on-going malware campaign that so far has claimed 5 million victims. Reportedly, the malware dubbed as RottenSys has managed to create a massive army of botnets comprising of 5 million mobile devices from across the globe. The malware is hidden in a System Wi-Fi service application that is already installed-by-default on countless models of smartphones manufactured by prominent companies including Honor, Huawei, GIONEE, Samsung, Oppo, Vivo, and Xiaomi.

Read More

Insecure by Design: What You Need to Know About Defending Critical Infrastructure

J.M. Porup, csoonline.com, March 7, 2018

Patching security vulnerabilities in industrial control systems (ICS) is useless in most cases and actively harmful in others, ICS security expert and former NSA analyst Robert M. Lee of Dragos told the US Senate in written testimony last Thursday. The “patch, patch, patch” mantra has become a blind tenet of faith in the IT security realm, but has little application to industrial control systems, where legacy equipment is often insecure by design.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points