March 21, 2018
Security teams remain challenged to identify cyber security threats in the cloud. In this white paper, our cloud security experts share methods for choosing the right monitoring solution to improve cloud visibility into your network and critical assets.
Ryan Clancy, deltarisk.com, March 16, 2018
Although organizations of all sizes are targeted by cyber criminals, small and medium-sized businesses (SMBs) have turned into a preferred target. In fact, according to Aberdeen research, the risk of a single data breach is 63 percent higher for SMBs than it is for larger organizations with over 1,000 employees. Overall, The Ponemon Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Businesses report (released last September) revealed that 61 percent of businesses experienced an attack in 2017. The most prevalent attacks against SMBs include social engineering and web-based attacks.
Conner Forrest, techrepublic.com, March 14, 2018
Despite the rapid proliferation of new cyber threats, 77% of business leaders admitted that they don’t have a formal cybersecurity incident response plan (CSIRP) that’s applied consistently in their organization. That statistic comes from a new IBM report on cybersecurity resilience—a study of 2,800 security and IT professionals from around the world—released Wednesday. Although a form CSIRP can be considered a core part of cyber readiness, nearly half of those surveyed said that their response plan is informal or ad hoc, if it even exists at all.
Christina Wood, csoonline.com, March 19, 2018
You can build a wall, set up perimeter defenses, and spend massive resources maintaining it all. But if your enemy is within, that wall will do you no good. There is even a chance that you will have — or will have someday — an enemy within.
Teri Robinson, scmagazine.com, March 16, 2018
Personal information belonging to 1.3 million customers of Walmart jewelry partner MBM Company has been exposed because yet another Amazon S3 bucket was left open on the internet. The open S3 bucket, named “walmartsql,” housed an MSSQL database backup, named MBMWEB_backup_2018_01_13_003008_2864410.bak, that “contained internal MBM mailing lists, encrypted credit card details, payment details, promo codes, and item orders, which gives the appearance that this is the main customer database for MBM Company Inc.,” according to a report by Kromtech Security, which discovered the open server on Feb. 3. Dates on the records ranged from 2000 to early 2018.
Chase Gunter, fcw.com, March 14, 2018
To protect the energy sector and other critical infrastructure against cyber threats, lawmakers are looking to boost the Department of Energy’s cybersecurity role and questioned the future role of its new cybersecurity office. Government needs to “make sure we’re doing everything we can to protect our electric grid” and the energy sector as a whole from emerging threats and emergencies as they arise, said Chairman Greg Walden (R-Ore.) at a March 14 House Energy and Commerce Committee hearing.
Chris Olson, csoonline.com, March 14, 2018
Cryptomining has surpassed even ransomware as the revenue generator of choice according to a Cisco Talos report, which claims crypto-mining botnets can earn hackers up to $500 dollars a day and a dedicated effort could equate to more than $100,000 dollars a year. Representing the perfect balance of stealth and wealth for cybercriminals and some unscrupulous, but legitimate online businesses, cryptomining is quickly becoming a major concern for enterprise IT who frequently don’t know their digital assets have been compromised.
Jason Miller, federalnewsradio.com, March 19, 2018
When Rep. Will Hurd (R-Texas) opened the House Oversight and Government Reform Subcommittee on IT’s hearing about the State of Federal IT last Wednesday, he focused on not losing momentum that built up over the last few years. From the Office of Management and Budget’s IT modernization strategy to the CIO Council’s State of Federal IT report to Congress passing the Modernizing Government Technology (MGT) Act as part of the Defense authorization bill , agencies have tools and data to continue to swing the pendulum away from unsecured legacy technologies.
Waqas Amin, hackread.com, March 16, 2018
Check Point Mobile Security Team discovered a massive, on-going malware campaign that so far has claimed 5 million victims. Reportedly, the malware dubbed as RottenSys has managed to create a massive army of botnets comprising of 5 million mobile devices from across the globe. The malware is hidden in a System Wi-Fi service application that is already installed-by-default on countless models of smartphones manufactured by prominent companies including Honor, Huawei, GIONEE, Samsung, Oppo, Vivo, and Xiaomi.
J.M. Porup, csoonline.com, March 7, 2018
Patching security vulnerabilities in industrial control systems (ICS) is useless in most cases and actively harmful in others, ICS security expert and former NSA analyst Robert M. Lee of Dragos told the US Senate in written testimony last Thursday. The “patch, patch, patch” mantra has become a blind tenet of faith in the IT security realm, but has little application to industrial control systems, where legacy equipment is often insecure by design.