INFOSECURITY NEWSLETTER

March 7, 2018

[White Paper] Understanding The Challenges of Cloud Monitoring and Security

Security teams remain challenged to identify cyber security threats in the cloud. In this white paper, our cloud security experts share methods for choosing the right monitoring solution to improve cloud visibility into your network and critical assets.

Download My Copy

Threat Hunting Best Practices: Be Ready to Hunt When Cyber Criminals Strike

Andrew Cook, deltarisk.com, March 2, 2018

When the term “threat hunting” is brought up in the cyber security community, it can come across as more of a buzzword than a viable and important strategy for organizations to adopt. While there is plenty of discussion about what threat hunting means and why having a hunt program is important, the mindset, methods, and key steps for executing adversary threat hunting are sometimes overlooked. In this blog, we dig a little deeper into the early stages of a hunt operation from our webinar, “6 Lessons Learned Hunting Advanced Criminals.” Here’s an excerpt where we discuss important steps for fostering a hunt mindset and beginning the incident response and investigation.

Read More


Nearly Half of Security Pros Rarely Change Their Security Strategy, Even After a Cyber Attack

Help Net Security Staff, helpnetsecurity.com, March 1, 2018

Nearly half (46 percent) of IT security professionals rarely change their security strategy substantially – even after experiencing a cyber attack. This level of cyber security inertia and failure to learn from past incidents puts sensitive data, infrastructure and assets at risk, according to CyberArk. An overwhelming number of IT security professionals believe securing an environment starts with protecting privileged accounts.

Read More

Report: 58 Percent of PHI Data Breaches Involve Insiders

Heather Landi, healthcare-informatics.com, March 5, 2018

Almost 60 percent of data breach incidents involving protected health information (PHI) involved insiders, which makes healthcare the only industry in which internal actors are the biggest threat to an organization’s data security, according to a recent Verizon security report. In Verizon’s 2018 Protected Health Information Data Breach Report, researchers analyzed 1,368 security incidents across 27 countries, with a focus on the healthcare sector’s specific profile and security challenges, including the levels of abuse of this protected information.

Read More


FS-ISAC Hit With Phishing Attacks

Robert Abel, scmagazine.com, March 2, 2018

A Financial Services Information Sharing and Analysis Center (FS-ISAC) employee fell victim to a phishing attack that compromised login credentials enabling additional phishing attacks. FS-ISAC is a cyber and physical threat intelligence analysis and sharing platform for the global financial industry.

Read More

Unprotected AWS Bucket Exposes 50.4 GB of Financial Giant’s Data Risks

Waqar Amir, hackread.com, February 28, 2018

The Cyber Risk Team at Cloud security firm UpGuard have discovered a massive trove of data exposed due to an unprotected Amazon Web Services (AWS) S3 bucket. The database belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm. The exposed database contained 50.4 GB worth of data of one of Birst’s users Capital One, a McLean, Virginia based financial services giant and eighth-largest commercial bank in the United States. The leaked data contained technical information on Birst appliance specially configured for Capital One’s cyberinfrastructure.

Read More

Cybersecurity at Power Plants Needs Advice it can Actually Use

Alfred NG, cnet.com, March 1, 2018

Imagine if every time you were sick, all your doctor did was tell you to take some medicine. That’s it. No prescription, no details on what to take, when to take it, where to get it, or even whether you can take it. Just, “take medicine.” That’d be completely useless information. This is essentially what vulnerability advisories for industrial controls have been like over the last year, according to a new report by Dragos. The cybersecurity company focuses on critical infrastructure, which includes everything from power plants to factories to water supplies.

Read More

New York Surgery & Endoscopy Center Discovers 135,000-Record Data Breach

HIPAA Journal Staff, hipaajournal.com, March 5, 2018

A malware infection at St. Peter’s Surgery & Endoscopy Center in New York has potentially allowed hackers to gain access to the medical records of as many as 135,000 patients. This is the second largest healthcare data breach of 2018, the largest to hit New York state since the 3,466,120-record data breach at Newkirk Products, Inc. in August 2016, and the fifth largest healthcare data breach in New York since the Department of Health and Human Services’ Office for Civil Rights started publishing data breach summaries in October 2009. The data breach at St. Peter’s Surgery & Endoscopy Center was discovered on January 8, 2018: The same day as hackers gained access to its server.

Read More


New Cyber Security Style Guide Helps Bridge the Communication Gap

J.M. Porup, csoonline.com, March 2, 2018

I think I’m going to start all my hot takes with that quote from Cool Hand Luke from now on, because the inability of most security folk to communicate with non-security folk is tearing apart our political and social and economic fabric. The people who govern our lives and who will shape the future of our world do not understand information security. Unless we break out of our cozy in-clique exclusionary slang, that can only end badly–for all of us.It doesn’t matter how great the research is, or the pentest, or the report, or your new security policy if no one reads it or understands it. When politicians make bad laws because they don’t understand cryptography, society suffers.

Read More

The Roles CFOs And CMOs Need To Play In Cybersecurity Protection

Daniel Newman, forbes.com, March 2, 2018

There are a lot of players in the C-Suite these days, and chances are good they all have their own strategic priorities. The CFO wants to save money and deliver quality returns to investors. The CMO wants to churn data to find better and smarter ways to reach customers. The CIO wants to find ways to utilize new technology while keeping the company—and its customers—safe.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points