March 7, 2018
Security teams remain challenged to identify cyber security threats in the cloud. In this white paper, our cloud security experts share methods for choosing the right monitoring solution to improve cloud visibility into your network and critical assets.
Andrew Cook, deltarisk.com, March 2, 2018
When the term “threat hunting” is brought up in the cyber security community, it can come across as more of a buzzword than a viable and important strategy for organizations to adopt. While there is plenty of discussion about what threat hunting means and why having a hunt program is important, the mindset, methods, and key steps for executing adversary threat hunting are sometimes overlooked. In this blog, we dig a little deeper into the early stages of a hunt operation from our webinar, “6 Lessons Learned Hunting Advanced Criminals.” Here’s an excerpt where we discuss important steps for fostering a hunt mindset and beginning the incident response and investigation.
Help Net Security Staff, helpnetsecurity.com, March 1, 2018
Nearly half (46 percent) of IT security professionals rarely change their security strategy substantially – even after experiencing a cyber attack. This level of cyber security inertia and failure to learn from past incidents puts sensitive data, infrastructure and assets at risk, according to CyberArk. An overwhelming number of IT security professionals believe securing an environment starts with protecting privileged accounts.
Heather Landi, healthcare-informatics.com, March 5, 2018
Almost 60 percent of data breach incidents involving protected health information (PHI) involved insiders, which makes healthcare the only industry in which internal actors are the biggest threat to an organization’s data security, according to a recent Verizon security report. In Verizon’s 2018 Protected Health Information Data Breach Report, researchers analyzed 1,368 security incidents across 27 countries, with a focus on the healthcare sector’s specific profile and security challenges, including the levels of abuse of this protected information.
Robert Abel, scmagazine.com, March 2, 2018
A Financial Services Information Sharing and Analysis Center (FS-ISAC) employee fell victim to a phishing attack that compromised login credentials enabling additional phishing attacks. FS-ISAC is a cyber and physical threat intelligence analysis and sharing platform for the global financial industry.
Waqar Amir, hackread.com, February 28, 2018
The Cyber Risk Team at Cloud security firm UpGuard have discovered a massive trove of data exposed due to an unprotected Amazon Web Services (AWS) S3 bucket. The database belonged to Birst, a Cloud Business Intelligence (BI) and Analytics firm. The exposed database contained 50.4 GB worth of data of one of Birst’s users Capital One, a McLean, Virginia based financial services giant and eighth-largest commercial bank in the United States. The leaked data contained technical information on Birst appliance specially configured for Capital One’s cyberinfrastructure.
Alfred NG, cnet.com, March 1, 2018
Imagine if every time you were sick, all your doctor did was tell you to take some medicine. That’s it. No prescription, no details on what to take, when to take it, where to get it, or even whether you can take it. Just, “take medicine.” That’d be completely useless information. This is essentially what vulnerability advisories for industrial controls have been like over the last year, according to a new report by Dragos. The cybersecurity company focuses on critical infrastructure, which includes everything from power plants to factories to water supplies.
HIPAA Journal Staff, hipaajournal.com, March 5, 2018
A malware infection at St. Peter’s Surgery & Endoscopy Center in New York has potentially allowed hackers to gain access to the medical records of as many as 135,000 patients. This is the second largest healthcare data breach of 2018, the largest to hit New York state since the 3,466,120-record data breach at Newkirk Products, Inc. in August 2016, and the fifth largest healthcare data breach in New York since the Department of Health and Human Services’ Office for Civil Rights started publishing data breach summaries in October 2009. The data breach at St. Peter’s Surgery & Endoscopy Center was discovered on January 8, 2018: The same day as hackers gained access to its server.
J.M. Porup, csoonline.com, March 2, 2018
I think I’m going to start all my hot takes with that quote from Cool Hand Luke from now on, because the inability of most security folk to communicate with non-security folk is tearing apart our political and social and economic fabric. The people who govern our lives and who will shape the future of our world do not understand information security. Unless we break out of our cozy in-clique exclusionary slang, that can only end badly–for all of us.It doesn’t matter how great the research is, or the pentest, or the report, or your new security policy if no one reads it or understands it. When politicians make bad laws because they don’t understand cryptography, society suffers.
Daniel Newman, forbes.com, March 2, 2018
There are a lot of players in the C-Suite these days, and chances are good they all have their own strategic priorities. The CFO wants to save money and deliver quality returns to investors. The CMO wants to churn data to find better and smarter ways to reach customers. The CIO wants to find ways to utilize new technology while keeping the company—and its customers—safe.