INFOSECURITY NEWSLETTER

May 30, 2018

[Webinar] Forecasting the Future of Managed Security: Why You Need a Modern MSSP

View our webinar on June 6 to learn why the traditional MSSP model isn’t working, why the modern MSSP is a better solution for today’s threats, and the steps you can take to hire or replace an MSSP.

View it On-Demand

3 Business Departments Your Cyber Security Team Should Engage Now to Improve Information Security

Stephanie Ewing, deltarisk.com, May 17, 2018

Oftentimes, I find cyber security teams still operating in some dark back office, interacting with their non-technical colleagues as little as possible, and wondering why people just don’t get it when it comes to security. As security professionals, we frequently talk about the concept of “people, process, and tools,” but there may be a few opportunities when it comes to the people area in particular that we haven’t fully explored for whatever reason.

Read More


How to Make CISOs Comfortable with Cloud Security

Alison DeNisco Rayome, techrepublic.com, May 7, 2018

Virtually all organizations are moving some workflows and assets to the cloud. But concerns over security controls and a talent shortage has many CISOs worried, with 40% of companies slowing migration due to these issues, according to a recent report. While 83% of IT professionals said they store sensitive data in the public cloud, only 69% said they trust the public cloud to keep their data secure, the report found. Cloud security issues are rampant: One in four organizations that use Infrastructure as a Service (IaaS) or Software as a Service (SaaS) have had their data stolen, according to the report. Meanwhile, one in five said they have experienced an advanced attack against their public cloud infrastructure.

Read More

Skills Shortage a Major Cyber Security Risk

Warwick Ashford, computerweekly.com, May 23, 2018

The proportion of information security professionals who feel organisations are getting worse at defending against major cyber security breaches has leapt from 9% to 18% in the past three years, a survey has revealed. However, in contrast, the number of businesses that feel better prepared to respond to and deal with incidents rose from 47% to 66% over the same period, according to the latest industry survey by not-for-profit industry body, the Institute of Information Security Professionals (IISP).

Read More


The Growing Threat Of Phishing Attacks Outside Of Email

Atif Mushtaq, informationsecuritybuzz.com, May 29, 2018

Social engineering attacks are usually associated with deceptive phishing emails in which the victim is tempted to click on a malicious link or open a malicious attachment to help an attacker penetrate network systems. Yet most people are less aware of the large and growing variety of sophisticated phishing attacks that tempt employees outside of email. These phishing attacks are growing in their effectiveness and are carried out via browser pop-ups, ads, malicious search results, browser extensions, chat applications, social media, web “freeware” and deceptive apps in App Stores.

Read More

Reviewing Cloud Data Protection Measures: CCSP Domain 2

Tech Target Staff, searchcloudsecurity.techtargetcom, May 29, 2018

As cyberattacks continue to increase in their complexity and ferocity, it’s safe to say that there is no such thing as being over-prepared when it comes to preventing attacks and implementing data protection measures in the cloud. That’s the bad. The good news, however, is that information security professionals have a litany of tools at their disposal to thwart would-be attackers in public, private and hybrid cloud environments. But do you know which data protection measures are best suited for various cloud services and architectures?

Read More

Another Amazon AWS S3 Cloud Data Leak: User Error Strikes Again

Joe Panettieri, msspalert.com, May 22, 2018

A non-profit organization in Los Angeles County misconfigured an Amazon Web Services (AWS) S3 cloud bucket — leaving 3 million records and highly sensitive health information exposed, according to the UpGuard Cyber Risk Team. The UpGuard Cyber Risk team discovered the exposed AWS bucket on March 14, and then reached out to various contacts at the LA County 211 service. The security reacher finally connected with the appropriate contact on April 24. The misconfigured bucket was corrected within 24 hours of that communication, UpGuard says.

Read More

Mining Malware Continues To Dominate Cybersecurity Threats By Seeking Out New Vulnerabilities

Simon Chandler, cointelegraph.com, May 25, 2018

Mining malware may now be painfully familiar to anyone with even a passing awareness of cryptocurrency, but so far businesses and consumers alike are failing to significantly curb its growing threat. On May 14, Israeli cybersecurity firm Check Point released its latest Global Threat Index, and for the fifth consecutive month it found that the Coinhive crypto-miner is the “most prevalent malware” in the world, affecting 16 percent of organizations globally. Meanwhile, Santa Clara-based Malwarebytes released its Cybercrime tactics and techniques: Q1 2018 report on April 9, finding that businesses had seen a 27 percent increase in mining malware in the first three months of the year compared to the previous three.

Read More


45,000 Patient Records Exposed in Nuance Healthcare Data Breach

Fred Donovan, healthitsecurity.com, May 17, 2018

Nuance, a Burlington, Mass.-based provider of speech recognition software, said in a May 10 SEC filing that a healthcare data breach occurred when an unauthorized third party gained access to 45,000 patient records hosted on one of its medical transcription platforms. The company said it discovered the breach in December 2017. It notified those affected and migrated them to its eScription transcription platforms. Nuance also notified law enforcement, who identified the third party and recovered the records.

Read More

Surviving a Ransomware Attack

Tamlin Magee, cio.com, May 23, 2018

The FBI recently noted a decline in ransomware attacks reported to the agency in 2017, at 1,783 compared to 2,673 the previous year. But don’t necessarily read this as good news. The reality is ransomware, like many other cyber-attack types, goes largely under-reported. A Verizon report, based on its analysis of tens of thousands of real-world security incidents, found that ransomware incidents have doubled over the past year.

Read More

Sign Up for Our Newsletter

financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points