INFOSECURITY NEWSLETTER

April 12, 2017

10 Steps for Establishing an Effective Insider Threat Program

Noah Powers, Delta-risk.net, April 6, 2017

Insider threats continue to be a concern for organizations. New research conducted by Crowd Research Partners, in coordination with the LinkedIn Information Security Group, reveals that 74 percent of organizations feel vulnerable to insider threats, while 54 percent of security professionals say insider threats are more common overall.

Read More

As Cities Get Smarter, Hackers Become More Dangerous: This Could Stop Them

Saheli Rouh Choudhury, Cnbc.com, April 9, 2017

As governments create smarter cities, they need cybersecurity measures built from the ground up — or they risk costly data breaches which could compromise the privacy of their citizens. In 2016 alone, cyber-crime cost the global economy more than $450 billion and over two billion personal records were stolen, according to the chief executive of specialist insurer Hiscox.

Read More

This Ransomware Doesn’t Want Cash, It Just Wants You to Play a Japanese Video Game

Joseph Cox, Motherboard.vice.com, April 7, 2017

Do you want to play a game? That’s the question posed by a novel piece of ransomware that challenges victims to achieve a high score in a video game instead of demanding cash to unlock files. Yeah. “Minamitsu ‘The Captain’ Murasa encrypted your precious data like documents, music [sic], pictures, and some kinda project files,” a pop-up from the malware, called Resenware, reads.

Read More

Scotttrade Data Breach Exposes 20,000 Customer Records

Steve Ragan, CSOonline.com, April 5, 2017

Scottrade Bank, a subsidiary of Scottrade Financial Services, Inc., recently secured a MSSQL database containing sensitive information on at least 20,000 customers that was inadvertently left exposed to the public. The database was discovered by MacKeeper researcher Chris Vickery on March 31, when he was searching for random phrases on the domain s3.amazonaws.com.

Read More

Researcher Warns SIEMs are Weak Link in Network Security Chain

Tom Spring, Threatpost.com, April 7, 2017

Security information and event management (SIEM) solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets. The warning comes from security expert John Grigg, lead cyber strategist with Meta Studios. In a talk at the Infiltrate Conference, he concluded, after a review of deployments, that many top SIEM vendor solutions are insecure.

Read More

Teaching Hospitals at Greater Data Breach Risk

Dark Reading Staff, Darkreading.com, April 6, 2017

A research on data breaches at hospitals has revealed that those with major teaching facilities and more beds were at greater breach risk, says a Johns Hopkins University report. Conducted by Ge Bai of John Hopkins Carey Business School, the study examined federal Department of Health and Human Services’ data breach statistics of health facilities between 2009 and 2016.

Read More

New Malware Intentionally Blocks IoT Devices

Catalin Cimpanu, Bleepingcomputer.com, April 6, 2017

A new malware strain called BrickerBot is bricking Internet of Things (IoT) devices around the world by corrupting their storage capability and reconfiguring kernel parameters. Detected via honeypot servers maintained by cyber-security firm Radware, the first attacks started on March 20 and continued ever since, targeting only Linux BusyBox-based IoT devices.

Read More


Study Addresses Federal Cybersecurity Workforce Challenges

Elizabeth Snell, Healthitsecurity.com, April 5, 2017

Promoting a cyber and science, technology, engineering and mathematics (STEM) education, as well as creating cybersecurity scholarships are two key ways federal cybersecurity workforce challenges can be addressed, according to a recent Government Accountability Office (GAO) report. Cybersecurity skills gaps, being able to recruit and retain qualified staff, and the federal hiring process itself are top challenges for agencies working to ensure they have a strong cybersecurity workforce, GAO explained.

Read More

Amazon Breach Shows Need for Stronger Third-Party Cybersecurity

Robert Abel, Scmagazine.com, April 10, 2017

Hackers breached the Amazon accounts of several third party vendors using stolen credentials obtained through the dark web to post fake deals and steal cash. The threat actors have reportedly changed the bank deposit information on the compromised accounts to steal tens of thousands of dollars from the users, several sellers and advertisers have said.

Read More
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th