April 19, 2017
Kevin Wong, Motherboard.vice.com, April 13, 2017
This month, Nintendo expanded its bug bounty program to include the Nintendo Switch. The program, launched in December, previously only addressed 3DS vulnerabilities. Organized through third-party vulnerability coordination and bug bounty platform Hacker One, Nintendo’s bug bounty program is straightforward: Hackers who report vulnerability information about Nintendo’s hardware systems will be paid—anywhere from $100 to $20K—depending on the severity of the exploit.
Matthew Kuznia, Delta-risk.net, April 14, 2017
It’s no secret that people are often the weakest link in the cyber security chain. More than 50 percent of security breaches are due to human error. But is it as simple as pointing to gross carelessness or negligence for these mistakes? Oftentimes basic human nature can be exploited by social engineers who are skilled and opportunistic. If social engineers can find a weak spot in your company’s staff, that’s where they’ll aim first.
Michael Mimoso, Threatpost.com, April 14, 2017
Google has never been shy about sharing security enhancements and victories in Android. The mobile operating system is tweaked at every iteration to fend off threats posed by potentially harmful apps and attacks against devices. At the recent Kaspersky Lab Security Analyst Summit, Google threw back on the curtain on how it has curtailed ransomware on Android with a mix of deprecated APIs and rollbacks of certain functionality that had outlived its usefulness to users yet still drew the attention of attackers.
Cory Missimore, Information-management.com, April 18, 2017
Report after report highlight that there is a gap between the number of skilled cyber security professionals in the workforce and the number of job vacancies. What is needed to begin to bridge that gap is an increased focus combining education and experience with both federal and private sector job markets. While this has been a difficult combination to obtain in the past, more and more countries are seeing the need for and instituting programs to fill the gap and stack their bench.
Chris Brook, Threatpost.com, April 14, 2017
Curious just how susceptible some of the more vulnerable IoT devices are, a researcher set up a series of honeypots at his friends’ houses to record traffic, exploit attempts and other statistics. Dan Demeter, a junior security researcher with Kaspersky Lab’s Global Research and Analysis Team (GRAT), reviewed two years of honeypot history in a talk at the company’s Security Analyst Summit last Tuesday.
Jai Vijayan, Darkreading.com, April 13, 2017
The insider threat issue is well-understood and something that countless surveys have shown poses almost as big a risk to enterprise data security as external attackers. A report from Dtex this week offers a slightly different look at the problem by highlighting some of the clues that organizations should be looking for to detect and stop insiders engaged in malicious or negligent behaviors.
Zeljka Zorz, Helpnetsecurity.com, April 13, 2017
The most security-sensitive companies approach their job and their day with the default assumption that they have been hacked, and they set out to prove that important components of their environment are safe. Less security-sensitive companies approach each day with the assumption that they are clean, and start looking for breaches. Or, at least, that’s Paul Farrell’s experiences have taught him.
Nick Ismail, Information-age.com, April 18, 2017
A poor company culture with respect to employee mobility can open the floodgates to security vulnerabilities. Organisations that fail to adjust to modern workplace needs, such as employees using their own devices at work, are far more likely to experience data breaches. Employees today will work with whatever tools are at their disposal to make life easier, including unmanaged devices.
Brian Wisniewski, Techcrunch.com, April 18, 2017
Cyber threats have metastasized worldwide. In the U.S., they have presented as security issues for critical infrastructure , such as industrial sites, and cast doubt on the integrity of crucial information technology systems used for elections –including many vulnerable voting machines themselves that are employed and managed at the state level.