INFOSECURITY NEWSLETTER

April 19, 2017

Nintendo Hackers Told Us $20,000 Bug Bounties Aren’t Going to Stop Piracy

Kevin Wong, Motherboard.vice.com, April 13, 2017

This month, Nintendo expanded its bug bounty program to include the Nintendo Switch. The program, launched in December, previously only addressed 3DS vulnerabilities. Organized through third-party vulnerability coordination and bug bounty platform Hacker One, Nintendo’s bug bounty program is straightforward: Hackers who report vulnerability information about Nintendo’s hardware systems will be paid—anywhere from $100 to $20K—depending on the severity of the exploit.

Read More

Simple Workplace Mistakes You Make That Help Social Engineers

Matthew Kuznia, Delta-risk.net, April 14, 2017

It’s no secret that people are often the weakest link in the cyber security chain. More than 50 percent of security breaches are due to human error. But is it as simple as pointing to gross carelessness or negligence for these mistakes? Oftentimes basic human nature can be exploited by social engineers who are skilled and opportunistic. If social engineers can find a weak spot in your company’s staff, that’s where they’ll aim first.

Read More

Google Making Life Difficult for Ransomware to Thrive on Android

Michael Mimoso, Threatpost.com, April 14, 2017

Google has never been shy about sharing security enhancements and victories in Android. The mobile operating system is tweaked at every iteration to fend off threats posed by potentially harmful apps and attacks against devices. At the recent Kaspersky Lab Security Analyst Summit, Google threw back on the curtain on how it has curtailed ransomware on Android with a mix of deprecated APIs and rollbacks of certain functionality that had outlived its usefulness to users yet still drew the attention of attackers.

Read More

[Opinion] Cyber Security Workforce Challenges Require Broader Collaboration

Cory Missimore, Information-management.com, April 18, 2017

Report after report highlight that there is a gap between the number of skilled cyber security professionals in the workforce and the number of job vacancies. What is needed to begin to bridge that gap is an increased focus combining education and experience with both federal and private sector job markets. While this has been a difficult combination to obtain in the past, more and more countries are seeing the need for and instituting programs to fill the gap and stack their bench.

Read More

Stories From Two Years in an IoT Honeypot

Chris Brook, Threatpost.com, April 14, 2017

Curious just how susceptible some of the more vulnerable IoT devices are, a researcher set up a series of honeypots at his friends’ houses to record traffic, exploit attempts and other statistics. Dan Demeter, a junior security researcher with Kaspersky Lab’s Global Research and Analysis Team (GRAT), reviewed two years of honeypot history in a talk at the company’s Security Analyst Summit last Tuesday.

Read More

95% of Organizations Have Employees Seeking to Bypass Security Controls

Jai Vijayan, Darkreading.com, April 13, 2017

The insider threat issue is well-understood and something that countless surveys have shown poses almost as big a risk to enterprise data security as external attackers. A report from Dtex this week offers a slightly different look at the problem by highlighting some of the clues that organizations should be looking for to detect and stop insiders engaged in malicious or negligent behaviors.

Read More

Evolution of Security Operations From Reactionary Survival Mode to Forced Sophistication

Zeljka Zorz, Helpnetsecurity.com, April 13, 2017

The most security-sensitive companies approach their job and their day with the default assumption that they have been hacked, and they set out to prove that important components of their environment are safe. Less security-sensitive companies approach each day with the assumption that they are clean, and start looking for breaches. Or, at least, that’s Paul Farrell’s experiences have taught him.

Read More


The Importance of Creating a Cyber Security Culture

Nick Ismail, Information-age.com, April 18, 2017

A poor company culture with respect to employee mobility can open the floodgates to security vulnerabilities. Organisations that fail to adjust to modern workplace needs, such as employees using their own devices at work, are far more likely to experience data breaches. Employees today will work with whatever tools are at their disposal to make life easier, including unmanaged devices.

Read More

Reservists and the National Guard Offer Untapped Resources for Cybersecurity

Brian Wisniewski, Techcrunch.com, April 18, 2017

Cyber threats have metastasized worldwide. In the U.S., they have presented as security issues for critical infrastructure , such as industrial sites, and cast doubt on the integrity of crucial information technology systems used for elections –including many vulnerable voting machines themselves that are employed and managed at the state level.

Read More
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th