April 5, 2017
Charlie Mitchell, Washingtonexaminer.com, April 3, 2017
The Federal Communications Commission’s role as a driver of national cybersecurity policy, promoted by former Chairman Thomas Wheeler, was effectively scrapped last week when Congress passed a measure killing the commission’s 2016 cybersecurity and privacy rules.
Paul Brandau, Delta-risk.net, March 31, 2017
For the final blog post in our series on lessons learned from 2016 security assessments, we’ll discuss a high-risk issue our penetration testers and consultants often come across: filtering malicious emails.
Jai Vijayan, Darkreading.com, March 29, 2017
More than half of security pros say insider threat incidents have become more frequent in the past 12 months.Despite continued spending on security measures for controlling and monitoring access to sensitive data, more organizations than ever feel vulnerable to breaches caused by insiders with legitimate access to enterprise systems.
Bill Brenner, Nakedsecurity.sophos.com, March 30, 2017
The modus operandi for phishing attacks is straightforward: thieves spam out legitimate-looking messages with malicious links that, when clicked, dupe the victim into giving up passwords, credit card numbers and the like.
Billy Mitchell, Fedscoop.com, March 27, 2017
Identity thieves may have used the IRS’s data retrieval tool to obtain taxpayers’ sensitive information connected to the Education Department’s federal student aid application. The IRS is investigating how many people may have been affected by “questionable use” of the data retrieval tool, according to a joint announcement Thursday from the IRS and Education Department.
Graham Cluley, Welivesecurity.com, March 30, 2017
Be on your guard if you’re a developer who uses GitHub – someone could be trying to infect your computer with malware. Reports have emerged that malicious hackers are attempting to infect open source programmers’ computers with a Trojan horse, by launching a targeted malware campaign via email against GitHub developers.
Danny Palmer, Zdnet.com, March 27, 2017
One of the most common forms of ransomware is evolving a new technique in order to become even more effective and harder to detect: the ability to evade detection by cybersecurity tools which use machine learning to identify threats.
Guy Claperton, Nakedsecurity.sophos.com, March 31, 2017
So, we started with a report on “legacy” COBOL systems still being in use and a report suggesting this represented a security risk, since the writers of those systems have retired and are dying off. We wanted a quick sanity check and found ourselves pinned to a wall of naivete pretty quickly. One technology journalist we spoke to, for example, reckoned there might be a few machines out there running Windows XP but only a handful, and nothing older.
Clinton Boulton, Cio.com, April 4, 2017
Ask CIOs and CISOs what cybersecurity fears keep them up at night and you’ll hear a range of responses — from social engineering hacks such as phishing, as well as malware that enables perpetrators to hijack users’ websites — the dreaded ransomware — and denial-of-service attacks. Depending on their business you might hear them say “all of the above.”