INFOSECURITY NEWSLETTER

December 6, 2017

[Webinar] Flying Blind: 2017 Cloud Configurations Gone Wrong

In this webinar, we’ll take a look at 2017 cloud data breaches: what went wrong and how to avoid the same fate. What are some of the telltale signs a misconfiguration is going to put your critical assets at risk? How can you avoid a misconfiguration in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

Save Your Seat

The Skills and Qualifications Every Successful Penetration Tester Must Have

Noah Powers, deltarisk.com, December 1, 2017

Any time I’m asked to speak about my experience in the cyber security field, whether I’m at a trade show or speaking to candidates interested in breaking into the industry, I invariably get the question about what it takes to be a pen tester. In this blog, I’ll touch on some of the most important qualities our pen testers have and some of the skills we look for in applicants for our pen testing positions.

Read More


Phishing Emails Have Spiked This Year, Outgrowing Malware

Computing Staff, computing.com, December 6, 2017

Mimecast’s Email Security Risk Assessment testing programme has highlighted a huge rise in the number of payload-less impersonation attacks, which email security solutions struggle to stop. While malware and ransomware are often listed as businesses’ main concerns for email security, Mimecast found that impersonation attacks – where an attacker imitates someone else in the organisation, usually to facilitate a money transfer or steal credentials – were missed seven times more often than email-borne malware.

Read More

Industrial Firms Fail to Adopt Basic Security Measures Against Hackers

Charlie Osborne, zdnet.com, December 6, 2017

Despite constant data breaches, compromises, and the expensive damage control which follows, the majority of industrial enterprises are failing to protect their businesses according to a new survey.

Read More

CFOs Don’t Worry Enough About Cyber Risk

Steve Vintz, hbr.org, December 6, 2017

Every executive team and board of directors is asking themselves the same question in regard to their cyber risk right now: what can we do differently to avoid being the next Equifax, Yahoo! or Target, and protect our shareholder value? The answer involves radically reframing one of the mainstays of the C-suite — the role of the CFO.

Read More

Hackers are Exploiting Microsoft Word Vulnerability to Take Control of PCs

Danny Palmer, zdnet.com, November 28, 2017

Hackers are using a recently disclosed Microsoft Office vulnerability to distribute backdoor malware capable of controlling an infected system, providing attackers with the ability to extract files, execute commands and more.Cobalt malware has such potent capabilities because it uses a well known and legitimate penetration testing tool, Cobalt Strike — a form of software for Adversary Simulations and Red Team Operations, which can be used to access covert channels in a system.

Read More

Are Your Connected Devices Searchable on the Internet?

Help Net Security Staff, helpnetsecurity.com, November 29, 2017

Despite being a hub for technology talent, Berliners are leaving themselves wide open to cyberattack through poor security practices that are exposing millions of cyber assets. The data, based on analysis of devices and systems discoverable through Shodan, the search engine for connected devices, found over 2.8 million exposed cyber assets in Berlin, and 2.5 million in London across firewalls, webcams, routers and storage devices.

Read More

Five Key Trends to Watch in 2018 as Cybercriminals Continue to Innovate

Help Net Security Staff, helpnetsecurity.com, December 4, 2017

The McAfee Labs 2018 Threats Predictions Report identifies five key trends to watch in 2018. This year’s report focuses on the evolution of ransomware from traditional to new applications, the cybersecurity implications of serverless apps, the consumer privacy implications of corporations monitoring consumers in their own homes, long-term implications of corporations gathering children’s user-generated content, and the emergence of a machine learning innovation race between defenders and adversaries.

Read More

The Best Kept Secret in Cybersecurity is Protecting U.S. Banks Against Catastrophic

Steve Morgan, csoonline.com, December 5, 2017

More than 100 industry experts from the U.S. banking and financial services industry quietly collaborated on a groundbreaking cyber resilience initiative dubbed Sheltered Harbor earlier this year.
The initiative provides its members with an extra layer of security. If a catastrophic cyber attack brings down a member bank, then another bank takes over.

Read More

Future-Proofing Security: Protecting Against the New Arsenal of Weaponized Malware

Jessica Davis, healthcareitnews.com, December 6, 2017

Hospital information security teams and IT shops are in a precarious spot: They have to not only protect information cybercriminals increasingly see as more valuable than other types but they also have to safeguard against the next big threat when it’s impossible to know what it will be or when it might strike. New types of attacks and security incidents are emerging just about every month, too. It’s not merely WannaCry and the Petya-NotPetya debacles either.

Read More
financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points