INFOSECURITY NEWSLETTER

February 13, 2017

Hackers Attack Every 39 Seconds

Securitymagazine.com, February 10, 2017

A Clark School study at the University of Maryland is one of the first to quantify the near-constant rate of hacker attacks of computers with Internet access—every 39 seconds on average—and the non-secure usernames and passwords we use that give attackers more chance of success.

Read More

Protecting Your Data Security Blindspot

Globalbankingandfinance.com, February 9, 2017

Security breaches will be top of mind for all business professionals in 2017 and especially for those in financial services where the ramifications of a breach can cost an organisation millions of pounds. However, contrary to what the flurry of news over cyber-attacks would have you believe, the majority of these breaches were not caused by hackers, but by lost or stolen laptops and mobile phones. While hacking accounted for 1 in 5 of all breaches, lost or stolen laptops were responsible for more than a quarter.

Read More

5 External Cyber Penetration Testing Lessons Learned From 2016 Security Assessments

Paul Brandau, Delta-risk.net, February 8, 2017

Every year, Delta Risk conducts hundreds of cyber security assessments, including penetration testing, for a wide range of commercial and public sector clients. Many of these organizations share similar weaknesses in their people, processes, and technology. But each assessment also presents new technical challenges for us to solve. In this five-part blog series, we’ll discuss our findings from external pen tests, also known as ethical hacking, against enterprise customers who have already implemented standard security best practices such as two-factor authentication (smart cards), identity access management controls, restricted administrative privileges, and spam filtering.

Read More

Recent WordPress Vulnerability Used to Deface 1.5 Million Pages

Lucian Constantin, Csoonline.com, February 10, 2017

Up to 20 attackers or groups of attackers are defacing WordPress websites that haven’t yet applied a recent patch for a critical vulnerability.
The vulnerability, located in the platform’s REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability’s existence until a week later, to allow enough time for a large number of users to deploy the update.

Read More

Cyber Risks Threaten Physical Security, Industrial Controls

Kevin Ingram, Cfo.com, February 9, 2017

Cyber crime groups are increasingly operating like traditional businesses.
Will this new professionalism lead to more attacks on companies?
“What are we doing to protect ourselves from cyberattacks?”
It’s a question every CFO eventually asks their team. Although the question suggests IT-specific concerns like malware, firewalls, and virus scans, CFOs need to pause and broaden their perspective, examine cyber-related business risk in the areas of physical security and in industrial controls as well.

Read More

Experts Worry That Ransomware Could Hit Critical Infrastructure

Michael Kan, Computerworld.com, February 13, 2017

Expect ransomware to grow more aggressive in the coming years, including higher ransom payments and attempts to go beyond attacking data — by shutting down entire computer systems to utilities or factories.

Read More

Is Bank Malware Campaign Linked to North Korea?

Jeremy Kirk, Bankinfosecurity.com, February 13, 2017

A cyberattack first discovered in Poland is unfurling a bundle of technical clues that point to a larger global campaign against financial institutions, possibly executed by the Lazarus hacking group, which apparently was involved in the breach of Sony Pictures Entertainment and the theft of $81 million from Bangladesh Bank

Read More


‘Fileless Malware’ Attacks, Used on Banks, Have Been Around for Years

Matt Hamblen, Computerworld.com, February 9, 2017

Fileless malware attacks, which were recently discovered in the networks of at least 140 banks, telecoms and governments, account for about 15% of known attacks today and have been around for years in different forms.

Read More

19 Laptops Containing Customer Information Have Been Stolen From Fintech Company GoCardless

Oscar Williams-Grut, Businessinsider.com, February 8, 2017

Fintech business GoCardless is offering some customers free credit monitoring for a year after admitting 19 laptops containing personal information were stolen from its offices.

Read More

New York’s New Cybersecurity Rule for Financial Institutions & How It May Affect You

Behnam Dayanim and Quinn Dang, Paulhastings.com, February 07, 2017

New York’s top banking regulator, the New York Department of Financial Services (“NYDFS”), recently issued a revised rule, effective March 1, 2017, that requires banks, insurance companies and other financial institutions regulated by NYDFS to establish and maintain a comprehensive cybersecurity program to respond to the growing threat of cyber-attacks.

Read More
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th