May 31, 2017
Liz Maida, Helpsecurity.com, May 30, 2017
Security analysts within enterprises are living a nightmare that never ends. 24 hours a day, their organizations are being attacked by outside (and sometimes inside) perpetrators – hackers, hacktivists, competitors, disgruntled employees, etc. Attacks range in scope and sophistication, but are always there, haunting the security teams tasked with guarding against them.
Noah Powers, Deltarisk.com, May 24, 2017
Imagine the following scenario: you work with a colleague who everyone sees as a problem. This individual complains about the direction of the company, unfair treatment, and even vocalizes personal financial struggles. People have come to expect this kind of negative behavior from him. One day, though, you overhear this disruptive co-worker say something out of the ordinary, even for him. He’s discussing ways to copy and sell intellectual property to a competitor for a little extra money.
Courtney Linder, Post-gazette.com, May 25, 2017
Ten minutes, one hour, four hours, click. Postpone that annoying Windows update. Avoiding that dreaded dialogue box that pops up on the screen twice a day is a no-brainer for many American employees who don’t want to restart their computers and install a software patch. But in terms of cybersecurity , what seems like an immaterial decision can quickly become a pipeline for hackers and a major expense for companies.
Elle Armageddon, Motherboard.vice.com, May 25, 2017
We live in a Golden Age of technology, where apps have been developed to make almost everything convenient: from logistics for a night of Netflix and chill to complete access to someone else’s device. We are living in a time when nearly anything can be delivered to us on demand, whether it’s date night or domestic violence, everything is easier with a little help from modern technology. According to The Guardian, approximately 760 people—more than two per day—are killed by their partners in the US each year.
Catalin Cimpanu, Bleedingcomputer.com, May 23, 2017
A vulnerability in how video players load and parse subtitle files allows an attacker to execute code on a target’s PC and effectively take over the device. This vulnerability came to light today after security researchers from Israeli cyber-security firm Check Point published partial findings. Researchers say that an attacker can craft malicious subtitle files that when loaded inside one of the many vulnerable media players, it executes code on the user’s device.
Health IT Security Staff, Healthitsecurity.com, May 24, 2017
St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement. Formerly Spencer Cox Center for Health (the Spencer Cox Center), New York-based St. Luke’s specializes in services for individuals living with HIV or AIDS and other chronic diseases. OCR received a complaint in September 2014 that there had been a PHI data breach when St. Luke’s faxed an individual’s information to his employer.
Warwick Ashford, Computerweekly.com, May 26, 2017
People are often seen as the weakest link when it comes to cyber security, but that must change, says the National Cyber Security Centre. Information security has traditionally been led by technology and, as a result, the role and value of people has been overlooked. That is the view of Emma W, people-centred security team lead at the UK’s National Cyber Security Centre (NCSC).
Jennifer Leggio, Zdnet.com, May 30, 2017
SANS Institute has released its 2017 Security Awareness Report, a community-driven study with more than 1,000 security awareness professionals across 58 contributing countries. Security awareness itself has become an increasingly relevant topic for both emerging and mature organizations, given that having a truly skilled professional in the role has become a “must have” versus optional.
Kelly Sheridan, Darkreading.com, May 26, 2017
Malvertising has fallen off the radar over the last year or so, says Jerome Segura, lead malware intelligence analyst at Malwarebytes. It still remains a threat, but for a new pool of targets. Attackers previously targeted high-profile media sites with malware but learned those attacks generated a lot of attention, he explains. Now they’ve begun turning to smaller brand names with a lot of traffic but less visibility: foreign websites and file-sharing sites, for example.