INFOSECURITY NEWSLETTER

November 15, 2017

[Webinar] Flying Blind: 2017 Cloud Configurations Gone Wrong

In this webinar, we’ll take a look at 2017 cloud data breaches: what went wrong and how to avoid the same fate. What are some of the telltale signs a misconfiguration is going to put your critical assets at risk? How can you avoid a misconfiguration in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.

Save Your Seat

How to Get the Most Out of Data Loss Prevention Technology to Improve Insider Threat Detection

Noah Powers, deltarisk.com, November 10, 2017

Yesterday, I attended our webinar, “How to Unlock the Full Potential of Insider Threat Tools,” and it got me thinking about the relationship between technology and past successes of insider threats. Rich Burke, Vice President of Public Sector, made a critical point during the webinar that failure to detect insiders isn’t exclusively a technology issue. There are plenty of good technologies out there, but it really takes people and processes to make them even more effective.

Read More


Data Exfiltration Tool PTP-RAT Encodes Data in Pixel Colour Values

Zeljka Zorz , helpnetsecurity.com, November 10, 2017

How to exfiltrate data from a machine that doesn’t have file transfer capabilities or whose Remote Desktop Protocol (RDP) connection has been locked down, making it impossible to send files? PTP-RAT is a proof-of-concept tool for exfiltrating data over screen interfaces, and it does so by encoding the data meant for exfiltration in pixel color values and flashing the remote screen.

Read More

HHS Cybersecurity Initiative Paralyzed by Ethics, Contracting Investigation

Darius Tahir, politico.com, November 13, 2017

A fledgling HHS initiative to protect the nation’s health care system from cyberattack has been paralyzed by the removal of its two top officials amid allegations of favors and ethical improprieties. The executive running the Health Cybersecurity and Communications Integration Center was put on administrative leave in September, while his deputy left the government.

Read More

[Opinion] Why Cybersecurity Workers Are Some of the Hardest to Retain

Andrea Little Limbago, venturebeat.com, November 11, 2017

Cybersecurity workers are in high demand, and the security industry may face a shortage of close to two million qualified personnel by 2022. That’s concerning giving the increasing number of cyber attacks we’re witnessing. But what’s more concerning is that, according to recent research I conducted, the problem is not only attracting talent to cybersecurity, it’s retaining that talent.

Read More

2 Million Tarte Cosmetics Users Exposed in Latest Misconfig

Tara Seals, infosecurity-magazine.com, November 6, 2017

Popular cruelty-free brand Tarte Cosmetics, found online and at major retailers like Sephora and Ulta, has become the latest company to misconfigure a database (actually two), exposing personal information for nearly two million customers to ransom specialists CRU3LTY. The CRU3LTY cyber-criminal group specializes in finding unsecured databases, lifting info, wiping files then demanding a ransom for the data’s return.

Read More

Defining a New Model for Cyber-Security Trust with Blockchain

Sean Michael Kerner, eweek.com, November 15, 2017

In the modern world, what has become increasingly obvious to MIT (Massachusetts Institute of Technology) futurist David Shrier is that no one is safe and that it’s time for a new model for security and data privacy. In a keynote address at the SecTor security conference here, Shrier outlined efforts underway by the MIT Trust::Data Consortium which he helps to lead, to build new systems that redefine how data is shared and secured.

Read More

US Rules on Reporting Cybersecurity Flaws Set to Change According to Source

Shane Curtis, welivesecurity.com, November 15, 2017

Just after 9AM Washington, D.C. time the US government published three documents that describe its Vulnerabilities Equities Policy (VEP) and the process by which decisions about vulnerability disclosure are made. This followed our earlier reporting that the Trump administration was set to release its rules for determining whether to disclose the cyber vulnerabilities that government agencies find, according to a national security official in the US who spoke to the Reuters news agency.

Read More

7 Tips and Tools to Protect University Campuses from Cyber Attacks

James Tagliareni, k12cioreview.com, November 14, 2017

If you are like me, data security is a top priority. A recent report by the Identity Theft Resource Center shows that data breaches in the United States are occurring at a record pace this year, and that hacking, from phishing attacks, ransomware and malware, has caused nearly two-thirds of the breaches.

Read More

This Year’s Most Hackable Holiday Gifts

Help Net Security Staff, helpnetsecurity.com, November 14, 2017

McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular gifts this holiday season. In addition, McAfee conducted a survey to identify the habits and behaviors of consumers as they get ready for the holiday shopping season. Most consumers agree that security is a necessity for laptops, tablets, and smartphones (69%). However, only 22 percent believe connected toys require security, 29 percent believe drones should be protected, and 56 percent think that digital assistants need to be secured.

Read More
financial newsletterhealthcare newsletter
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th


top cyber incident pain points