November 15, 2017
In this webinar, we’ll take a look at 2017 cloud data breaches: what went wrong and how to avoid the same fate. What are some of the telltale signs a misconfiguration is going to put your critical assets at risk? How can you avoid a misconfiguration in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Noah Powers, deltarisk.com, November 10, 2017
Yesterday, I attended our webinar, “How to Unlock the Full Potential of Insider Threat Tools,” and it got me thinking about the relationship between technology and past successes of insider threats. Rich Burke, Vice President of Public Sector, made a critical point during the webinar that failure to detect insiders isn’t exclusively a technology issue. There are plenty of good technologies out there, but it really takes people and processes to make them even more effective.
Zeljka Zorz , helpnetsecurity.com, November 10, 2017
How to exfiltrate data from a machine that doesn’t have file transfer capabilities or whose Remote Desktop Protocol (RDP) connection has been locked down, making it impossible to send files? PTP-RAT is a proof-of-concept tool for exfiltrating data over screen interfaces, and it does so by encoding the data meant for exfiltration in pixel color values and flashing the remote screen.
Darius Tahir, politico.com, November 13, 2017
A fledgling HHS initiative to protect the nation’s health care system from cyberattack has been paralyzed by the removal of its two top officials amid allegations of favors and ethical improprieties. The executive running the Health Cybersecurity and Communications Integration Center was put on administrative leave in September, while his deputy left the government.
Andrea Little Limbago, venturebeat.com, November 11, 2017
Cybersecurity workers are in high demand, and the security industry may face a shortage of close to two million qualified personnel by 2022. That’s concerning giving the increasing number of cyber attacks we’re witnessing. But what’s more concerning is that, according to recent research I conducted, the problem is not only attracting talent to cybersecurity, it’s retaining that talent.
Tara Seals, infosecurity-magazine.com, November 6, 2017
Popular cruelty-free brand Tarte Cosmetics, found online and at major retailers like Sephora and Ulta, has become the latest company to misconfigure a database (actually two), exposing personal information for nearly two million customers to ransom specialists CRU3LTY. The CRU3LTY cyber-criminal group specializes in finding unsecured databases, lifting info, wiping files then demanding a ransom for the data’s return.
Sean Michael Kerner, eweek.com, November 15, 2017
In the modern world, what has become increasingly obvious to MIT (Massachusetts Institute of Technology) futurist David Shrier is that no one is safe and that it’s time for a new model for security and data privacy. In a keynote address at the SecTor security conference here, Shrier outlined efforts underway by the MIT Trust::Data Consortium which he helps to lead, to build new systems that redefine how data is shared and secured.
Shane Curtis, welivesecurity.com, November 15, 2017
Just after 9AM Washington, D.C. time the US government published three documents that describe its Vulnerabilities Equities Policy (VEP) and the process by which decisions about vulnerability disclosure are made. This followed our earlier reporting that the Trump administration was set to release its rules for determining whether to disclose the cyber vulnerabilities that government agencies find, according to a national security official in the US who spoke to the Reuters news agency.
James Tagliareni, k12cioreview.com, November 14, 2017
If you are like me, data security is a top priority. A recent report by the Identity Theft Resource Center shows that data breaches in the United States are occurring at a record pace this year, and that hacking, from phishing attacks, ransomware and malware, has caused nearly two-thirds of the breaches.
Help Net Security Staff, helpnetsecurity.com, November 14, 2017
McAfee announced its third annual Most Hackable Holiday Gifts list to help consumers identify potential security risks associated with popular gifts this holiday season. In addition, McAfee conducted a survey to identify the habits and behaviors of consumers as they get ready for the holiday shopping season. Most consumers agree that security is a necessity for laptops, tablets, and smartphones (69%). However, only 22 percent believe connected toys require security, 29 percent believe drones should be protected, and 56 percent think that digital assistants need to be secured.