β Samsung fixes flaws that could have let attackers hijack your account β
π Read
via "Naked Security".
Flaws in the mobile site were leaving users vulnerable to attackers who could have reset their user passwords and hijacked their accounts.π Read
via "Naked Security".
Naked Security
Samsung fixes flaws that could have let attackers hijack your account
Flaws in the mobile site were leaving users vulnerable to attackers who could have reset their user passwords and hijacked their accounts.
β Supply Chain Security: Managing a Complex Risk Profile β
π Read
via "Threatpost | The first stop for security news".
Experts sound off on how companies can work with their third-party suppliers and partners to secure the end-to-end supply chain.π Read
via "Threatpost | The first stop for security news".
Threat Post
Supply Chain Security: Managing a Complex Risk Profile
Experts sound off on how companies can work with their third-party suppliers and partners to secure the end-to-end supply chain.
π΄ Higher Education: 15 Books to Help Cybersecurity Pros Be Better π΄
π Read
via "Dark Reading: ".
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.π Read
via "Dark Reading: ".
Dark Reading
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
β Super Micro Says Its Gear Wasnβt Bugged By Chinese Spies β
π Read
via "Threatpost | The first stop for security news".
The news comes amid reports that a Chinese intelligence-gathering effort was behind the massive Marriott hotel data breach.π Read
via "Threatpost | The first stop for security news".
Threat Post
Super Micro Says Its Gear Wasnβt Bugged By Chinese Spies
The news comes amid reports that a Chinese intelligence-gathering effort was behind the massive Marriott hotels data breach.
β Operation Sharpshooter Takes Aim at Global Critical Assets β
π Read
via "Threatpost | The first stop for security news".
Operation Sharpshooter uses a new implant to target mainly English-speaking nuclear, defense, energy and financial companies.π Read
via "Threatpost | The first stop for security news".
Threat Post
Operation Sharpshooter Takes Aim at Global Critical Assets
Operation Sharpshooter uses a new implant to target mainly U.S.-based nuclear, defense, energy and financial companies.
π΄ Forget Shifting Security Left; It's Time to Race Left π΄
π Read
via "Dark Reading: ".
Once DevOps teams decide to shift left, they can finally look forward instead of backward.π Read
via "Dark Reading: ".
Darkreading
Forget Shifting Security Left; It's Time to Race Left
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
π΄ Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3 π΄
π Read
via "Dark Reading: ".
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.π Read
via "Dark Reading: ".
Darkreading
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
π΄ Arctic Wolf Buys RootSecure π΄
π Read
via "Dark Reading: ".
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.π Read
via "Dark Reading: ".
Dark Reading
Arctic Wolf Buys RootSecure
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
π 8% of organizations are not properly governing its own data π
π Read
via "Security on TechRepublic".
Some 88% of organizations aren't correctly managing access to data stored in files, according to a SailPoint report.π Read
via "Security on TechRepublic".
TechRepublic
88% of organizations are not properly governing its own data
Some 88% of organizations aren't correctly managing access to data stored in files, according to a SailPoint report.
β ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals β
π Read
via "Threatpost | The first stop for security news".
Consumers are much more likely to fall for spam during the season of giving.π Read
via "Threatpost | The first stop for security news".
Threat Post
ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals
Consumers are much more likely to fall for spam during the season of giving.
π΄ Mac Malware Cracks WatchGuard's Top 10 List π΄
π Read
via "Dark Reading: ".
Security experts advise Mac users to deploy security suites to protect themselves from the growing threat.π Read
via "Dark Reading: ".
Dark Reading
Mac Malware Cracks WatchGuard's Top 10 List
Security experts advise Mac users to deploy security suites to protect themselves from the growing threat.
<b>⌨ Scanning for Flaws, Scoring for Security ⌨</b>
<code>Is it fair to judge an organizationβs information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. Whatβs remarkable is how many organizations donβt make an effort to view their public online assets as the rest of the world sees them β until itβs too late.</code><code>Media</code><code>Image: US Chamber of Commerce.</code><code>For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicantβs credit score β the most widely used being the score developed by FICO, previously known as Fair Isaac Corporation. Earlier this year, FICO began touting its Cyber Risk Score (PDF), which seeks to measure an organizationβs chances of experiencing a data breach in the next 12 months, based on a variety of measurements tied to the companyβs public-facing online assets.</code><code>In October, FICO teamed up with the U.S. Chamber of Commerce to evaluate more than 2,500 U.S. companies with the Cyber Risk Score, and then invited these companies to sign up and see how their score compares with that of other organizations in their industry. The stated use cases for the Cyber Risk Score include the potential for cyber insurance pricing and underwriting, and evaluating supply chain risk (i.e., the security posture of vendor partners).</code><code>The company-specific scores are supposed to be made available only to vetted people at the organization who go through FICOβs signup process. But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil.</code><code>The marketing email was quickly recalled and reissued in a redacted version, but it seems ExxonMobilβs score of 587 puts it in the βelevatedβ risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850.</code><code>Media</code><code>Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.</code><code>How useful is such a score? Mike Lloyd, chief technology officer at RedSeal, was quoted as saying a score βtaken from the outside looking in is similar to rating the fire risk to a building based on a photograph from across the street.β</code><code>βYou can, of course, establish some important things about the quality of a building from a photograph, but itβs no substitute for really being able to inspect it from the inside,β Lloyd told Dark Reading regarding the Chamber/FICO announcement in October.</code><code>Naturally, combining external scans with internal vulnerability probes and penetration testing engagements can provide organizations with a much more holistic picture of their security posture. But when a major company makes public, repeated and prolonged external security foibles, itβs difficult to escape the conclusion that perhaps it isnβt looking too closely at its internal security either.</code><code>ENTIRELY, CERTIFIABLY PREVENTABLE</code><code>Too bad the errant FICO marketing email didnβt expose the current cyber risk score of big-three consumer credit bureau Equifax, which was relieved of personal and financial data on 148 million Americans last year after the company failed to patch one of its Web servers and then failed to detect an intrusion into its systems for months.</code><code>A 96-page report (PDF) released this week by a House oversight committee found the Equifax breach was βentirely preventable.β For 76 days beginning mid May 2017, the intruders made moreβ¦
<code>Is it fair to judge an organizationβs information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. Whatβs remarkable is how many organizations donβt make an effort to view their public online assets as the rest of the world sees them β until itβs too late.</code><code>Media</code><code>Image: US Chamber of Commerce.</code><code>For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicantβs credit score β the most widely used being the score developed by FICO, previously known as Fair Isaac Corporation. Earlier this year, FICO began touting its Cyber Risk Score (PDF), which seeks to measure an organizationβs chances of experiencing a data breach in the next 12 months, based on a variety of measurements tied to the companyβs public-facing online assets.</code><code>In October, FICO teamed up with the U.S. Chamber of Commerce to evaluate more than 2,500 U.S. companies with the Cyber Risk Score, and then invited these companies to sign up and see how their score compares with that of other organizations in their industry. The stated use cases for the Cyber Risk Score include the potential for cyber insurance pricing and underwriting, and evaluating supply chain risk (i.e., the security posture of vendor partners).</code><code>The company-specific scores are supposed to be made available only to vetted people at the organization who go through FICOβs signup process. But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil.</code><code>The marketing email was quickly recalled and reissued in a redacted version, but it seems ExxonMobilβs score of 587 puts it in the βelevatedβ risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850.</code><code>Media</code><code>Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.</code><code>How useful is such a score? Mike Lloyd, chief technology officer at RedSeal, was quoted as saying a score βtaken from the outside looking in is similar to rating the fire risk to a building based on a photograph from across the street.β</code><code>βYou can, of course, establish some important things about the quality of a building from a photograph, but itβs no substitute for really being able to inspect it from the inside,β Lloyd told Dark Reading regarding the Chamber/FICO announcement in October.</code><code>Naturally, combining external scans with internal vulnerability probes and penetration testing engagements can provide organizations with a much more holistic picture of their security posture. But when a major company makes public, repeated and prolonged external security foibles, itβs difficult to escape the conclusion that perhaps it isnβt looking too closely at its internal security either.</code><code>ENTIRELY, CERTIFIABLY PREVENTABLE</code><code>Too bad the errant FICO marketing email didnβt expose the current cyber risk score of big-three consumer credit bureau Equifax, which was relieved of personal and financial data on 148 million Americans last year after the company failed to patch one of its Web servers and then failed to detect an intrusion into its systems for months.</code><code>A 96-page report (PDF) released this week by a House oversight committee found the Equifax breach was βentirely preventable.β For 76 days beginning mid May 2017, the intruders made moreβ¦
π΄ Deception: Honey vs. Real Environments π΄
π Read
via "Dark Reading: ".
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.π Read
via "Dark Reading: ".
Darkreading
Deception: Honey vs. Real Environments
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
π΄ U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign π΄
π Read
via "Dark Reading: ".
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.π Read
via "Dark Reading: ".
Darkreading
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
β Android Trojan Targets PayPal Users β
π Read
via "Threatpost | The first stop for security news".
The trojan purports to be a battery optimization app - and then steals up to 1,000 euro from victims' PayPal accounts.π Read
via "Threatpost | The first stop for security news".
Threat Post
Android Trojan Targets PayPal Users
The trojan purports to be a battery optimization app - and then steals up to 1,000 euro from victims' PayPal accounts.
π΄ Bug Hunting Paves Path to Infosec Careers π΄
π Read
via "Dark Reading: ".
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.π Read
via "Dark Reading: ".
Dark Reading
Bug Hunting Paves Path to Infosec Careers
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
π΄ Worst Password Blunders of 2018 Hit Organizations East and West π΄
π Read
via "Dark Reading: ".
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.π Read
via "Dark Reading: ".
Dark Reading
Worst Password Blunders of 2018 Hit Organizations East and West
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
β Update now! Microsoft and Adobeβs December 2018 Patch Tuesday is here β
π Read
via "Naked Security".
If you find patching security flaws strangely satisfying, youβre in luck - Microsoftβs and Adobeβs December Patch Tuesdays have arrived with plenty for the dedicated updater to get stuck into.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β WordPress worms, Android fraud and Flash fails [PODCAST] β
π Read
via "Naked Security".
Here's the latest Naked Security podcast - enjoy!π Read
via "Naked Security".
Naked Security
WordPress worms, Android fraud and Flash fails [PODCAST]
Hereβs the latest Naked Security podcast β enjoy!
β Supermicro: We told you the tampering claims were false β
π Read
via "Naked Security".
Computer manufacturer Supermicro is still trying to lay to rest reports that the Chinese government tempered with its equipment to spy on Western cloud users.π Read
via "Naked Security".
Naked Security
Supermicro: We told you the tampering claims were false
Computer manufacturer Supermicro is still trying to lay to rest reports that the Chinese government tempered with its equipment to spy on Western cloud users.
β Shamoon Reappears, Poised for a New Wiper Attack β
π Read
via "Threatpost | The first stop for security news".
One of the most destructive malware families ever seen is back, and researchers think its authors are gearing up to again take aim at the Middle East.π Read
via "Threatpost | The first stop for security news".
Threat Post
Shamoon Reappears, Poised for a New Wiper Attack
One of the most destructive malware families ever seen is back, and researchers think its authors are gearing up to again take aim at the Middle East.