🕴 Higher Education: 15 Books to Help Cybersecurity Pros Be Better 🕴

Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.

📖 Read

via "Dark Reading: ".

❌ Super Micro Says Its Gear Wasn’t Bugged By Chinese Spies ❌

The news comes amid reports that a Chinese intelligence-gathering effort was behind the massive Marriott hotel data breach.

📖 Read

via "Threatpost | The first stop for security news".

❌ Operation Sharpshooter Takes Aim at Global Critical Assets ❌

Operation Sharpshooter uses a new implant to target mainly English-speaking nuclear, defense, energy and financial companies.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Forget Shifting Security Left; It's Time to Race Left 🕴

Once DevOps teams decide to shift left, they can finally look forward instead of backward.

📖 Read

via "Dark Reading: ".

🕴 Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3 🕴

One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.

📖 Read

via "Dark Reading: ".

🕴 Arctic Wolf Buys RootSecure 🕴

The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.

📖 Read

via "Dark Reading: ".

🔐 8% of organizations are not properly governing its own data 🔐

Some 88% of organizations aren't correctly managing access to data stored in files, according to a SailPoint report.

📖 Read

via "Security on TechRepublic".

❌ ThreatList: Holiday Spam, the Perfect Seasonal Gift for Criminals ❌

Consumers are much more likely to fall for spam during the season of giving.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Mac Malware Cracks WatchGuard's Top 10 List 🕴

Security experts advise Mac users to deploy security suites to protect themselves from the growing threat.

📖 Read

via "Dark Reading: ".

<b>&#9000; Scanning for Flaws, Scoring for Security &#9000;</b>

<code>Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries. What’s remarkable is how many organizations don’t make an effort to view their public online assets as the rest of the world sees them — until it’s too late.</code><code>Media</code><code>Image: US Chamber of Commerce.</code><code>For years, potential creditors have judged the relative risk of extending credit to consumers based in part on the applicant’s credit score — the most widely used being the score developed by FICO, previously known as Fair Isaac Corporation. Earlier this year, FICO began touting its Cyber Risk Score (PDF), which seeks to measure an organization’s chances of experiencing a data breach in the next 12 months, based on a variety of measurements tied to the company’s public-facing online assets.</code><code>In October, FICO teamed up with the U.S. Chamber of Commerce to evaluate more than 2,500 U.S. companies with the Cyber Risk Score, and then invited these companies to sign up and see how their score compares with that of other organizations in their industry. The stated use cases for the Cyber Risk Score include the potential for cyber insurance pricing and underwriting, and evaluating supply chain risk (i.e., the security posture of vendor partners).</code><code>The company-specific scores are supposed to be made available only to vetted people at the organization who go through FICO’s signup process. But in a marketing email sent to FICO members on Tuesday advertising its new benchmarking feature, FICO accidentally exposed the FICO Cyber Risk Score of energy giant ExxonMobil.</code><code>The marketing email was quickly recalled and reissued in a redacted version, but it seems ExxonMobil’s score of 587 puts it in the “elevated” risk category and somewhat below the mean score among large companies in the Energy and Utilities sector, which was 637. The October analysis by the Chamber and FICO gives U.S. businesses an overall score of 687 on a scale of 300-850.</code><code>Media</code><code>Data accidentally released by FICO about the Cyber Risk Score for ExxonMobil.</code><code>How useful is such a score? Mike Lloyd, chief technology officer at RedSeal, was quoted as saying a score “taken from the outside looking in is similar to rating the fire risk to a building based on a photograph from across the street.”</code><code>“You can, of course, establish some important things about the quality of a building from a photograph, but it’s no substitute for really being able to inspect it from the inside,” Lloyd told Dark Reading regarding the Chamber/FICO announcement in October.</code><code>Naturally, combining external scans with internal vulnerability probes and penetration testing engagements can provide organizations with a much more holistic picture of their security posture. But when a major company makes public, repeated and prolonged external security foibles, it’s difficult to escape the conclusion that perhaps it isn’t looking too closely at its internal security either.</code><code>ENTIRELY, CERTIFIABLY PREVENTABLE</code><code>Too bad the errant FICO marketing email didn’t expose the current cyber risk score of big-three consumer credit bureau Equifax, which was relieved of personal and financial data on 148 million Americans last year after the company failed to patch one of its Web servers and then failed to detect an intrusion into its systems for months.</code><code>A 96-page report (PDF) released this week by a House oversight committee found the Equifax breach was “entirely preventable.” For 76 days beginning mid May 2017, the intruders made more…

🕴 Deception: Honey vs. Real Environments 🕴

A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.

📖 Read

via "Dark Reading: ".

🕴 U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign 🕴

McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.

📖 Read

via "Dark Reading: ".

❌ Android Trojan Targets PayPal Users ❌

The trojan purports to be a battery optimization app - and then steals up to 1,000 euro from victims' PayPal accounts.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Bug Hunting Paves Path to Infosec Careers 🕴

Ethical hackers use bug bounty programs to build the skills they need to become security professionals.

📖 Read

via "Dark Reading: ".

🕴 Worst Password Blunders of 2018 Hit Organizations East and West 🕴

Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.

📖 Read

via "Dark Reading: ".

⚠ Update now! Microsoft and Adobe’s December 2018 Patch Tuesday is here ⚠

If you find patching security flaws strangely satisfying, you’re in luck - Microsoft’s and Adobe’s December Patch Tuesdays have arrived with plenty for the dedicated updater to get stuck into.

📖 Read

via "Naked Security".

⚠ WordPress worms, Android fraud and Flash fails [PODCAST] ⚠

Here's the latest Naked Security podcast - enjoy!

📖 Read

via "Naked Security".

⚠ Supermicro: We told you the tampering claims were false ⚠

Computer manufacturer Supermicro is still trying to lay to rest reports that the Chinese government tempered with its equipment to spy on Western cloud users.

📖 Read

via "Naked Security".

❌ Shamoon Reappears, Poised for a New Wiper Attack ❌

One of the most destructive malware families ever seen is back, and researchers think its authors are gearing up to again take aim at the Middle East.

📖 Read

via "Threatpost | The first stop for security news".

⚠ Border agents are copying travelers’ data, leaving it on USB drives ⚠

It's just one of many SOP SNAFUs of a pilot program for advanced searches of travelers' devices that doesn't even have performance metrics.

📖 Read

via "Naked Security".

🕴 The Economics Fueling IoT (In)security 🕴

Attackers understand the profits that lie in the current lack of security. That must change.

📖 Read

via "Dark Reading: ".