π΄ Cyber Readiness Institute Launches New Program for SMBs π΄
π Read
via "Dark Reading: ".
Program seeks to raise employee cyber awareness at small and midsize businesses and give their owners the tools to make a difference.π Read
via "Dark Reading: ".
Dark Reading
Cyber Readiness Institute Launches New Program for SMBs
Program seeks to raise employee cyber awareness at small and midsize businesses and give their owners the tools to make a difference.
β U.S. Ballistic Missile Defense System Rife with Security Holes β
π Read
via "Threatpost | The first stop for security news".
Widespread, unpatched vulnerabilities are just one set of problems uncovered by a Department of Defense audit.π Read
via "Threatpost | The first stop for security news".
Threat Post
U.S. Ballistic Missile Defense System Rife with Security Holes
Widespread, unpatched vulnerabilities are just one set of problems uncovered by a Department of Defense audit.
β Sneaky phishing campaign beats two-factor authentication β
π Read
via "Naked Security".
Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesnβt mean every method for doing this is equally secure.π Read
via "Naked Security".
Naked Security
Sneaky phishing campaign beats two-factor authentication
Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesnβt mean every method for doing this is equally secure.
β Twitter fixes bug that lets unauthorized apps get access to DMs β
π Read
via "Naked Security".
"You authorise it - whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and dank memes. Tragic!" said the researcher.π Read
via "Naked Security".
Naked Security
Twitter fixes bug that lets unauthorized apps get access to DMs
βYou authorise it β whereupon it promptly leaks to the world all your sexts, inappropriate jokes, and dank memes. Tragic!β said the researcher.
β Logitech flaw fixed after Project Zero disclosure β
π Read
via "Naked Security".
The flaw offered attackers a way of executing keystroke injection to take control of a Windows PC running Logitech Options.π Read
via "Naked Security".
Naked Security
Logitech flaw fixed after Project Zero disclosure
The flaw offered attackers a way of executing keystroke injection to take control of a Windows PC running Logitech Options.
β Facebook photo API bug exposed usersβ unpublished photos β
π Read
via "Naked Security".
It affected up to 6.8 million users and up to 1,500 apps. βWe're sorry this happened,β said Facebook with what must be acute apology fatigue.π Read
via "Naked Security".
Naked Security
Facebook photo API bug exposed usersβ unpublished photos
It affected up to 6.8 million users and up to 1,500 apps. βWeβre sorry this happened,β said Facebook with what must be acute apology fatigue.
π΄ 8 Security Tips to Gift Your Loved Ones For the Holidays π΄
π Read
via "Dark Reading: ".
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.π Read
via "Dark Reading: ".
Dark Reading
8 Security Tips to Gift Your Loved Ones For the Holidays
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
β Newsmaker Interview: Troy Mursch on Top Botnet Trends β
π Read
via "Threatpost | The first stop for security news".
MikroTik, Hadoop clusters, legislation and more will mark the botnet space in 2019.π Read
via "Threatpost | The first stop for security news".
Threat Post
Newsmaker Interview: Troy Mursch on Top Botnet Trends
MikroTik, Hadoop clusters, legislation and more will mark the botnet space in 2019.
π Why 2019 will introduce stricter privacy regulation π
π Read
via "Security on TechRepublic".
Privacy regulation is a complex topic with ever-changing parameters and requirements. Read some predictions for what's coming in 2019.π Read
via "Security on TechRepublic".
TechRepublic
Why 2019 will introduce stricter privacy regulation
Privacy regulation is a complex topic with ever-changing parameters and requirements. Read some predictions for what's coming in 2019.
β WSJ Webpage Defaced to Support PewDiePie β
π Read
via "Threatpost | The first stop for security news".
The hack comes on the heels of the PewDiePie-supporting printer attacks over the weekend.π Read
via "Threatpost | The first stop for security news".
Threat Post
WSJ Webpage Defaced to Support PewDiePie
The hack comes on the heels of the PewDiePie-supporting printer attacks over the weekend.
π Why cryptojacking will become an even larger problem in 2019 π
π Read
via "Security on TechRepublic".
Cryptojacking was the runaway security problem in 2018, damaging devices in cybercriminals' pursuit of profits. As cryptocurrency prices fall, 2019 could see more attacks.π Read
via "Security on TechRepublic".
TechRepublic
Why cryptojacking will become an even larger problem in 2019
Cryptojacking was the runaway security problem in 2018, damaging devices in cybercriminals' pursuit of profits. As cryptocurrency prices fall, 2019 could see more attacks.
π΄ How to Engage Your Cyber Enemies π΄
π Read
via "Dark Reading: ".
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.π Read
via "Dark Reading: ".
Darkreading
How to Engage Your Cyber Enemies
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
β Hidden Code in Memes Instruct Malware via Twitter β
π Read
via "Threatpost | The first stop for security news".
Analysts discover malicious code embedded in tweeted images.π Read
via "Threatpost | The first stop for security news".
Threat Post
Hidden Code in Memes Instruct Malware via Twitter
Analysts discover malicious code embedded in tweeted images.
β WordPress Targeted with Clever SEO Injection Malware β
π Read
via "Threatpost | The first stop for security news".
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.π Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Targeted with Clever SEO Injection Malware
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.
π΄ Cryptographic Erasure: Moving Beyond Hard Drive Destruction π΄
π Read
via "Dark Reading: ".
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.π Read
via "Dark Reading: ".
Darkreading
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
β After SamSam, Ryuk shows targeted ransomware is still evolving β
π Read
via "Naked Security".
Devastating, targeted ransomware attacks didn't start with SamSam and they didn't end with it either.π Read
via "Naked Security".
Naked Security
After SamSam, Ryuk shows targeted ransomware is still evolving
Devastating, targeted ransomware attacks didnβt start with SamSam and they didnβt end with it either.
π΄ Trend Micro Finds Major Flaws in HolaVPN π΄
π Read
via "Dark Reading: ".
A popular free VPN is found to have a very high cost for users.π Read
via "Dark Reading: ".
Dark Reading
Trend Micro Finds Major Flaws in HolaVPN
A popular free VPN is found to have a very high cost for users.
π΄ Twitter Hack May Have State-Sponsored Ties π΄
π Read
via "Dark Reading: ".
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."π Read
via "Dark Reading: ".
Dark Reading
Twitter Hack May Have State-Sponsored Ties
A data leak was disclosed after attackers targeted a support form, which had unusual activity.
<b>⌨ A Chief Security Concern for Executive Teams ⌨</b>
<code>Virtually all companies like to say they take their customersβ privacy and security seriously, make it a top priority, blah blah. But youβd be forgiven if you couldnβt tell this by studying the executive leadership page of each companyβs Web site. Thatβs because very few of the worldβs biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it canβt change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobodyβs saying these companies donβt have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that arenβt present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or βchief people officerβ), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, itβs somewhat remarkable that more companies donβt list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>βBut a quick look at Bank of America and Chaseβs websites proved me wrong,β Conroy said. βIt looks like the CISO in those firms is one layer down, reporting to the executive leadership.β</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers β including loss prevention and cybersecurity.</code><code>βMarketing and digital strategy roles drive top line revenue for firmsβthe latter is particularly important in retail and banking businesses as so much commerce moves online,β Conroy said. βWhile you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I donβt think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.β</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financialβ¦
<code>Virtually all companies like to say they take their customersβ privacy and security seriously, make it a top priority, blah blah. But youβd be forgiven if you couldnβt tell this by studying the executive leadership page of each companyβs Web site. Thatβs because very few of the worldβs biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it canβt change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobodyβs saying these companies donβt have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that arenβt present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or βchief people officerβ), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, itβs somewhat remarkable that more companies donβt list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>βBut a quick look at Bank of America and Chaseβs websites proved me wrong,β Conroy said. βIt looks like the CISO in those firms is one layer down, reporting to the executive leadership.β</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers β including loss prevention and cybersecurity.</code><code>βMarketing and digital strategy roles drive top line revenue for firmsβthe latter is particularly important in retail and banking businesses as so much commerce moves online,β Conroy said. βWhile you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I donβt think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.β</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financialβ¦
β Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant β
π Read
via "Threatpost | The first stop for security news".
The group continues to evolve its custom malware in an effort to evade detection.π Read
via "Threatpost | The first stop for security news".
Threat Post
Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant
The group continues to evolve its custom malware in an effort to evade detection.
π΄ Memes on Twitter Used to Communicate With Malware π΄
π Read
via "Dark Reading: ".
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.π Read
via "Dark Reading: ".
Darkreading
Memes on Twitter Used to Communicate With Malware
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.