🕴 How to Engage Your Cyber Enemies 🕴
📖 Read
via "Dark Reading: ".
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.📖 Read
via "Dark Reading: ".
Darkreading
How to Engage Your Cyber Enemies
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
❌ Hidden Code in Memes Instruct Malware via Twitter ❌
📖 Read
via "Threatpost | The first stop for security news".
Analysts discover malicious code embedded in tweeted images.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Hidden Code in Memes Instruct Malware via Twitter
Analysts discover malicious code embedded in tweeted images.
❌ WordPress Targeted with Clever SEO Injection Malware ❌
📖 Read
via "Threatpost | The first stop for security news".
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Targeted with Clever SEO Injection Malware
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.
🕴 Cryptographic Erasure: Moving Beyond Hard Drive Destruction 🕴
📖 Read
via "Dark Reading: ".
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.📖 Read
via "Dark Reading: ".
Darkreading
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
⚠ After SamSam, Ryuk shows targeted ransomware is still evolving ⚠
📖 Read
via "Naked Security".
Devastating, targeted ransomware attacks didn't start with SamSam and they didn't end with it either.📖 Read
via "Naked Security".
Naked Security
After SamSam, Ryuk shows targeted ransomware is still evolving
Devastating, targeted ransomware attacks didn’t start with SamSam and they didn’t end with it either.
🕴 Trend Micro Finds Major Flaws in HolaVPN 🕴
📖 Read
via "Dark Reading: ".
A popular free VPN is found to have a very high cost for users.📖 Read
via "Dark Reading: ".
Dark Reading
Trend Micro Finds Major Flaws in HolaVPN
A popular free VPN is found to have a very high cost for users.
🕴 Twitter Hack May Have State-Sponsored Ties 🕴
📖 Read
via "Dark Reading: ".
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."📖 Read
via "Dark Reading: ".
Dark Reading
Twitter Hack May Have State-Sponsored Ties
A data leak was disclosed after attackers targeted a support form, which had unusual activity.
<b>⌨ A Chief Security Concern for Executive Teams ⌨</b>
<code>Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.</code><code>“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financial…
<code>Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.</code><code>“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financial…
❌ Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant ❌
📖 Read
via "Threatpost | The first stop for security news".
The group continues to evolve its custom malware in an effort to evade detection.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant
The group continues to evolve its custom malware in an effort to evade detection.
🕴 Memes on Twitter Used to Communicate With Malware 🕴
📖 Read
via "Dark Reading: ".
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.📖 Read
via "Dark Reading: ".
Darkreading
Memes on Twitter Used to Communicate With Malware
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
🕴 When Cryptocurrency Falls, What Happens to Cryptominers? 🕴
📖 Read
via "Dark Reading: ".
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.📖 Read
via "Dark Reading: ".
Darkreading
When Cryptocurrency Falls, What Happens to Cryptominers?
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
⚠ How not to secure US missile defences ⚠
📖 Read
via "Naked Security".
One BMDS site’s patching was so deficient, it failed to address a critical vulnerability that first came to light nearly three decades ago.📖 Read
via "Naked Security".
Naked Security
How not to secure US missile defences
One BMDS site’s patching was so deficient, it failed to address a critical vulnerability that first came to light nearly three decades ago.
⚠ SQLite creator fires back at Tencent’s bug hunters ⚠
📖 Read
via "Naked Security".
The creator of SQLite has downplayed reports of a bug that could lead to remote code execution.📖 Read
via "Naked Security".
Naked Security
SQLite creator fires back at Tencent’s bug hunters
The creator of SQLite has downplayed reports of a bug that could lead to remote code execution.
⚠ Instagram became the preferred tool in Russia’s propaganda war ⚠
📖 Read
via "Naked Security".
Facebook and Twitter got a lot of heat, but "Instagram’s appeal is that’s where the kids are, and that seems to be where the Russians went."📖 Read
via "Naked Security".
Naked Security
Instagram became the preferred tool in Russia’s propaganda war
Facebook and Twitter got a lot of heat, but “Instagram’s appeal is that’s where the kids are, and that seems to be where the Russians went.”
⚠ Snack-happy parrot shows insider threats come in all shapes and sizes ⚠
📖 Read
via "Naked Security".
The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream.📖 Read
via "Naked Security".
Naked Security
Snack-happy parrot shows insider threats come in all shapes and sizes
The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream.
❌ Facebook Defends Against Data-Sharing Partnerships ❌
📖 Read
via "Threatpost | The first stop for security news".
Facebook is under fire again for its data privacy policies.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Facebook Fights Back on Secret Data-Sharing Partnerships
Facebook is under fire again after a bombshell report claims it has broad data-sharing arrangements with Amazon, Apple, Twitter and others.
🔐 Malware targeting IoT devices grew 72% in Q3 alone 🔐
📖 Read
via "Security on TechRepublic".
Total malware samples grew 34% over the past year, with major rises in coinmining and fileless attacks, according to a McAfee Labs report.📖 Read
via "Security on TechRepublic".
TechRepublic
Malware targeting IoT devices grew 72% in Q3 alone
Total malware samples grew 34% over the past year, with major rises in coinmining and fileless attacks, according to a McAfee Labs report.
⚠ Serious Security: When cryptographic certificates attack ⚠
📖 Read
via "Naked Security".
Machine learning is all the rage - but don't knock human savvy just yet! One weird character can be enough to alert a smart researcher...📖 Read
via "Naked Security".
Naked Security
Serious Security: When cryptographic certificates attack
Machine learning is all the rage – but don’t knock human savvy just yet! One weird character can be enough to alert a smart researcher…
🔐 How BMC and UEFI can be exploited to brick servers and take down your data center 🔐
📖 Read
via "Security on TechRepublic".
Out-of-band management systems can be a weak link to securing your data center. Here's how a debug utility can be leveraged to brick your systems.📖 Read
via "Security on TechRepublic".
TechRepublic
How BMC and UEFI can be exploited to brick servers and take down your data center
Out-of-band management systems can be a weak link to securing your data center. Here's how a debug utility can be leveraged to brick your systems.
❌ Threatpost Poll: Do You Hate Facebook? ❌
📖 Read
via "Threatpost | The first stop for security news".
Weigh in on Facebook and privacy in our short poll.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Threatpost Poll: Do You Hate Facebook?
Weigh in on how you plan to cope with the latest reports of Facebook's privacy-eviscerating practices.
🔐 Why CXOs are leading the charge for AI-based security 🔐
📖 Read
via "Security on TechRepublic".
While 73% of organizations already use some level of artificial intelligence, the technology comes with its own challenges, according to a ProtectWise report.📖 Read
via "Security on TechRepublic".
TechRepublic
Why CXOs are leading the charge for AI-based security
While 73% of organizations already use some level of artificial intelligence, the technology comes with its own challenges, according to a ProtectWise report.