Week in review: OpenVPN audit, cybersecurity gamification, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news, podcasts, videos and articles:

The global decline of cybersecurity confidence
According to this year’s data, global cybersecurity confidence fell six points over 2016 to earn an overall score of 70 percent — a “C-” on the report card.

(IN)SECURE Magazine issue 52 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Most email authentication implementations fail
Three quarters of large businesses attempting implementation of the DMARC email authentication standard are not presently capable of using it to block unauthorized email, to the detriment of their own security, compliance, and brand protection.

Cybersecurity gamification: A shortcut to learning
Cybersecurity awareness trainings are usually a boring affair, so imagine my colleagues’ surprise when I exited the room in which I participated in a demonstration of the Kaspersky Interactive Protection Simulation (KIPS) game and told them: “You have to try this!”

OpenVPN to get two separate security audits
VPN service Private Internet Access (PIA) announced that they have contracted noted and well-reputed cryptographer Dr. Matthew Green to perform a security audit of OpenVPN. However, it seems that there will be two separate security audits of this widely-used open source software application.

Six tips for practicing safe social media
The current attack is being waged to introduce ransomware into these environments. Dubbed “Imagegate”, it’s a clever way of sneaking malware into your environment.

Security startup confessions: Customer breach disclosure
Balancing the needs of your company, your employees, and your customers requires making tough choices.

80 Sony IP camera models come with backdoors
80 different models of Sony IPELA Engine IP Cameras have multiple backdoors that can be misused by attackers to take control of the device, disrupt its functionality, add it to a botnet, and more.

BYOD: How to provide secure access to network resources
You have three choices: Network Access Control, Software-Defined Perimeter – or both.

323,000 pieces of malware detected daily
The number of cyberthreats appearing every day is now so big that it is impossible to process each one of them manually.

The early IoT gets the worm
Five days after the start of World War I, Sir Edward Grey, British Foreign Secretary, remarked to a close friend, “The lights are going out all over Europe, we shall not see them lit again in our lifetime.” Recently a team of researchers from the Weizmann Institute of science and Dalhousie University released a paper that described exactly how you might do just that – turn all the lights out.

Cybersecurity advice for the nuclear industry
Less complexity, an active defense, transformative research, and institutionalized cybersecurity should be nuclear industry’s key priorities to stem the rising tide of cyber threats.

Top 4 global security threats businesses will face in 2017
The top four threats identified by the Information Security Forum for 2017 are not mutually exclusive and can combine to create even greater threat profiles.

Next year, attacks will differentiate to penetrate new vulnerable surfaces
The upcoming year will include an increased breadth and depth of attacks, with malicious threat actors differentiating their tactics to capitalize on the changing technology landscape, according to Trend Micro.

Disttrack wiper malware hits Saudi Arabia’s aviation agency
The Saudi government confirmed the latest breaches on Thursday, and for now the identity of only one target has been revealed: the country’s General Authority of Civil Aviation (GACA).

Popular smart toys violate children’s privacy rights?
My Friend Cayla and i-Que, two extremely popular “smart” toys manufactured by Los Angeles-based Genesis Toys, do not safeguard basic consumer (and children’s) rights to security and privacy, researchers have found.

Dailymotion urges users to reset passwords in wake of possible breach
Breach notification service LeakedSource has added information about over 87 million Dailymotion users to its search index.

Top 6 breach response best practices for 2017
Leading industry experts share their six best practices and insights on preparing for and responding to a data breach, to deliver positive outcomes for all involved.

Remote access options for unidirectionally protected networks
In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, talks about remote access options for unidirectionally protected networks.

Laws, regulations and contracts that infosec pros should be familiar with
Alex Muentz, a Senior Security Advisor at Seattle-based security consultancy Leviathan Security is an information security professional as well as a licensed attorney, and he explains about the areas of law that affect infosec practitioners.

Hackers stole technical trade secrets from German steelmaker
The company said that the attack was a professional endeavour and has been traced back to the Southeast Asian region.

New infosec products of the week​: December 9, 2016
A rundown of infosec products released last week.

Nintendo offers up to $20,000 for bug info
Video game giant Nintendo is asking researchers to find and flag vulnerabilities in the Nintendo 3DS family of handheld game systems.

Share this
You are reading
abstract

Week in review: OpenVPN audit, cybersecurity gamification, new issue of (IN)SECURE