Week in review: Apache servers under attack, machine leaning in infosec

Here’s an overview of some of last week’s most interesting news, podcasts and articles:

The six stages of a cyber attack lifecycle
High-impact cyber incidents can be avoided if you detect and respond quickly with end-to-end threat management processes.

StoneDrill: New wiper targets Middle East, shows interest in Europe
Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.

Google, Microsoft increase bug bounties
Bug hunters, rejoice: both Google and Microsoft have announced a considerable increase of the amount they will pay out for information about bugs in their products.

Machine learning in information security: Getting started
“The advent of machine learning in security comes alongside the increased capability for collecting and analyzing massive datasets on user behavior, client characteristics, network communications, and more. As we have already witnessed in many other technological domains, I think machine learning will become the main driver for innovation in information security in the coming decade,” says security researcher Clarence Chio.

How to patch your security blind spots
One of the most challenging – and interesting, and frustrating – aspects of cybersecurity is the sheer unpredictability of industry developments still to come.

Why cyber hygiene is vital for the security of your organization
The most useful thing that you can do as the owner of a network of computer systems is to focus on cyber hygiene. It’s the most effective thing that you can do though to keep an adversary out.

Encrypted messaging app Confide suffers from many security issues
Confide, the encrypted instant messaging application with a self-destructing messaging system that has become popular with White House staffers, is not so secure after all.

IoT goods, software and digital services to be evaluated for privacy and security
Consumer Reports, a US non-profit group whose extensive reviews of consumer goods have helped the public make informed and better choices for many decades, has announced that it will start evaluating products and services for privacy and data security.

Apache servers under attack through easily exploitable Struts 2 flaw
The vulnerability can be easily exploited as it requires no authentication, and two very reliable exploits have already been published online. Also, vulnerable servers are easy to discover through simple web scanning.

Top obstacles for women in technology
Wage inequality compared to male colleagues, workplace gender bias and a shortage of female role models are among the main barriers faced by women working in the technology field, according to a new ISACA survey.

The HTTPS interception dilemma: Pros and cons
Marnix Dekker, IT Security Strategy and Policy, European Commission, outlines the benefits and drawbacks of HTTPS interception from an IT security perspective.

Leaked: Docs cataloguing CIA’s frightening hacking capabilities
WikiLeaks has released 8,761 documents and files they claim originate from the US Central Intelligence Agency (CIA) – more specifically, from an “isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina.”

The security threat of quantum computing is real, and it’s coming fast
The moment quantum computers succeed in cracking today’s most prevalent encryption techniques – like public and private keys – security breaches won’t be isolated incidents that only affect a few million people or vulnerabilities that result in a minor chink in security’s armor.

DNSMessenger backdoor/RAT uses DNS queries to communicate with C&C server
How to make sure that your malware will be able to communicate with its C&C servers even if the infected machine sits behind a company firewall and traffic to and from the corporate network is regularly inspected? Pack the needed information into DNS traffic.

Automating PKI for the IoT platform
In this podcast recorded at RSA Conference 2017, Jeremy Rowley, Executive VP of Emerging Markets at DigiCert, talks about automating PKI for IoT platform and building scalable solutions for the IoT platform.

Poachers are trying to hack animal tracking systems
Animal tracking through electronic tagging has helped researchers gain insight into the lives of many wild animal species, but can also be misused by wildlife poachers, hunters, animal-persecution groups and people interested in seeing and interacting with the animals – all to the detriment of our animal brethren.

DevSecOps: Building continuous security into IT and app infrastructures
Instead of making security a trade-off at the end of the cycle when it’s already in production, how can we bring security into the development process, bring security into the DevOps process and make security part of the entire process line from a continuous integration point of view?

New infosec products of the week​: March 10, 2017
A rundown of infosec products released last week.