Week in review: Mac malware-as-a-Service, CIA hacking routers, top tech for infosec

Here’s an overview of some of last week’s most interesting news and articles:

End-to-end email encryption with no central point of attack
A seamless, easy-to-use, and secure end-to-end encrypted business collaboration tool with no central point of attack is a holy grail for every business, and Boston-based security company PreVeil believes they have the right solution on hand.

How the CIA hacked wireless home routers
For many years, the CIA has had the capability to compromise a wide range of commercial wireless routers, and to monitor, control and manipulate the traffic passing through them, documents leaked by WikiLeaks show.

Where does the cyber security buck stop?
Should the United States government get more involved in regulating the security of products and devices?

Two Mac malware-as-a-Service offerings uncovered
Two pieces of Mac malware – MacRansom and MacSpy – that seem to be created by the same developer are being offered for sale through two separate dark web portals.

Perception and reality: The role of AI and automated cyber defenses
Executives in the U.S. and Europe now place broad trust in artificial intelligence (AI) and machine learning systems, designed to protect organizations from more dynamic pernicious cyber threats.

Could an independent NGO solve the problem of cyber attack attribution?
Cyber attack attribution is a necessary prerequisite for holding actors accountable for malicious cyber activity, but is notoriously difficult to achieve. Perhaps it’s time to create an independent, global organization that will investigate and publicly attribute major cyber attacks?

DevSecOps: Build a bridge between fast and secure software development
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software.

Fake news services and tools proliferate on online markets
Fake news is not a new concept, but the Internet – and social media and networks in particular – have made it infinitely easier for it to spread and reach its target audience. The Internet has also made it easier for opinion manipulators to buy the right tools and services to make a fake news campaign successful.

Keys, tokens and too much trust found in container images
While the risks of 3rd party code are well known, the risks of using 3rd party containers are more obscure.

Whitepaper: Confronting advanced threats as an organization
In this whitepaper, you’ll learn what email security threats are most common for emerging businesses today, as well as what innocuous behaviors and habits are most dangerous, and how cyber criminals use social engineering tactics to exploit them for their own profit. With all that at play, you’ll also discover how a majority of these threats can be addressed simply and easily, while also providing complete continuity, archiving and compliance for your email systems.

US restaurants targeted with fileless malware
Researchers have spotted another attack campaign using fileless malware that is believed to be mounted by the infamous FIN7 hacking group.

Gartner identifies top technologies for information security
Gartner highlighted the top technologies for information security and their implications for security organizations in 2017.

Why companies shouldn’t dread the advent of GDPR
When it comes to regulation there’s an almost reflexive tendency of large enterprises to either wait for things to ‘shake out’ and/or to try to negotiate some of the regulation after introduction.

Cloud DLP policy violations rise as Slack, HipChat, and similar services increase in popularity
These services have skyrocketed in popularity as methods of sharing and downloading data, emphasizing the need for enterprises to put policies in place to ensure this data is safe and secure.

What’s an IT architect, and could you become one?
If you’re a Computer Science student or an IT professional looking for a new job that’s interesting, well paid, and for which demand is constant, you might want to consider becoming an IT architect.

Differences in personal security behaviors of US and UK workers
Half of US respondents have been a victim of identity theft, compared to 19 percent of UK respondents. This discrepancy may be attributed to lax security habits of US workers.

IT professionals believe their data is safer in the cloud than on-premise
Nearly seven in 10 executives and over half of IT professionals revealed that they would prefer having a single cloud services provider handling their varied hosted deployments.

New infosec products of the week​: June 16, 2017
A rundown of infosec products released last week.

More about

Don't miss