Week in review: Memcached-based reflected DDoS attacks, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

Automating out of the skill gap sinkhole
When thinking about the bigger picture, information security leaders must aim to automate as much of the IR cycle as possible. However, this does not mean automation can replace humans.

Microsoft releases Spectre fixes for Windows 10 on Skylake CPUs
Microsoft has pushed out a new set of Spectre (variant 2) security updates. For the moment, these are just for some devices running on Skylake CPUs and Windows 10 Fall Creators Update or Windows Server version 1709 (Server Core).

(IN)SECURE Magazine issue 57 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. We’ve redesigned the magazine from the ground up and issue 57 has been released on Thursday.

Hackers breached German government’s secure computer networks
The Russia-linked Sofacy hacking group has breached the secure computer networks of a number of German federal agencies.

How to protect Office 365 data from ransomware attacks
Widespread popularity often breeds malicious activity, however, and Office 365 is no exception. Ransomware, in particular, has introduced significant risks for Office 365 users.

What employers need to know about cybersecurity jobseekers
When asked what’s most important for cybersecurity professionals’ personal fulfillment, salary is not the top priority.

Surge in memcached-based reflected DDoS attacks is due to misconfigured servers
Massive memcached-based reflection DDoS attacks with an unprecedented amplification factor have been ongoing for the last few days.

Download: CISSP Exam Study Guide
The CISSP Exam Study Guide provides a solid foundation for anyone preparing to become a Certified Information Systems Security Professional. It contains materials to prepare you for all 8 domains of the CISSP exam.

Private browsing is not that private, but it can be
Private, “Incognito mode” browsing sessions are not as foolproof as most users believe them to be.

Phillips clinical imaging solution plagued by vulnerabilities
Phillips is developing a software update to mitigate 35 CVE-numbered vulnerabilities in the Philips IntelliSpace Portal (ISP), a clinical imaging visualization and analysis solution that is used by healthcare and public health organizations around the world.

Cryptojacking is the new malware
Who exactly is behind cryptojacking and what can be done to stop it? Let’s take a closer look.

Is GDPR-regulated data lurking in unexpected pockets of your organization?
A recent study showed that over 60 percent of corporate data is stored on employee endpoints. And yet, as companies work to ensure compliance with the new General Data Protection Regulation (GDPR), they still may be overlooking a few key areas.

Mobile security: A look at the risks, and what you can do
Nearly a third (32%) of organizations surveyed admitted to sacrificing mobile security to improve business performance.

UK cyber risk picture: Emergency services at risk of a major cyber attack
The UK Threat Landscape report, which explores the UK’s Critical National Infrastructure (CNI) against threats and possible vulnerabilities, points to a number of weak spots in the UK which could attract an attack.

SecOps reality gap: 85% say practicing SecOps is a goal, 35% actually do
More than half of companies (52 percent) admit to cutting back on security measures to meet a business deadline or objective.

Keeping on top of ICS-focused hacking groups, defenses
How many hacking groups are focusing on ICS systems? Dragos security researchers say at least five were active in 2017.

Nearly half of security pros rarely change their security strategy, even after a cyber attack
This level of cyber security inertia and failure to learn from past incidents puts sensitive data, infrastructure and assets at risk.

How Google implements the Right To Be Forgotten
Who is asking Google to delist certain URLs appearing in search results related to their name, and what kind of requests does the search giant honor?

A view of the global threat landscape: Cybercrime and intrusion trends
Based on observed incidents, the 2018 CrowdStrike Global Threat Report established that the average “breakout time” in 2017 was one hour and 58 minutes. Breakout time indicates how long it takes for an intruder to jump off the initial system they had compromised and move laterally to other machines within the network.

New infosec products of the week​: March 2, 2018
A rundown of infosec products released last week.