Here’s an overview of some of last week’s most interesting news and articles:
Malicious activity surges coincide with geopolitical events
2017 was a year of multiple geopolitical events that corresponded with major malware spikes in enterprise security.
Dangerous CredSSP flaw opens door into corporate servers
A critical vulnerability in the Credential Security Support Provider protocol (CredSSP), introduced in Windows Vista and used in all Windows versions since then, can be exploited by MitM attackers to run code remotely on previously uninfected machines and servers in the attacked network.
Best practices to tackle challenges posed by digital twins
Forty-eight percent of organizations that are implementing the Internet of Things (IoT) said they are already using, or plan to use digital twins in 2018, according to Gartner.
The great attribution debate: Why we should focus on HOW not WHO
It has become increasingly challenging to effectively track attacks, prevent against them and identify the perpetrator. But where exactly should organisations be focusing their efforts?
Security analyst salary survey: Find out what you are worth
Exabeam is conducting an annual survey to understand skills and compensation trends among SOC and security analysts. All participants will receive the results.
Four wireless standards hackers will target after Wi-Fi
The Wi-Fi hacking community has now reached critical mass.
Big data and insurance: Implications for innovation and privacy
The use of big data analytics in insurance offers societal benefits, as improved understanding of risks can inform risk reduction and enhance insurability. However, individuals, firms and regulators face complex trade-offs when balancing the benefits and risks of using personal data from digital sources to calculate insurance premiums.
Former Equifax exec charged with insider trading after data breach
Jun Ying, a former Equifax executive, has been hit with criminal charges as well as SEC (Securities and Exchange Commission) charges for insider trading relating to his sales of Equifax stocks in advance of the company’s announcement regarding the May 2017 data breach.
Prevent bot traffic from ruining Google Analytics
Distil Bot Discovery for Google Analytics is a free offering that will give website owners the ability to understand the impact of bots on their business. The service is provided by Distil Networks, a company specializing in bot detection and mitigation services.
Microsoft kicks off bounty program for speculative execution bugs
Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities (a hardware vulnerability class that affects CPUs from multiple manufacturers), as well as bugs that can be misused to bypass Windows and Azure Spectre and Meltdown mitigations.
Cybercriminals launder money through mansions, private islands and crypto currency
Cybercriminal proceeds make up an estimated 8-10 percent of total illegal profits laundered globally, amounting to an estimated $80-$200 billion each year, according to a nine-month academic study by Dr. Mike McGuire, Senior Lecturer in Criminology at Surrey University.
Binance offers $250,000 for info about hackers who targeted its users
Binance, the popular Chinese cryptocurrency exchange with a focus on crypto-to-crypto trading, has put a $250,000 bounty on the heads of the hackers who tried to pull off a heist earlier this month by compromising user accounts.
Meltdown and Spectre will delay patching for most organizations
Applying the Meltdown and Spectre patches has been a long, frustrating process for many organizations and the survey findings show it is far from over.
Research explores minority representation within the cybersecurity field
A new (ISC)2 report measures minority representation in the U.S. cybersecurity profession and aims to understand the challenges these highly skilled individuals experience.
Cyber resiliency: Risks organizations take every day
77 percent of respondents to a study conducted by Ponemon Institute admit they do not have a formal cyber security incident response plan (CSIRP) applied consistently across their organization.
Healthcare industry: Attacks outpacing investments in personnel, education and resources
62 percent of the 627 executives surveyed admitting to experiencing an attack in the past 12 months, and more than half losing patient data as a result.
Researchers find critical flaws in SecurEnvoy SecurMail, patch now!
If you’re a user of SecurEnvoy SecurMail and you haven’t yet implemented the latest patch, do so now – or risk getting your encrypted emails read by attackers.
New infosec products of the week: March 16, 2018
A rundown of infosec products released last week.