Here’s an overview of some of last week’s most interesting news, podcasts and articles:
How can Office 365 phishing threats be addressed?
The frequency of phishing within Office 365 is estimated to cost the average organization 1.3 compromised accounts each month via unauthorized, third-party login using stolen credentials.
Personal encryption usage is increasing
According to a Venafi survey of 512 security professionals attending RSA Conference 2018, sixty-four percent of respondents say their personal encryption usage has increased due to recent geopolitical changes.
Google will force Android OEMs to push out security patches regularly
Android P, the ninth major version of the widely-used mobile OS, is expected to be released later this year. Google has already announced a slew of security and privacy improvements that will be shipped with it, but David Kleidermacher, head of Android security at the company, has recently shared more welcome news: the company is working to make sure that all Android OEMs are delivering patches regularly to their devices.
Telegrab: Russian malware hijacks Telegram sessions
Researchers have discovered and analyzed an unusual piece of malware that, among other things, seeks to collect cache and key files from end-to-end encrypted instant messaging service Telegram.
US Senate votes to save net neutrality
The US Senate has voted in favor of net neutrality by approving a Congressional Review Act resolution that would undo the Federal Communications Commission’s December decision to dismantle the Obama-era net neutrality rules.
Are security pros happy with their jobs and salaries?
Do security professionals like their jobs and would they recommend a career in cyber security to those looking into one? What do they like about their jobs and what motivates them in their work? Are they satisfied with their pay? What emerging technologies are they most excited about, and do they feel threatened by the increased use of AI and machine learning in their field? Exabeam has posed these and other interesting question to 481 security professionals worldwide who decided to participate in their survey.
Sometimes employees follow cybersecurity best practices beyond company policies
In several areas of cybersecurity, employees exhibit secure behavior that goes beyond their company’s policy.
Threat analytics: Keeping companies ahead of emerging application threats
For best security practice, and the lowest risk of a breach, application protection needs to be updated regularly and address the current threats.
Phishers increasingly targeting cloud storage and SaaS
The Anti-Phishing Working Group (APWG) has been tracking notable increases in phishing campaigns that target SAAS/webmail providers, as well as increased attacks on financial / banking targets and cloud storage and file-sharing sites.
IBM employees banned from using portable storage devices
In an attempt to minimize sensitive data loss, IBM will try out a worldwide, company-wide ban on the use of removable portable storage devices such as USB sticks, SD cards, and flash drives.
Companies ditch data as GDPR deadline approaches
A new study from IBM reveals that nearly 60 percent of organizations surveyed are embracing the GDPR as an opportunity to improve privacy, security, data management or as catalyst for new business models, rather than simply a compliance issue or impediment.
How consumers are embracing IoT
A CSG survey, which polled more than 2,000 consumers between the ages of 18 and 64, evaluated consumer understanding, usage and sentiment about current and future IoT applications.
Careless researchers expose millions of Facebook users’ sensitive data
If you needed another reason to stop sharing intimate information with apps on Facebook or Facebook itself, consider this newest revelation: academics at the University of Cambridge have been using the data harvested through myPersonality, a popular personality app, as a basis for a tool used for targeting adverts based on personality types. The even worse news in this case is that they put the data on a website to share with other researchers, without thoroughly anonymizing it and that, for four years, this data was accessible to anyone who discovered access credentials posted on GitHub.
Automating web app testing to secure your environment
In this podcast recorded at RSA Conference 2018, Dave Ferguson, Director, Product Management for Web Application Security at Qualys, talks about the challenges and benefits of automating web app testing, Qualys Browser Recorder, as well as Qualys Web Application Scanning.
Combating fraud and money laundering with graph analytics
As the fight against money laundering continues, AML (anti money laundering) compliance has become big business.
GDPR compliance: Identifying an organization’s unique profile
While it’s worth noting that fines for non-compliance among enterprises can reach up to 4% of an organization’s annual worldwide turnover – an estimated $480 million for the average Dow Jones-listed company – it’s also important not to allow fear and uncertainty to cloud the planning and decision-making surrounding GDPR.
Most businesses believe stronger data protection policies will lead to fewer breaches
In light of new data privacy legislations, a new Webroot report looks at how businesses in the U.S., U.K., and Australia are adjusting to new data security measures in order to meet compliance requirements. Specifically, the report measures organisations’ readiness to comply with the General Data Protection Regulation (GDPR), and Australia’s Notifiable Data Breaches (NDB).
25% of companies affected by cloud cryptojacking
Cryptojacking has unquestionably gone mainstream. Despite heavy media and industry attention, organizations are struggling to meet compliance requirements in public cloud environments, according to RedLock.
Hackers can jump from passenger Wi-Fi to train control networks
Setting up a Wi-Fi network for passengers to use is practically a must for railway companies these days. Unfortunately, that welcome add-on for travelers can become a means for attackers to gain access to other networks and systems.
Exposing the threat of shadow devices
Infoblox announced new research that exposes the significant threat posed by shadow devices on enterprise networks.
New infosec products of the week: May 18, 2018
A rundown of infosec products released last week.