Week in review: Threat modeling, blockchain and security, new issue of (IN)SECURE

Here’s an overview of some of last week’s most interesting news and articles:

Cisco plugs critical flaws in many switches, security appliances
Cisco has released security updates to address a bucketload of vulnerabilities affecting multiple products, including 24 critical and high-severity flaws found in many of its switches, next generation firewalls and security appliances.

Threat modeling: What’s all the buzz about?
Threat modelling works to identify, communicate, and understand threats and mitigations within the context of protecting something of value.

(IN)SECURE Magazine issue 58 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.

Inferring Internet security posture by country through port scanning
In this podcast, Tod Beardsley, Director of Research at Rapid7, talks about the recently released National Exposure Index, which aims to better understand the nature of Internet exposure – services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet – and how those exposure levels look around the globe.

Will blockchain power the next generation of data security?
Cryptocurrency is only one implementation of the underlying technology innovation that has the ability to transform the way future technology products are designed and built.

French authorities dismantle Black Hand dark web market
The operation resulted in the arrest of the site’s administrator (the original press release used the female form of the word, so it could be a woman) and several other suspects.

Why cybercriminals are turning to cryptojacking for easy money
A website running a mining script is likely to make less than a dollar a day, so unless the criminal is satisfied with making enough money for a cup of coffee a week, they will need to think bigger. Enterprise networks are an ideal target, as they will allow the attacker to gain access to thousands of machines.

3,000+ mobile apps leaking data from unsecured Firebase databases
Appthority published research on its discovery of a new HospitalGown threat variant that occurs when app developers fail to require authentication to Google Firebase databases.

Fraudster exploited US govt staff info stolen in 2015 OPM breach
The data breach suffered by the Office of Personnel Management (OPM) is, by now, very old news, but some of the people involved and affected are still feeling the repercussions.

Working through the cybersecurity skills gap
With an expanding pool of threats to deal with and a shrinking pool of qualified people to address them, how do we tackle this serious problem? The obvious answer is recruiting more qualified people to do the job. But simply increasing our ranks isn’t going to fully resolve the problem.

Office 365 users targeted by phishers employing simple HTML tricks
Phishers are using a simple but effective trick to fool Microsoft’s NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages.

Early detection of compromised credentials can greatly reduce impact of attacks
In this podcast, Patryk Pilat, Head of Engineering and Cyberthreat Intelligence at Blueliv, talks about the report, and illustrates how these startling increases in cybercriminal success rates suggest that the credential theft industry is growing in the European region both in innovation and scope.

Major trends in app development, agile/DevOps maturity, and low-code adoption
OutSystems published its research report on the state of application development and the challenges faced by application development and delivery teams in all industries across the world.

Disruptive technologies in fintech to watch
Juniper Research has revealed the top 10 technologies set to disrupt the fintech industry in 2018 and 2019.

Execs don’t believe their companies learn the right lessons in cybersecurity
The Economist Intelligence Unit (EIU) and Willis Towers Watson surveyed over 450 companies across the globe about their strategies and the challenges they face in building cyber resilient organizations.

New infosec products of the week​: June 22, 2018
A rundown of infosec products released last week.