Week in review: Zero-login, Magecart threat, cybersecurity expert shortage

Here’s an overview of some of last week’s most interesting news and articles:

Dealing with a system launch: It requires more than just testing
Rolling out new IT systems or software can be a challenge and fraught with issues from day one – and the recent IT crisis with TSB has shown how damaging these can be if managed poorly.

Only 65% of organizations have a cybersecurity expert
Despite 95 percent of CIOs expecting cyberthreats to increase over the next three years, only 65 percent of their organizations currently have a cybersecurity expert, according to a survey from Gartner.

Magecart presents an unprecedented threat: Here’s what you can do
Magecart activities show that attackers are looking for economies of scale and are searching for and able to attack hundreds of companies at once.

Diffy: A triage tool for cloud-centric incident response
The name of the tool comes from its function: it identifies differences between instances that might point to a compromise (an unexpected listening port, a running process with an unusual name, a strange crontab entry, a surprising kernel module, etc.).

Attention all passengers: Airport networks are putting you at risk!
Coronet released a report identifying San Diego International Airport, John Wayne Airport-Orange County (CA) International Airport and Houston’s William P. Hobby International Airport as America’s most cyber insecure airports.

How hackers exploit critical infrastructure
The traditional focus of most hackers has been on software, but the historical focus of crime is on anything of value. It should come as no surprise, therefore, that as operational technology (OT) and industrial control system (ICS) infrastructure have become much more prominent components of national critical infrastructure, that malicious hacking activity would be increasingly targeted in this direction.

Cisco plugs serious flaws in Policy Suite, SD-WAN, and Nexus switches
Cisco has issued another batch of fixes, plugging a number of critical and high severity holes in its Policy Suite, SD-WAN, and Nexus products.

Microsoft tops list of brands impersonated by phishers
The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Secure. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic.

Do you have what it takes to become a Chief Scientist in the infosec industry?
Igor Baikalov, Chief Scientist at security analytics firm Securonix, was fortunate to accumulate the “essential ingredients” for the Chief Scientist role during his earlier career.

How to use the cloud to improve your technology training
Informal on-the-job training has been the norm for most IT teams. However, the rise of cyberthreats and the pace at which they arise leaves companies looking for more structured and timely security education.

Inside look at lifecycle of stolen credentials and extent of data breach damage
Shape Security released its Credential Spill Report, shedding light on the extent to which the consumer banking, retail, airline and hospitality industries are impacted by credential stuffing attacks and account takeover.

Only 20% of companies have fully completed their GDPR implementations
Key findings from a survey conducted by Dimensional Research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation.

Zero login: Fixing the flaws in authentication
We are moving into a post-password zero-login age, with new biometric technologies and other PII innovations helping to secure a fast, easy, frictionless personalised experience for every single application we need to access on a daily basis.

Microsoft offers bug bounties for holes in its identity services
Microsoft is asking security researchers to look for and report technical vulnerabilities affecting its identity services and OpenID standards implementations, and is offering bug bounties that can reach as high as $100,000.

Many infosec professionals reuse passwords across multiple accounts
Lastline announced the results of a survey conducted at Infosecurity Europe 2018, which suggests that 45 percent of infosec professionals reuse passwords across multiple user accounts – a basic piece of online hygiene that the infosec community has been attempting to educate the general public about for the best part of a decade.

Rain Capital: Venture fund seeks to back cybersecurity companies led by women and minorities
A new venture fund that will focus on providing capital, strategy, critical resources and unique insights to early-stage cybersecurity companies in Silicon Valley has been officially launched last month.

Cyber Chief Magazine: GDPR Winning Moves
This issue delivers a ready-to-use GDPR kit packed full of how-to’s and practical tips that companies need to implement so they don’t end up on the wrong side of an audit.

George Gerchow, CSO at Sumo Logic: Our DevSecOps strategy
Sumo Logic was founded in 2010 by experts in log management, scalable systems, big data, and security. Today, their purpose-built, cloud-native service analyzes more than 100 petabytes of data, more than 16 million searches, and delivers 10s of millions of insights daily – positioning Sumo among the most powerful machine data analytics services in the world. In this podcast, George Gerchow, CSO with Sumo Logic, talks about their DevSecOps strategy.

Free training courses on DDoS protection, from introduction to mitigation
The DDoS Protection Bootcamp is the first online portal to provide in-depth technical training in the field of DDoS protection.

GitHub adds Python support for security alerts
GitHub has announced that its recently introduced feature for alerting developers about known vulnerabilities in software packages that their projects depend on will now also work for Python packages.