Here’s an overview of some of last week’s most interesting news and articles:
Industrial cybersecurity: Protecting OT from IT
A powerful technique for protecting OT from IT, or to enforce whatever separation is required to ensure the integrity of industrial control infrastructure, involves controlling the direction of traffic into or out of an ICS enclave.
Three security trends to watch for at Black Hat USA 2018
As a cybersecurity investor who closely follows the latest trends in cybersecurity, Idan Ninyo, CTO at YL Ventures, believes there are three areas that are particularly interesting and warrant a closer investigation at this year’s conference: cryptocurrencies, medical devices, and machine learning.
Compromised MikroTik routers power extensive cryptojacking campaign
A massive cryptojacking campaign that relies on compromised MikroTik routers serves users with pages injected with the Coinhive mining script.
Top 10 list of dark web activities that indicate a breach
Research analysts at Terbium Labs released a list of the most common activities seen on the dark web that indicate a breach, or other unwanted incident, has taken place.
How the SamSam attacker stole millions from US companies
A new report by Sophos, whose researchers followed the money and tracked down a considerable number of the victims who were hit and paid the ransom, offers new insight into the attacker’s modus operandi and advice for organizations how to protect themselves against this menace.
CEO guidance: Handling dynamic change in the cybersecurity industry
Before helming SonicWall, Bill Conner was president and CEO of Silent Circle. Before that, and for over twelve years, he was the president and CEO of Entrust. And for a decade before that, he held various executive positions at Nortel Networks. So when he offers advice on “how to CEO well” in the infosec industry, it’s worth it to take the time and listen.
Employees who witness compliance violations twice as likely to leave company
Twenty-nine percent of employees observed at least one compliance violation at work in 2016 or 2017, according to a survey by Gartner. The survey, which sampled more than 5,000 employees at all levels, found that these workers are twice as likely to leave their organization.
Cybercrime gangs continue to go where the money is
According to the APWG’s new Phishing Activity Trends Report, phishing in the first part of 2018 surged 46 percent higher than late 2017.
Six best practices to follow in access control
Finding the right access control for your organization is best done in stages. In this way, you’ll be able to foresee costs and activities that you must tackle both on short-term and long-term basis, and keep your staff and business assets consistently safe.
Securely deploying automation for business benefit
It is imperative that any organisation considering automating its processes is able to successfully identify, understand and avoid the most common security issues associated with the technology itself.
Google to warn G Suite admins of government-backed attacks
Google started warning Gmail users of state-sponsored attacks in 2012 and now the option has been made available to G Suite admins.
Reddit suffers data breach despite using SMS-based 2FA
Popular social news aggregation and discussion website Reddit has suffered a breach. The attacker broke into some of its systems and got access to some user data, but did not manage to modify any of the site’s content.
Idaho inmates hacked prison system to add money to their accounts
364 inmates at five correctional facilities in Idaho have managed to add nearly a quarter million dollars worth of credit to their JPay accounts by exploiting a vulnerability in the system.
CompTIA PenTest+ certification now available worldwide
CompTIA launched CompTIA PenTest+, its newest credential for cybersecurity professionals around the world. CompTIA PenTest+ provides an assessment of the knowledge and skills needed to run a penetration testing program.
Achieving compliance: GDPR, CCPA and beyond
AB 375, or the California Consumer Privacy Act (CCPA) of 2018, was signed into law by California Governor, Jerry Brown, on June 28, 2018 and is recognized as one of the toughest privacy laws in the U.S. The statute requires companies to disclose to California residents what information is being collected on them and how it will be used. Companies have 18-months to prepare for this new law to go into effect; it’s set to begin in January 2020.
How rogue data puts organisations at risk of GDPR noncompliance
While progress has been made in privacy and control procedures for managed data typically held in customer and/or patient databases and business applications, most organisations will (reluctantly) admit to a problem of “rogue” personal identifiable information (PII) that is not under some form of direct IT control and governance.
Building a sound security strategy for an energy sector company
CISOs working in energy and industrial organizations have to understand the cybersecurity risks they are facing and pinpoint the things that need to be protected.
LogMeIn unveils secure federated login to LastPass with Active Directory
LastPass by LogMeIn announced a new integration with Microsoft’s Active Directory Federation Services (“ADFS”), providing organizations utilizing Microsoft ADFS with the ability to allow employees to access LastPass with their Active Directory (“AD”) credentials.