Week in review: How data becomes intelligence, email security predictions, EU bug bounties

Here’s an overview of some of last week’s most interesting news and articles:

The attack surface is growing faster than it has at any other point in the history of technology
Avast launched its annual Threat Landscape Report, detailing the biggest security trends facing consumers in 2019 as collected by the Avast Threat Labs team.

Four cybersecurity trends every CIO should know
The cybersecurity landscape in 2019 will likely bolster bigger, more complex threats and developments. Given the intricacy of today’s cyber security challenges, organisations will need to adopt a security approach that requires digital support and increased collaboration from both IT and security teams. So, what key trends can we expect to see in this new year?

Deception for proactive defense
This article is fourth in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of using deception as part of a proactive defense, including strategies for deception deployment, post-compromise, incident response, and mitigation against returning attackers.

G Suite warns admins about domain data exfiltration attempts
Google has rolled out new options for the G Suite alert center, to help administrators battle phishing emails more efficiently and spot data export operations initiated by attackers.

Understanding how data becomes intelligence is central for any successful security program
Threat intelligence is one of the hottest terms in information security at the moment. But, as with so many buzzwords, it is often overused and misused. All the buzz has created a lot of confusion.

Zerodium offers $2 million for remote iOS jailbreak, $1 million for WhatsApp RCE
Zero-day exploit broker Zerodium has raised again the payouts it offers for most desktops/servers and mobile exploits.

Top vulnerabilities hospital executives should address immediately
The three most critical and common high-security cyber risks facing healthcare delivery organizations and their partners have been uncovered in an analysis by the Clearwater CyberIntelligence Institute (CCI).

GDPR: Five tips for organizations to remain compliant
As 2019 nears, it is vital that businesses continue to assess their organization’s GDPR strategy. Here are our top five tips to not only remain compliant in 2019, and long into the future, but also reap the rewards of doing so.

Email security predictions: What we can expect in 2019
Email is unique in that it is both one of the most venerable and simultaneously one of the most vulnerable systems that professionals use every day.

Battling attacks from global criminal networks in the financial sector
Banks and financial institutions are under ever-increasing pressure to protect their customers’ assets, while at the same time balancing regulatory changes and business pressure to provide optimal customer experience in a very competitive world.

Most popular home routers lack basic software security features
It’s no secret that too many Internet of Things devices lack adequate security. But is it too much to expect that out home routers – the devices that “provide” us with a working Internet connection – implement the most basic software security hardening features? Apparently, it is.

EU launches bug bounties on free and open source software
After setting up a bug bounty program for VLC Media Player in late 2017, the European Commission (EC) has announced the launch of 14 new ones that will cover other free and open source software used by European Union institutions.

Cisco fixes serious DoS flaws in its email security appliances
Cisco has plugged a heap of security holes in many of its products, including two vulnerabilities (one critical) that open its email security appliances to denial of service attacks.

The average PC gamer has experienced almost 5 cyberattacks due to poor security habits
McAfee has released results from its survey, Game Over: The Future of Gaming Security, finding that while gamers profess to exhibit good cybersecurity habits there’s still work to do.

Encryption backdoors open a Pandora’s Box for cybersecurity
No one would argue that encryption isn’t beneficial. But we should acknowledge that this move towards default encryption is a major change, and while it’s a great thing for privacy, it’s a real challenge for enterprise and governmental security.

The rising importance of Data Loss Prevention in today’s data protection landscape

In this podcast, Roman Foeckl, founder and CEO of CoSoSys, talks about the growing importance of Data Loss Prevention at both endpoint and development level.

Modern CISO challenges: Implementing DevSecOps, improving security operations
We sat down with Aaron Contorer, CEO at FP Complete, to learn more about what enterprises can do to increase their cybersecurity, the challenges related to DevSecOps implementations and improving overall security operations, and much more.

Juniper releases barrage of security fixes for security, networking devices
Juniper Networks has released patches for vulnerabilities affecting its networking and security devices running Junos OS, as well as a bucketload of security flaws in the Junos Space Network Management Platform, the Juniper Advanced Threat Prevention (JATP) appliance, and the SRX Series networking firewalls.

Is Privileged Access Management still a pain?
Privileged accounts are one of the fundamental building blocks of the IT environment, used by humans, applications and services to run tasks requiring elevated permissions. Accordingly, privileged accounts have many advanced powers and permissions

Infosec products of the week: January 11, 2019
A rundown of infosec products released last week.