Here’s an overview of some of last week’s most interesting news and articles:
Georgia Tech data breach: 1.3M students and staff potentially affected
The Georgia Institute of Technology, commonly referred to as Georgia Tech, has suffered yet another data breach. This time, the number of affected individuals may have reached 1.3 million.
The CIO’s greatest roadblock to Agile development: Security governance
The greatest roadblock CIOs face when adopting Agile development is not ‘security in general,’ but ‘security governance.’ We can define ‘security governance’ as the establishment of security policies and the continuous monitoring of their proper implementation by stakeholders within an organization.
April Patch Tuesday Forecast: Be aware of end-of-service issues and browser exploits
April Patch Tuesday is nearly here with two significant topics of concern. The first relates to end-of-service milestones and the second issue is browser exploits.
Vulnerability found in Guard Provider, Xiaomi’s pre-installed security app
Check Point Research discovered a vulnerability in one of the preinstalled apps on devices manufactured by one of the world’s biggest mobile vendors, Xiaomi.
Patched Apache flaw is a serious threat for web hosting providers
Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via scripts and could allow unprivileged web host users to execute code with root privileges, i.e. allow them to gain complete control of the machine.
WHOIS after GDPR: A quick recap for CISOs
2018 was a big year for data protection with the implementation of the General Data Protection Regulation (GDPR) last May — forcing CISOs and other professionals to rethink how the personal data of European consumers should be collected and processed.
Consumer routers targeted by DNS hijacking attackers
Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks.
3.1 million customer records possibly stolen in Toyota hack
Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced.
Main threat source to industrial computers? Mass-distributed malware
Malicious cyber activities on Industrial Control System (ICS) computers are considered an extremely dangerous threat as they could potentially cause material losses and production downtime in the operation of industrial facilities.
Automatically and invisibly encrypt email as soon as it is received on any trusted device
While an empty email inbox is something many people strive for, most of us are not successful. And that means that we probably have stored away hundreds, even thousands, of emails that contain all kinds of personal information we would prefer to keep private.
Anomali: Threat detection, investigation and response
In this Help Net Security podcast recorded at RSA Conference 2019, Nicholas Hayden, Senior Director of Threat Intelligence at Anomali, talks about how Anomali arms security teams with highly optimized threat intelligence, powered by machine learning.
Microsoft rolls out new security capabilities for Azure customers
Microsoft has announced new security features for customers of its Azure cloud computing service.
How to Marie Kondo your data
While the #KonMariMethod has put households across America in an organizing frenzy, we found that her tidying principles can also be applied to solve a core challenge for the business world: too much data.
The security challenges that come with serverless computing
Serverless computing (aka Function-as-a-Service) has been a boon to many enterprises: it simplifies the code development and deployment processes while improving utilization of server resources, minimizing costs and reducing security overhead.
Digital transformation goes hand-in-hand with Zero Trust security
Forward-looking organizations are investing in Zero Trust security and strong MFA, modern app development, IaaS, and digital transformation, a recently released Okta report has shown.
Free cybersecurity threat assessment for midsize and large organizations
Cynet unveiled the Cynet Threat Assessment program. The free offering for organizations with 500 or more endpoints identifies critically exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active in the environment, as well as security scoring relative to industry peers.
A LockerGoga primer and decrypters for Mira and Aurora ransomwares
There’s some good news for victims of the Mira and Aurora ransomwares: free decrypters have been made available.
Organizations investing in security analytics and machine learning to tackle cyberthreats
IT security’s greatest inhibitor to success is contending with too much security data. To address this challenge, 47 percent of IT security professionals acknowledged their organization’s intent to acquire advanced security analytics solutions that incorporate machine learning (ML) technology within the next 12 months.
Current and emerging third-party cyber risk management approaches and challenges
Managing third-party cyber risk is critical for businesses, but a lack of continuous monitoring, consistent reporting, and other blind spots are creating challenges that could leave organizations vulnerable to data breaches and other consequences.
To DevSecOps or not to DevSecOps?
Would your organization benefit from introducing DevSecOps? Dan Cornell, CTO of application security company Denim Group, believes that most organizations would. With one caveat, though: they must realize that the transition is, first and foremost, cultural rather than technological.
New infosec products of the week: April 5, 2019
A rundown of infosec products released last week.