Here is the weekly roundup :
|
Security by Design
|
|
Security is the responsibility of the entire organization including employees and third parties. It should be part of an organization’s DNA with every action having a security consideration.
|
|
WD Self-Encrypting Hard Drives Have Data-Exposing Flaws
|
|
Popular Western Digital external hard drives that have an added feature of hardware-based encryption have been discovered to have critical security flaws that allow snoopers and attackers to gain access and recover data without the hard drive owner’s password.
|
|
Let’s Encrypt’s Free HTTPS Certificates Take a Leap Forward
|
|
Non-profit company, Let’s Encrypt, has announced that its free HTTPS certificates are now trusted by all major browsers, making a significant step forward to helping with total HTTPS encryption on all websites on the internet who wouldn’t have to pay for an added layer of protection via encryption.
|
|
Facebook Will Now Warn Users of State-Sponsored Attacks
|
|
Social network giant Facebook will now warn users if their accounts have been targeted or compromised by attackers sponsored by a nation-state.
|
|
Dow Jones Hacked By Russian Hackers: Report
|
|
A group of Russian hackers have successfully hacked servers of Dow Jones, the parent company and owner of Wall Street and other news publications. The motive behind the hack according to investigations so far was to seek trading tips.
|
|
Verizon & AT&T Android Devices Vulnerable Due to LTE Flaw
|
|
A Long Term Evolution (LTE) (also known as 4G) flaw leaves devices on all versions running Android on Verizon Wireless and AT&T vulnerable to “several issues,” according to an independent advisory posted by the Carnegie Mellon University CERT database.
|
|
A New Zero-Day Affects All Versions of Flash
|
|
Adobe has released a new security advisory stating a fix is due for a vulnerability deemed critical by most researchers. The vulnerability affects all versions of Adobe’s Flash player and comes just a day after Adobe’s monthly security update.
|
Interesting Reading From Around the Web:
|
Want Some Nuclear Power Plant 'Zero-Day' Vulnerabilities? Yours For Just $8,000
|
|
How much would a government be willing to pay for hacking tools designed to exploit the systems that control oil, gas and water plants? In many cases, they needn’t pay much at all.
|
|
IBM Runs World’s Worst Spam-Hosting ISP?
|
|
According to anti-spam activists, the title of the Internet’s most spam-friendly provider recently has passed to networks managed by IBM — one of the more recognizable and trusted names in technology and security.
|
|
Credit Unions Prep to Leverage the IoT
|
|
The Internet of Things (IoT), which revolves around machine-to-machine communication, embedded sensors, the cloud and millions of connected objects, could bolster member engagement for credit unions but also create security, privacy and system concerns.
|
Upcoming Events:
The Next Generation of Incident Response
Join LIFARS and Security Serious for a webinar covering, in detail, the process of data breach response from the perspective of an elite IR team member. It will cover the steps taken to properly respond to a breach caused by a sophisticated hacker and go over some real-world case studies.
FOR 50% DISCOUNT, PLEASE USE THE FOLLOWING CODE: LIFARS50
October 28, 2015, BrightTALK
|
|
Upcoming Webinar:
Best Practices for Cyber Security Incident Response (IR)
Whether you are a large or small company building an effective Incident Response (IR) may seem daunting in the wake of the ever increasing sophistication of threats. In this webinar we will cover the best practices of an effective Incident Response for cybersecurity.
Featured Whitepaper:
Threat Centric Identity and Access Management
Conventional security architecture is not very effective. This whitepaper presents a new concept for Threat Centric IAM to address the need to enhance security measures with a threat intelligence approach.
Featured Article:
Getting your Information Security team right
Companies are investing in cybersecurity more than ever and it is a critical and yet a difficult task to bring a team that effectively monitors threats and manages security incidents. Despite the increased trend in spending in cybersecurity by industries and organizations, studies predict a major dearth of skilled security labor in the next decade.
Featured Webinars:
Machine Learning: The Gold Standard for Threat Detection
In this webinar, we analyze working models and discuss the strengths, pitfalls, and high-level trade-offs of using machine learning for successful malware detection.
What’s in Your Incident Response Toolkit?
How do your tools match up to those used by investigators in high-profile breaches? Learn the best incident response tools for finding and sharing data at rest, in transit, and shared outside the organization from Ondrej Krehel of LIFARS, who has worked on the front lines of many headline-making security incidents.
|
