Here is the weekly roundup :
|
Chinese Cybercriminal Gang Use Dropbox To Target Media Companies
|
|
An APT (Advanced Persistent Threat) gang originating from China that are allegedly responsible for attacks targeting foreign governments and ministries are now focusing their efforts at several Hong Kong-based media companies while using Dropbox, according to an independent security firm.
|
|
China Claims to Have Arrested OPM Hackers
|
|
The Chinese government has arrested a number of hackers that were related to the breach of the Office of Personnel Management’s (OPM) database this year, according to reports.
|
|
Australian Bureau of Meteorology Hacked, China Blamed
|
|
Australian media is reporting a major cyber-attack against Australia’s Bureau of Meteorology that is likely to have compromised sensitive security information. China is being blamed for the attack.
|
|
Blackberry Refuses to Give in to Pakistan’s Backdoor Request
|
|
Phone manufacturer Blackberry is withdrawing from the Pakistani market entirely after refusing to give in to the demand of backdoor access by the nation’s government. The request was to install a backdoor access to the company’s enterprise products.
|
|
Backdoor Found in 600,000 Cable Routers
|
|
A security researcher in Brazil has discovered a ‘backdoor within a backdoor’ vulnerability present in Arris cable modems that can potentially grant an attacker the ability to tinker with and rewrite the modem’s firmware.
|
|
Microsoft Turns up Security for Enterprise Systems
|
|
Computing giant Microsoft is reigning in new security measures for enterprises to nullify the threat of adware that often comes packaged in the installers of free software.
|
Interesting Reading From Around the Web:
|
Buy Kids iPhones And Kill Connected Toys -- Hacker Advice To Parents After Awful VTech Breach
|
|
Security experts who’ve overseen hacks of digital dollies and toy tanks in the last year have some simple advice for parents: buy kids’ devices with decent data protection mechanisms such as the Apple iPhone and avoid connected toys until manufacturers have proven themselves trustworthy when it comes to security.
|
|
OPM Breach: Credit Monitoring vs. Freeze
|
|
Many readers wrote in this past week to say they’d finally been officially notified that their fingerprints, background checks, Social Security numbers, and other sensitive information was jeopardized in the massive data breach discovered this year at the Office of Personnel Management (OPM). Almost as many complained that the OPM’s response — the offering of free credit monitoring services for up to three years — won’t work if readers have taken my advice and enacted a “security freeze” on one’s credit file with the major credit bureaus. This post is an attempt to explain what’s going on here.
|
|
OPM Struggles With Security Compliance
|
|
Despite making some security improvements, the Office of Personnel Management is still struggling to comply with recommendations that the Inspector General's office has made repeatedly – making it vulnerable to another breach.
|
Upcoming Events:
New Jersey Chapter ISSA Meeting
We are proud to announce that we will be a proud sponsor of the December 7th meeting ISSA NJ Chapter meeting. Please join us for an evening focused on Threat Detection and Incident Response. Our incident respondents Paul Kubler and Dusan Petricko will be presenting. Hope to see you there!
December 9, 2015, Deloitte, Parsippany, NJ
|
LIFARS at the Cybertech 2016: The Anatomy of an APT Attack
Cybertech is the most significant conference and exhibition of cyber technologies outside of the United States.
Wondering what an APT attack looks like under the microscope? In this 3 hour workshop, we will examine the process of response to an APT attack in some real-world scenarios. We will also elaborate on the process of detonation of malware, the forensic investigation, and more.
FOR A 10% DISCOUNT, PLEASE USE THE FOLLOWING CODE:
LIFARS cybertech20
January 26-27, 2016, Tel Aviv, Israel
|
|
Featured Article:
Fending off cyber extortion can be difficult
There is a common theme running through many of the recent massive data breaches: cyber extortion. This new trend is gaining popularity on both corporate and individual level. To effectively combat this threat, a good understanding of the problem is necessary. Let's fix that.
On-Demand Webinar:
Best Practices for Cyber Security Incident Response (IR)
Whether you are a large or small company building an effective Incident Response (IR) may seem daunting in the wake of the ever increasing sophistication of threats. In this webinar we will cover the best practices of an effective Incident Response for cybersecurity.
Featured Slideshow:
The First 24 Hours After a Breach
A major company has been hacked, suffering a data breach. How do companies the size of Sony handle such situations? Various departments, including legal, tech and PR come together to meet with the management and workout a plan on how to handle the crisis. This presentation will focus on both -- companies with a data breach response plan and those without one. We'll shed some light on what the first 24 hours post-breach looks like for a major company.
Featured Content:
Cybersecurity While Traveling
The majority of us travel quite frequently, and yet we give little thought to how we keep our identity and data safe while doing so. This guide will provide you with some basic rules to follow when traveling that will significantly increase your security and privacy.
Business Continuity Planning and Disaster Recovery
Disasters can hit your organization at any time. But, as this new ebook from SC Magazine reveals, there are tools and strategies to help get formal security plans and policies in place to best serve your enterprise when, during and after a data breach strikes.
|
