Information Security Wire

Woodstock Wire: Information Security Wire

Office 365 Phishing Attack Using Fake Non-Delivery Notifications

Infosec - TripWire - The State of Security - A new phishing attack is using fake non-delivery notifications in an attempt to steal users' Microsoft Office...
Mon, 17 Dec 2018 15:13:27 - #microsoft #tripwire #phishing #security

5 Key Components Every Company Should Have in Their Privacy Policy

Infosec - TripWire - The State of Security - As a business owner, you're no stranger to the myriad moving parts that keep the day-to-day business going....
Mon, 17 Dec 2018 12:42:39 - #tripwire #security

Chinese Hackers Breach U.S. Navy Contractors - WSJ

Counterfeit Parts - Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts...
Sun, 16 Dec 2018 20:13:46 - #usnavy #security

World's Biggest Data Breaches & Hacks [UPDATED]

Information Is Beautiful - Another week, another three data breaches. Track the biggest and most notable of the last ten years in one interactive dataviz. See the graphic...
Sun, 16 Dec 2018 19:41:21 - #cybersecurity #security

US ballistic missile defense systems (BMDS) open to cyber attacks

Infosec - Security Affairs - U.S. Ballistic Missile Defense Systems Fail Cybersecurity Audit

US DoD Inspector General's report revealed United States'...
Sun, 16 Dec 2018 19:03:29 - #cybersecurity #security

How threat actors are using SMB vulnerabilities

Infosec - Malwarebytes Unpacked - Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message...
Sun, 16 Dec 2018 19:03:28 - #microsoft #cybersecurity #64bit #firewall #security

2019 Will See Cybercriminals Eye Opportunities in Cryptocurrency and IoT to Launch Their Attacks

Infosec - Zscaler Research - Cybercriminals never take vacations. They're always scanning the horizon to see which new technologies are being adopted by...
Sun, 16 Dec 2018 19:03:27 - #supplychain #ddos #datacenter #iot #cybersecurity #zscaler #phishing #blockchain #security

How HTTPS Everywhere Keeps Protecting Users On An Increasingly Encrypted Web

Infosec - EFF Deeplinks - Way back in 2010, we launched our popular browser extension HTTPS Everywhere as part of our effort to encrypt the web. At the...
Sun, 16 Dec 2018 19:03:26 - #baidu #cybersecurity #security

Fortifying the Cybersecurity of Federal Agencies With the CDM Program

Infosec - Recorded Future - Any organizations and agencies that are required to comply with Continuous Diagnostics and Mitigation (CDM) standards and are...
Sun, 16 Dec 2018 19:03:25 - #cybersecurity #threatintelligence #security

The Economics Fueling IoT (In)security

Infosec - Dark Reading - Attackers understand the profits that lie in the current lack of security. That must change.
Sun, 16 Dec 2018 19:03:24 - #iot #security

Email security best practices your team should be following right now

Infosec - ProtonMail - The single biggest threat to your business's online security is malicious emails. As owners and managers, it's up to you to require...
Sun, 16 Dec 2018 19:03:23 - #cybersecurity #phishing #gdpr #security

New RiskIQ Research Highlights the Dangers of Downloading Mobile Apps this Holiday Season

Infosec - RiskIQ - As consumers get to grips with their new and second-hand Android smartphones and tablets gifted over the holiday season, many of them...
Sun, 16 Dec 2018 19:03:22 - #android #cybersecurity #riskiq #security

Data scraping treasure trove found in the wild

Infosec - Malwarebytes Unpacked - We bring word of yet more data exposure, in the form of "nonsensitive" data scraping to the tune of 66m records across...
Sun, 16 Dec 2018 19:03:21 - #phishing #security

Bug Hunting Paves Path to Infosec Careers

Infosec - Dark Reading - Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Sun, 16 Dec 2018 19:03:19 - #security

Reframe Your Threat Intelligence With These 3 Analytical Frameworks

Infosec - Recorded Future - Editor's Note: Over the next several months, we're sharing excerpts from our new book, "The Threat Intelligence Handbook."...
Sun, 16 Dec 2018 19:03:18 - #microsoft #cybersecurity #lockheedmartin #phishing #threatintelligence #security

Scanning for Flaws, Scoring for Security

Infosec - Krebs on Security - Is it fair to judge an organization's information security posture simply by looking at its Internet-facing assets for weaknesses...
Sun, 16 Dec 2018 19:03:17 - #supplychain #cybersecurity #phishing #security

PHP Version 5 End of Life: Millions of Websites are About to Become Vulnerable

Infosec - RiskIQ - Beginning this month, versions 5.6 and 7.0 of the server-side scripting language PHP will reach end-of-life and will no longer be supported....
Sun, 16 Dec 2018 19:03:16 - #cybersecurity #firewall #riskiq #security

IoT Security: Lack of best practices will cost you

Enterprise - The Enterprisers Project - As the saying goes, "the only unfair fight is the one you lose." When companies deploy Internet of Things devices,...
Sun, 16 Dec 2018 19:03:15 - #iot #security

Save the Children Foundation duped by hackers into paying out $1 million

Enterprise - ZDNet News - The fraudsters broke into an email account to launch an elaborate scheme designed to scam the charity.
Sun, 16 Dec 2018 19:03:14 - #security

SendGrid posts industry's first inbox protection rate to increase cybersecurity and transparency

Enterprise - Digital Colorado - SendGrid, Inc., a leading digital communication platform, is the first email service provider (ESP) to announce its Inbox...
Sun, 16 Dec 2018 18:41:03 - #cybersecurity #security

'123456,' 'donald,' and other terrible passwords people used this year

Tech - Mashable - For what seems like the umpteenth time, "123456" and "password" are the most commonly used passwords this year.
Those combinations...
Sun, 16 Dec 2018 02:41:15 - #cybersecurity #security

Tigera raises $30M Series B for its Kubernetes security and compliance platform

Tech - TechCrunch - Tigera, a startup that offers security and compliance solutions for Kubernetes container deployments, today announced that it has...
Sun, 16 Dec 2018 01:44:26 - #microsoft #ibm #redhat #devops #docker #cloud #azure #kubernetes #googlecloud #security

It's increasingly looking like China was behind the massive Marriott data hack

Tech - Mashable - All signs point to China when it comes to the massive Marriott hack that came to light last month.
The data breach that exposed personal...
Sun, 16 Dec 2018 01:44:20 - #cybersecurity #security

SendGrid Publishes Industry's First Inbox Protection Rate to Increase Cybersecurity and Privacy Transparency Around the Holidays

Business Wire - SendGrid, Inc. (NYSE: SEND), a leading digital communication platform that drives engagement and growth, is the first email service provider...
Wed, 12 Dec 2018 15:39:46 - #cybersecurity #security

Kaspersky Lab Appoints Maxim Frolov as Managing Director, North America

Business Wire - Kaspersky Lab announced today the appointment of Maxim Frolov to the position of Managing Director in North America, effective immediately.
Wed, 12 Dec 2018 15:39:25 - #cybersecurity #security

7 security to-do's for CIOs in 2019

Enterprise - The Enterprisers Project - What should top your list of cybersecurity priorities? Testing, transparency, and talent, for starters
Wed, 12 Dec 2018 15:13:28 - #cybersecurity #security

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack

Infosec - The Hacker News - Microsoft today, on its year-end December Patch Tuesday, released security updates to patch a total 39 vulnerabilities its...
Wed, 12 Dec 2018 14:38:45 - #microsoft #security

December Patch Tuesday: Year-End Batch Addresses Win32k Elevation of Privilege and Windows DNS Server Vulnerabilities

Infosec - TrendLabs Security Intelligence Blog - The just-released Patch Tuesday for December includes a fix for the actively exploited Win32k Elevation...
Wed, 12 Dec 2018 14:38:44 - #microsoft #phishing #security

49% of Cloud Databases Left Unencrypted

Infosec - Dark Reading - Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research...
Wed, 12 Dec 2018 14:38:43 - #kubernetes #security

Patch Tuesday, December 2018 Edition

Infosec - Krebs on Security - Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft's December...
Wed, 12 Dec 2018 14:38:42 - #microsoft #cybersecurity #security

Misconfigured server exposed half of Brazilian taxpayer ID numbers: report

Infosec - CyberScoop - A database containing personally identifying information of 120 million Brazilian citizens and residents was accessible on the open...
Wed, 12 Dec 2018 14:38:40 - #cybersecurity #security

How to Apply the Risk Management Framework (RMF)

Infosec - TripWire - The State of Security - What is the Risk Management Framework? The Risk Management Framework (RMF) is most commonly associated with...
Wed, 12 Dec 2018 14:38:38 - #tripwire #security

phpMyAdmin Releases Critical Software Update - Patch Your Sites Now!

Infosec - The Hacker News - Developers of phpMyAdmin, one of the most popular and widely used MySQL database management systems, today released an updated...
Wed, 12 Dec 2018 14:38:37 - #security

How to Secure Windows 10 by Disabling Its Password Recovery Questions

Life - Lifehacker - Password-recovery questions have been a part of Windows 10 for more than a year now, but you'll never know they exist if you sign...
Wed, 12 Dec 2018 14:38:32 - #microsoft #security

How Amazon Web Services runs security at a global scale

Enterprise - ZDNet News - AWS CISO told ZDNet that security is job zero for the cloud behemoth.
Wed, 12 Dec 2018 14:38:31 - #cloud #aws #security

Microsoft vulnerability could have exposed the accounts of 400M Office 365 users

Enterprise - SiliconANGLE - A misconfigured subdomain owned by Microsoft Corp. could have exposed the accounts of as many 400 million Office 365 users to...
Wed, 12 Dec 2018 14:38:29 - #microsoft #security

It's December of 2018 and, to hell with it, just patch your stuff

Enterprise - The Register - Windows, Office, Acrobat, SAP... you know the deal
Microsoft, Adobe, and SAP are finishing up the year with a flurry of activity,...
Wed, 12 Dec 2018 14:38:26 - #security

Kubernetes Privilege Escalation Vulnerability - ASM Mitigation

Enterprise - F5 DevCentral - Kubernetes

A bug in the Kubernetes platform has been disclosed this week by its developers. The bug has been marked as critical...
Wed, 12 Dec 2018 13:39:35 - #kubernetes #security

Unit 42 Cloud Security Trends and Tips

Enterprise - Palo Alto Networks Blog - The benefits for enterprises moving to the cloud are clear: greater flexibility, agility, scalability and cost savings....
Wed, 12 Dec 2018 13:39:31 - #paloaltonetworks #cloud #azure #kubernetes #googlecloud #aws #gdpr #security

Over 40,000 credentials for government portals found online

Enterprise - ZDNet Blogs - Malware operators have collected login credentials for government portals in Italy, Saudi Arabia, Portugal, Bulgaria, Romania,...
Wed, 12 Dec 2018 13:39:29 - #cybersecurity #security

A bug left your Microsoft account wide open to complete takeover

Tech - Mashable - Bug bounty hunter Sahad Nk recently uncovered a series of vulnerabilities that left Microsoft users' accounts - from your Office documents...
Wed, 12 Dec 2018 12:37:45 - #microsoft #cybersecurity #cloud #azure #security

New Report Finds Emails Containing Dangerous Attachments Up More Than 25 Percent

Globe Newswire - Technology - Latest ESRA Detected Incumbent Email Security Systems are Leaving Organizations Vulnerable to Dangerous Attachments, Malware, Impersonation...
Wed, 12 Dec 2018 12:37:31 - #cybersecurity #security

A bug in Microsoft's login system made it easy to hijack anyone's Office account

Tech - TechCrunch - A string of bugs when chained together created the perfect attack to gain access to someone's Microsoft account - simply by tricking...
Tue, 11 Dec 2018 22:13:37 - #microsoft #cloud #azure #security

November 2018's Most Wanted Malware: the Thanksgiving Day Botnet Emerges

Globe Newswire - Technology - Check Point's latest Global Threat Index reveals the Emotet botnet rising up the top malware list in November as a result of...
Tue, 11 Dec 2018 21:13:07 - #cybersecurity #botnet #security

Proofpoint Launches the Industry's First People-Centric Attack Index to Easily Identify the Most Targeted Users Within an Organization

Globe Newswire - Technology - Leading cybersecurity company empowers organizations to understand the risks their users face and tailor their security strategy...
Tue, 11 Dec 2018 18:13:10 - #cybersecurity #proofpoint #security

Industry council urges government to prep for a cyberattack that coincides with a natural disaster

Infosec - CyberScoop - A presidential advisory council has warned the White House and Department of Homeland Security in no uncertain terms that a catastrophic...
Tue, 11 Dec 2018 16:13:08 - #supplychain #cybersecurity #security

6 Cloud Security Predictions for 2019

Infosec - Dark Reading - How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
Tue, 11 Dec 2018 16:13:06 - #security

Gartner report sees greater reliance on Privileged Access Management tools

Infosec - Barracuda - We have met the enemy and it's us. That's a feeling many cybersecurity professionals well know. Most security breaches today have...
Tue, 11 Dec 2018 15:39:13 - #microsoft #cybersecurity #ca #devops #phishing #cloud #azure #cyberark #security

HashiCorp Vault 1.0 Open Sources Auto-Unseal, Adds Batch Tokens

Enterprise - InfoQ - HashiCorp has released version 1.0 of Vault, their secrets management tool that open-sources the auto-unseal feature needed to continue...
Tue, 11 Dec 2018 15:39:04 - #kubernetes #hashicorp #security

A Shared Commitment Towards Cloud Security: Expanding Our Partnership with Google Cloud

Enterprise - Palo Alto Networks Blog - At Palo Alto Networks, we have always believed that more and more security services would be delivered from the cloud....
Tue, 11 Dec 2018 15:13:30 - #paloaltonetworks #cybersecurity #firewall #ai #kubernetes #googlecloud #machinelearning #security