There are multiple versions of any given story and somewhere in the middle we find the truth. There has been a huge fuss online concerning the statements of this one FBI agent concerning ransomware. I fully expected the FBI to back away from his comments. That said, pragmatically, in the absence of decent backups and security controls, many organizations will find themselves leaning toward simply paying the bitcoins and walking away to fight another day.
Month: October 2015
CISA Passes Senate Without Addressing Privacy Concerns
This is yet another milestone as this legislation moves forward. It does seem a vague in terms of true usage and privacy definitions.
https://threatpost.com/cisa-passes-senate-without-addressing-privacy-concerns/115188/
Krebs – Cybersecurity Information (Over)Sharing Act?
There are a tremendous number of complex ideas to consider when debating this legislation. This article from Mr. Krebs is a good start to the conversation. I intend to add my two cents at a later date.
http://krebsonsecurity.com/2015/10/cybersecurity-information-oversharing-act/
Sophos Weekly Recap
New Android Marshmallow devices must have default encryption, Google says
This is a great move forward by Google and the Android OS.
Using Two-Factor Authentication for the Administration of Critical Infrastructure Devices
This article is a great reminder of the value of two-factor authentication and is well worth a read.
Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule
Please patch accordingly. This is a known exploited threat.
https://threatpost.com/emergency-adobe-flash-zero-day-patch-arrives-ahead-of-schedule/115073/
