Oracle releases out of cycle fix, Cisco patches six critical vulnerabilities

Both Oracle and Cisco released patches in the last couple of days, though Oracle’s patches are considered out-of-cycle and critical.  Cisco’s patches are part of their standard semi-annual IOS security advisory notice.

Krebs – Crooks Steal, Sell Verizon Enterprise Customer Data

Ironic for sure, but this breach makes sense simply because of how rich the target environment is.  Verizon has a strong team of IT Security professionals, so I feel confident this will be handled appropriately and expeditiously.

W-2 Data Breach places 21K Sprouts Farmers Market employees at risk

This is yet another example of a well-crafted phishing attack that has resulting in the compromise of significant PII.  These issues are not combated by technical controls alone.  Organizations must dedicate resources to effective user awareness training and design policies and procedures that allow for proper checks and balances.  IT can not solve all problems.

House subcommittee hearing discusses making cyber insurance more accessible

This is an important conversation well worth having.  Cyber Insurance is an important part of an IT Security risk management strategy.  In many industries, despite the best controls, a breach is inevitable.  Having a strong policy in place to offset those costs and provide expertise in the areas like forensics and public relations can be the difference between weathering an event and shuttering the doors of the business.