Another day, another retail card breach to ponder and lose sleep over. Enjoy!
Month: September 2017
Understanding the Cyber Kill Chain
This is a great overview of the cyber kill chain and why it is important to every IT security program. It is a sound methodology to understand and this article is well worth the read.
https://www.cybrary.it/2017/09/understanding-the-cyber-kill-chain/
Security’s #1 Problem: Economic Incentives
This article is an very intriguing read. The economics of software are hard, whether the applications are public facing and for resell or the development is internal to an organization. Security is far too often an afterthought or a nice to have in the development cycle. True devops programs and security officers should partner. Instead, they complete.
Sadly, the only real mechanism that addresses these problems today is fear – fear of penalties and fear of non-compliance. We should be motivated by security itself – a desire to protect customer data, to provide a more secure, robust service. It will take consumers willing to demand such a high-caliber standard before the market will adjust and the economics will justify a more mature, secure development cycle.
Sophos Weekly Recap
Five Cyber Threats Every Security Leader Must Know About
Though a bit sales’y, this is a nice overview of 5 core cyber threats all security professionals should be pondering. Enjoy!
https://blog.fortinet.com/2017/09/20/five-cyber-threats-every-security-leader-must-know-about
FedEx: NotPetya Cost Us $300 Million
This is yet another great example of the cost of a compromise, and more specifically, the cost of a serious ransomware infection. Hopefully, this article will cause readers to pause and reconsider how organizations can and should approach these threats.
https://www.infosecurity-magazine.com/news/fedex-notpetya-cost-us-300-million/
Critical VMware vulnerability, patch and update now
Please review your VMWare deployments and patch accordingly.
https://nakedsecurity.sophos.com/2017/09/21/critical-vmware-vulnerability-patch-and-update-now/
Krebs – Equifax Breach: Setting the Record Straight
This is a good update/recap of the current Equifax situation from Mr. Krebs. Enjoy!
https://krebsonsecurity.com/2017/09/equifax-breach-setting-the-record-straight/
Ransomware hack targeting 2 million an hour
Details surrounding this cyberattack are scarce and the severity is largely unknown, though initial information points to a large, very serious attack. More details to come as they become available. Be cautious and spread the word!
https://www.axios.com/ransomware-hack-targeting-2-million-an-hour-2487583502.html
1.9 Billion Data Records Exposed in First Half of 2017
Ponder these statistics and then realize that these statistics do not include any data associated with the Equifax breach. This problem is not going away and it is not getting better. Data is being compromised at an alarming rate. Be prepared!
Virtual Sweater Vest 