Weekly InfoSec Roundup 11/03/17

Friday, November 3rd, 2017 | by

This week’s InfoSec news highlighted the importance of risk management in an ever changing and fast paced cyber security environment. Hilton found themselves in trouble over a data breach that cost them $700,000. Read on for more news and information on risk from this week.

 

  • How to focus C-Suite Attention on the Issue of Cybersecurity
  • “With large-scale cyber attacks becoming increasingly common, having an effective defence strategy in place has never been more important. A big challenge, however, is ensuring senior management fully understands the issue.”
    Read More
     

  • Oracle Fixes “Default Account” Issue Rated 10 Out of 10 on Severity Scale
  • “Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale. The giant software maker has remained tight-lipped about the issue and has not released any type of meaningful explanation in an attempt to delay the start of attacks trying to exploit this flaw as long as possible, giving customers more time to patch.”
    Read More
     

  • Hilton agrees to $700,000 settlement over data breaches
  • “On Tuesday, Attorney General Eric Schneiderman said that the Hilton Domestic Operating Company, formerly known as Hilton Worldwide, will pay $700,000 in recompense for failing in its duty — not simply by having poor security in the first place which allowed the data breaches to occur, but for then leaving customers in the dark.”
    Read More
     

  • Measuring cyber resilience – a rising tide raises all ships
  • “I admit it … I am one of the 143,000,000 people afflicted by the Equifax breach. For those of us who reside in the U.S., that number approaches 60% of all adults, based on recent numbers from the U.S. Census Bureau. Perhaps most unsettling is that failing to perform something as routine as a timely patch produced an event so catastrophic that it cost the CISO, CIO and CEO their jobs.”
    Read More
     

  • WannaCry, Cerber most used ransomware types, hospitals most hit sector, report
  • “WannaCry and Cerber has totally dominated the ransomware landscape so far this year comprising almost all the attacks that have taken place, while other big names such as Locky were barely a blip on the radar.”
    Read More
     

  • Cisco patches 16 vulnerabilities to kick off November
  • “Cisco Systems on Wednesday issued patches and corresponding security alerts for 16 different product vulnerabilities, half of which are considered high impact in nature.”
    Read More
     

  • Another misconfigured Amazon S3 server leaks data of 50,000 Australian employees
  • “Another misconfigured Amazon server has resulted in the exposure of personal data – this time on 50,000 Australian employees that were left unsecure by a third-party contractor.”
    Read More
     

  • Just one day after its release, iOS 11.1 hacked by security researchers
  • “News of the exploits came from Trend Micro’s Mobile Pwn2Own contest in Tokyo, where security researchers found two vulnerabilities in Safari, the mobile operating system’s browser.””
    Read More
     

  • Silence Please: New Carbanak-Like Group Attacks Banks
  • “Researchers have uncovered a new advanced threat group which has targeted at least 10 financial institutions globally using tools and techniques similar to the notorious Carbanak group.”
    Read More
     

  • Cisco Patches Serious DoS, Injection Flaws in Several Products
  • “Cisco Systems on Wednesday issued patches and corresponding security alerts for 16 different product vulnerabilities, half of which are considered high impact in nature.”
    Read More
     

  • Analysis of 3,200 Phishing Kits Sheds Light on Attacker Tools and Techniques
  • “Phishing kits are used extensively by cybercriminals to increase the efficiency of stealing user credentials. The basic kit comprises an accurate clone of the target medium’s login-in page (Gmail, Facebook, Office 365, targeted banks, etc), and a pre-written php script to steal the credentials — both bundled and distributed as a zip file. Successfully phished credentials are mailed by the script to the phisher, or gathered in a text file for later collection. This is commodity phishing; not spear-phishing.”
    Read More
     

  • Shadow IT Growth Introducing Huge Compliance Risks: Report
  • “Shadow IT continues to grow, while senior management remains in denial. The average enterprise now uses 1,232 cloud apps (up 33% from the second half of last year), while CIOs still believe their organizations use between just 30 and 40 cloud apps and services. Within this cloud, 20% of all stored data is at risk from being ‘broadly shared’.”
    Read More
     

  • Hacker holds university for ransom threatens to dump student info
  • “A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD).”
    Read More
     

  • Cybersecurity Pros Can’t Keep Pace with Threat Landscape
  • “Most (54%) cybersecurity professionals believe the threat landscape is evolving faster than they can respond, with a lack of preparation and strategic thinking endemic, according to RedSeal.”
    Read More
     

  • Brinqa @ Cyber Security Summit Boston
  • Brinqa is a platinum sponsor at the upcoming Cyber Security Summit Boston on November 8, 2017. We will be available at booth #27, #28 for product demos and discussions around cyber risk management. Syed Abdur, Director of Product Management, will be hosting a session on “Building a Comprehensive Cyber Risk Program through Effective Vulnerability Management”. If you’re a C-Level exec in the Boston area, contact us at info@brinqa.com for complimentary access to the event.


About

Director of Product Management at Brinqa — Passionate about design, travel and good food. When not working can be found hiking, snowboarding or exploring the wonderful city of San Francisco.
More posts by Syed Abdur