Weekly InfoSec Roundup 11/10/17

Friday, November 10th, 2017 | by

We have lots of interesting news and updates in this week’s InfoSec roundup. With ever evolving and increasing cyber threats, it is more important than ever to address cyber risk proactively, rather than waiting to act until an incident occurs.

 

  • AWS S3 Buckets at Risk of “GhostWriter” MiTM Attack
  • “The exposure of sensitive data via misconfigured AWS S3 buckets has been regular over the last few years. In two months this summer, researchers discovered thousands of potentially sensitive files belonging to the U.S. National Geospatial-Intelligence Agency (NGA); information on millions of Verizon customers; and a database containing details of 198 million American voters.”
    Read More
     

  • The Internet Sees Nearly 30,000 Distinct DoS Attacks Each Day : Study
  • “The incidence of denial-of-service (DoS) attacks has consistently grown over the last few years, steadily becoming one of the biggest threats to Internet stability and reliability. Over the last year or so, the emergence of IoT-based botnets — such as Mirai and more recently Reaper, with as yet unknown total capacity — has left security researchers wondering whether a distributed denial-of-service (DDoS) attack could soon take down the entire internet.”
    Read More
     

  • Global CISOs Unprepared for Evolving Threats
  • “Drawing on insights from 184 global CISOs, the report noted that today’s IT security strategies and tactics are shifting away from a focus on strong perimeters to smart data, networks, devices and applications.”
    Read More
     

  • Majority of US Companies’ DDoS Defenses Breached
  • “Survey finds 69% of companies’ distributed denial-of-service attack defenses were breached in the past year – despite confidence in their mitigation technologies.”
    Read More
     

  • 4 Proactive Steps to Avoid Being the Next Data Breach Victim
  • “Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.”
    Read More
     

  • IoT devices are an enterprise security time bomb
  • “The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research.”
    Read More
     

  • Amazon Adds New Encryption, Security Features to S3
  • “Amazon announced this week that it has added five new security and encryption features to its Simple Storage Service (S3), including one that alerts users of publicly accessible buckets.”
    Read More
     

  • ‘Goldilocks’ Legislation Aims to Clean up IoT Security
  • “Cybercrime in general — and most recently, crime perpetrated using IoT devices — has become a serious problem. Legislatures around the world have struggled to write laws to rein things in. The problem has been that governments have issued cybersecurity laws that are either too burdensome or ineffective.”
    Read More
     

  • Forrester: Expect POS Ransomware Outages in 2018
  • “Cyber-criminals will up their game in 2018 to drive profits, targeting IoT systems and installing ransomware on mission critical POS systems, according to Forrester Research”
    Read More
     

  • BankBot Android malware sneaks into the Google Play Store – for the third time
  • “BankBot first appeared in the official Android marketplace in April this year, was removed, and then was discovered to be have returned in September before being removed again. Now BankBot has appeared in the Google Play store yet again, having somehow bypassed the application vetting and security protocols for a third time.”
    Read More
     

  • Google: Our hunt for hackers reveals phishing is far deadlier than data breaches
  • “Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect.”
    Read More
     

  • The growing importance of network security for retail brand protection
  • “Information technology is playing an ever-increasing role in the retail sector, and having effective security in place has never been more important when it comes to brand protection. Security incidents can have a big hit on a retailer’s reputation, causing customers reduce their spend or shift allegiance to a competitor.”
    Read More
     

  • How better data governance can help banks keep pace with the rising tide of regulations
  • “Like their counterparts around the world, Australian banks have to operate in a rapidly evolving regulatory environment. Shifting APRA restrictions on lending and looming mandatory data breach notification requirements mean they must constantly review their activities to ensure compliance.”
    Read More
     

  • Brinqa @ Cyber Security Summit, Boston
  • Brinqa was a platinum sponsor at this week’s Cyber Security Summit event in Boston, MA and we had a great time at the conference. Read our recap of the event below.
    Read More
     

  • Brinqa Threat & Vulnerability Management : Connectors
  • Regardless of the scope of Vulnerability Management programs, the ability to connect all relevant systems efficiently and seamlessly is a distinct competitive advantage. This article describes core data integration competencies that security architects and program managers must address when designing their vulnerability management and cyber risk programs.
    Read More


About

Director of Product Management at Brinqa — Passionate about design, travel and good food. When not working can be found hiking, snowboarding or exploring the wonderful city of San Francisco.
More posts by Syed Abdur