CISO Conversations: Verizon, AT&T CISOs Talk Security

New Marriott Data Breach | Industrial Controllers Vulnerable to Stuxnet-Style Attacks

Visit SecurityWeek.Com | Advertise | Contact   Webcasts RSS Feed 03.31.20 Tuesday, March 31, 2020 Live Webinar Boost Your Email Efforts and Security With SPF, DKIM, DMARC & BIMI Join SecurityWeek and Valimail in a webinar to learn about the basics and benefits of email authentication standards and what domain spoofing is. Thursday, April 9 at 1 PM ET Register Now Retooling Cyber Ranges Cyber range scenarios provide real insights into an organization's capabilities and resilience against threats, along with the confidence to tackle them when they occur. Read the Full Column by Gunter Ollmann How to Address the Surging Need for Secure Remote Access to OT Networks As the size of the remote workforce surges, network administrators of operational technology (OT) networks find themselves on the front lines of enablement. Read the Full Column by Galina Antova The Human Element and Beyond: Why Static Passwords Aren't Enough Static passwords lack the ability to verify whether the user accessing data is authentic or just someone who bought a compromised password. Read the Full Column by Torsten George There Are Plenty of Phish in the Sea The barriers to entering the field of cybercrime have been significantly lowered, and for modest amounts of money, would-be scammers can buy high-quality phishing tools online. Read the Full Column by Alastair Paterson Human Intelligence is Pivotal in a Data-Driven World Itís up to humans, guided by instinct, intelligence and experience, to determine the right data, so they can focus on what matters to the organization, make better decisions and take the right actions. Read the Full Column by Marc Solomon Never a Dull Moment - RSA Conference Afterthoughts Weíve seen a shift away from ëcommon themesí across the RSA Conference to real development in plenty of new areas that truly advance cybersecurity. Read the Full Column by Laurence Pitt Scouting the Adversary: Network Sensor Placement Considerations Many organizations are not aware that their network sensors are improperly or inefficiently deployed because they do not have a full understanding of how to act on the network traffic being collected. Read the Full Column by Craig Harber The OT Security Opportunity for CISOs Adversaries can enter through IT networks and remain undetected within an OT environment for months or even years, looking for subtle ways to undermine operations and create havoc. Read the Full Column by Galina Antova Advancing DevSecOps Into the Future The philosophy of integrating security practices within DevOps is obviously sensible, but by attaching a different label perhaps we are likely admitting that this ìfusionî is more of an emulsification. Read the Full Column by Gunter Ollmann The Urgency for Having a True Security Platform A security platform is much more than just wrapping a collection of security tools together into a single bundle and then adding some sort of a shell script so independent management tools appear to be part of a congruent solution. Read the Full Column by John Maddison Spotting a Norman: How to Root Out Those Wasting Organizational Resources How many times have you met someone full of promises and big on talk, only to be disappointed by what results from your engagement with them. Read the Full Column by Joshua Goldfarb Is Conditional Access the Right Approach to Authentication? It Depends. If thereís one thing you can be sure of about user authentication methods today, itís that determining the best choice isnít as simple or straightforward as it used to be. Read the Full Column by Jim Ducharme RSAC 2020: Three Reasons Why the "Human Element" is a Timeless Theme When youíre at RSAC next week remember the ìHuman Elementî is a great lens through which you can view and help assess the value of companies you partner with for security. Read the Full Column by Marc Solomon Coming to a Conference Room Near You: Deepfakes What can we do in order to prevent the spread of fake content or reduce the risk of a targeted use of Deepfakes that could cause damage to our organization? Read the Full Column by Laurence Pitt Attacking the Organism: Financial Services The ability to look deeply into user and system behavior and identify the smallest anomaly will become the essential toolkit to stem the tide of fraud and theft in financial services. Read the Full Column by Preston Hogue Security Performance in the Age of Digital Transformation Physical and virtual security appliances traditionally suffer from performance challenges, especially when it comes to critical functions such as inspecting encrypted traffic. Read the Full Column by John Maddison Live Webinar Boost Your Email Efforts and Security With SPF, DKIM, DMARC & BIMI Join SecurityWeek and Valimail in a webinar to learn about the basics and benefits of email authentication standards and what domain spoofing is. Thursday, April 9 at 1 PM ET Register Now See All Recent Articles at SecurityWeek.Com CISO Conversations: Verizon, AT&T CISOs Talk Security: SecurityWeek interviews Chandra McMahon (CISO at Verizon) and Bill O'Hern (CSO at AT&T) to discuss the role of CISO and what it takes to be a successful CISO. Read More New Marriott Data Breach Impacts Up to 5.2 Million Guests: Marriott says the personal information of up to 5.2 million guests may have been stolen through an internal application. Read More Industrial Controllers Still Vulnerable to Stuxnet-Style Attacks: Researchers demonstrated recently how a Stuxnet-style attack can be launched against Schneider Electricís Modicon PLCs, but it's believed that controllers from other vendors are vulnerable as well. Read More Internet Society Expands Program for Secure Internet Routing Framework: The Mutually Agreed Norms for Routing Security (MANRS program is being expanded to include content delivery networks and cloud providers. Read More Palo Alto Networks to Acquire CloudGenix for $420 Million: Palo Alto Networks will acquire cloud-delivered SD-WAN solutions provider CloudGenix for roughly $420 million. Read More FBI Warns of Ongoing Kwampirs Attacks Targeting Global Industries: A malicious campaign is targeting organizations from a broad range of industries with a piece of malware known as Kwampirs, FBI warns. Read More CISOs Suffering From Increasingly Complex Workload: Cisco: Cisco's annual CISO benchmark report examines what it means to be a CISO today by surveying 2,800 IT decision makers, and discussing issues with a panel of CISOs. Read More Zoom Updates Privacy Policy After Experts Raise Concerns: Remote conferencing services provider Zoom this week updated its privacy policy following the publishing of a series of reports raising concerns regarding the privacy of Zoom users. Read More Vulnerabilities Expose Lexus, Toyota Cars to Hacker Attacks: Vulnerabilities in Lexus and Toyota cars could be exploited by hackers to launch remote attacks against affected vehicles, Tencent Keen Security Labís researchers discovered. Read More State-Backed Players Join Pandemic Cyber Crime Attacks: Sophisticated state-supported actors are following cybercriminals in exploiting the coronavirous pandemic and posing an ìadvanced persistent threat" (APT). Read More Microsoft to Add Compromised Password Notification to Edge: A new feature that Microsoft is adding to its Edge browser will alert users if the passwords saved to autofill have been compromised. Read More FBI: Cybercriminals Mailing Malicious USB Devices to Victims: The financially-motivated hacking group FIN7 has started mailing malicious USB devices to intended victims to infect them with malware, the FBI warns. Read More Zettaset Launches Software-Defined Encryption for Kubernetes Environments: Zettaset introduced software-defined encryption for Kubernetes-managed containers, improving DevSecOps, enhancing data protection, and enabling compliance. Read More Corporate Workers Warned of 'COVID-19 Payment' Emails Delivering Banking Trojan: IBM and FireEye have spotted a campaign that relies on fakeìCOVID-19 Payment emails to deliver the Zeus Sphinx banking trojan to people in the US, Canada and Australia. Read More Utah Investigating Hacking of Candidate's Virtual Event: The Utah Attorney Generalís Office is investigating the hacking of a video call hosted by a gubernatorial candidate who saw the call hijacked by pornographic images and racial slurs. Read More Vulnerabilities in DrayTek Enterprise Routers Exploited in Attacks: Malicious actors have been exploiting vulnerabilities in some DrayTek enterprise routers in attacks that started before patches were released. Read More Privacy Rights May Become Next Victim of Killer Pandemic: Digital surveillance and smartphone technology may prove helpful in containing the coronavirus pandemic -- but some activists fear this could mean lasting harm to privacy and digital rights. Read More Europol: Criminals Exploit Virus Crisis as Fresh Opportunity: Criminals have spotted a new business opportunity with the coronavirus pandemic and are now plundering the needy and the fearful and even disrupting the medical sector, online and off, with fraud, counterfeit products and cybercrime. Read More Google Sees Drop in Government-Backed Phishing Attempts: Google says it has seen a drop in the number of warnings sent for potential government-backed phishing or malware attempts last year, mainly due to improved protection systems. Read More Russian Hackers Exploited Windows Flaws in Attacks on European Firms: Russian cybercriminals targeted pharmaceutical and manufacturing companies in Western Europe and the attack likely involved two Windows vulnerabilities which Microsoft did not expect to be exploited. Read More Senator Urges Vendors to Secure Networking Devices Amid COVID-19 Outbreak: U.S. Sen. Mark Warner has sent letters to six Internet networking device vendors urging them to ensure that their products remain secure during the COVID-19 social distancing efforts. Read More GitHub Paid Out Over $1 Million in Bug Bounties: GitHub this week announced that it has paid out over $1 million in rewards to the security researchers participating in its bug bounty program on HackerOne. Read More Websites of U.S. Presidential Candidates Pose Security, Privacy Risks: The majority of campaign websites of United States presidential candidates run code that can pose security and privacy risks to consumers. Read More Unofficial Patches Released for Exploited Windows Font Processing Flaws: 0patch has created free patches for actively exploited Windows remote code execution vulnerabilities for which Microsoft has yet to release official fixes. Read More No Patch for VPN Bypass Flaw Discovered in iOS: Proton Technologies, the developer of ProtonMail and ProtonVPN, this week disclosed the existence of an unpatched iOS flaw that causes some VPN traffic to remain unencrypted. Read More Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits: A recently observed campaign is attempting to infect the iPhones of users in Hong Kong with an iOS backdoor that allows attackers to take control of devices. Read More AMD Confirms Hacker Stole Information on Graphics Products: A hacker has stolen files related to some AMD GPUs and they plan on making them all public unless they get paid. Read More Humio Raises $20 Million in Series B Funding: Log management platform Humio this week announced that it closed a $20 million Series B funding round, bringing the total investment raised to date to $32 million. Read More Unprotected Database Exposed 5 Billion Previously Leaked Records: A database containing over 5 billion records of data leaked in previous data breaches was exposed by a UK-based cybersecurity company. Read More Credit Card Skimmer Found on Tupperware Website: The official website of kitchen products maker Tupperware was hacked and the attackers planted malicious code designed to steal visitorsí payment card information. Read More To help make sure the SecurityWeek Briefing reaches you, please add news@securityweek.com to your address book. © 2020 Wired Business Media Visit SecurityWeek.Com | Twitter | Advertise | Contact

SecurityWeek | 40 Warren Street, Charlestown, MA 02129 Unsubscribe cyberdefense974.77330@blogger.com Update Profile | About Constant Contact Sent by news@securityweek.com