How are you handling your cloud monitoring and security?
Cloud providers offer many security measures, but you’re ultimately responsible for securing your own data. While 53% of organizations are training their staff to manage cloud security, 30% of organizations plan to partner with an MSP. In our white paper, we discuss the considerations you need to make before choosing a solution.
December 5, 2017.
By The CyberWire Staff
The Mirai botnet has resurfaced. Attacks were reported over the weekend in Africa and South America, with Argentina particularly affected. Reaper, the evolved botnet based on Mirai, has yet to live up to its much-feared potential, but researchers at CenturyLink and reports in Cybrary warn that Reaper is a loaded and cocked weapon, ready to fire at the Internet.
PayPal users are receiving phishing emails warning them that their payments aren't going through. Those who swallow the bait will be directed to a page that asks them to enter their PayPal credentials and user information. (What the criminals will do with that information we leave to the readers as an exercise.)
A variant of the familiar Microsoft tech support scam displays a phony blue screen of death and then offers to sell you a cut-rate security product to solve the non-existent problem.
Google is working to clamp down on applications and websites that ask for too much information: at the end of January Mountain View will warn proprietors of apps and sites that violate Google's privacy-related terms of service. How violators will be punished beyond this good talking-to remains unclear.
The US Securities and Exchange Commission (SEC) is cracking down on Initial Coin Offerings (ICOs) it determines to be fraudulent.
An international police operation has taken down the Andromeda botnet (a.k.a. Gamarue, Avalanche, and Wauchos) with cooperation of companies like ESET and Microsoft. Recorded Future believes the arrests, centered in Belarus, included cybercriminal "mastermind" Ar3s, a very big fish indeed.
DevSecOps experts from Visa and CYBRIC talk cyber threat survival.
How can you protect yourselves against breaches like Equifax? Swapnil Deshmukh, Sr. Director of Emerging Technologies Security, Visa and Mike D. Kail, CTO, CYBRIC weigh in. Rapid innovation and continuous delivery via DevOps exposes organizations to a constant, evolving cyber threat. Seamlessly embedding continuous security within existing ecosystems will enforce security across the production environment. In this webinar, you’ll learn cultural changes needed for true DevSecOps. Register for this webinar December 12 at 1PM ET.
Flying Blind: 2017 Cloud Configurations Gone Wrong(Webinar, December 7, 2017) How can you avoid data breaches from public cloud misconfigurations in the future? Join our team of cloud security experts for a 45-minute webinar to learn more about the steps you can take to improve your cloud security posture and keep your critical information protected.
Earn a master’s degree in cybersecurity from SANS(Online, December 21, 2017) Earn a master’s degree in cybersecurity from SANS, the world leader in information security training. Learn more at a free online information session on Thursday, December 21st, at 12:00pm noon ET. For complete information on master’s degree and graduate certificate programs, visit www.sans.edu.
Reaper – Calm Before IoT Botnet Attack(Cybrary) Last year the world witnessed how some of the world’s top Web sites were taken down by “Mirai”, a zombie malware that hijacked “Internet of Things” (IoT) devices like wireless routers, digital video recorder and also security cameras in parts of the U.S. The attack was made
Security Patches, Mitigations, and Software Updates
Google Cracks Down On Nosy Android Apps(Threatpost) Google beefs up privacy protections on apps distributed via third-party Android marketplaces and Google Play that that collect personal data without user consent.
Enveil Announces Strategic Investment and Partnership with In-Q-Tel(Enveil | Encrypted Veil) Nonprofit Strategic Investor for U.S. Intelligence Community Backs Data Security Startup Protecting Data in Use Washington, D.C. – December 5, 2017 – Enveil, a pioneering data security company protecting Data in Use, today announced a strategic partnership with and investment from In-Q-Tel (IQT), th
Banks Prep For Apocalyptic Cyberattack(PYMNTS.com) In a world where attacks on computers are nearly de rigueur at this point, it isn’t much of a surprise that U.S. banks have begun quietly doomsday-prepping for a successful apocalyptic attack on their computers by hackers. The goal is to head off a run on the bank by panicked citizens. Called Sheltered Harbor, the […]
ICS-CERT Advice on AV Updates Solid, But Impractical(Security Week) The U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has offered some advice on how antivirus software should be updated in industrial environments, but the recommended method is not very practical and experts warn that organizations should not rely only on antiviruses to protect critical systems.
Can biometrics be the key to securing the IoT chain of trust?(IoT Agenda) The booming internet of things is on course to double in just five years, growing from 15 billion connections in 2015 to nearly 31 billion by 2020 according to IDC . As the number of connections and use cases explodes, so does the number of security vulnerabilities. The fate of the marketplace depends on our ability to trust the devices, data and networks that make IoT possible.
FCC Agrees to Assist New York AG in Probe of Alleged ID Theft in Net Neutrality Comments(New York Law Journal) The FCC’s Office of Inspector General has agreed to cooperate with New York’s investigation into thousands of comments on net neutrality that were posted to the commission's website allegedly without the knowledge or consent of the individuals New York Attorney General Eric Schneiderman said Monday. An FCC Commissioner also asked the Dec. 14 hearing be postponed until an investigation is complete.
Leakbase.pw Hacked Password Service Goes Dark(BleepingComputer) Over the weekend, Leakbase.pw, a web site that sold subscriptions to usernames and passwords leaked in data breaches at other companies, suddenly discontinued their service.
Hackers Challenge(New York, New York, USA, December 6, 2017) Welcome to the Hackers Challenge - a must-attend event for IT security professionals across all industries. Radware and Cisco invite experienced hackers to attack the cyber-defense of a website within...
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.