Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on organizations around the world. We talk to social engineering experts, security pros, cognitive scientists, and those practiced in the arts of deception (perhaps even a magician or two). We also hear from people targeted by social engineering attacks and learn from their experiences. Check out the first episode and subscribe today. And special thanks to KnowBe4, our sponsors for season 1.
Your wait is over. A new book is out from the Cylance data science team, covering artificial intelligence and machine learning techniques in practical situations to improve the security professional’s ability to thrive in a data driven world. Whether you are reviewing logs or analyzing malware, being able to derive meaningful results and improve productivity is key. Order your free copy today.
New Cryptomix ransomware strain in the wild. Another misconfigures AWS bucket. Commerce, DHS botnet report is out.
MalwareHunterTeam reports that a new variant of Cryptomix ransomware is circulating in the wild. There's no free decryptor available for it, yet, so unfortunately some victims will be tempted to pay the ransom. The best defense against this and other ransomware strains is secure, tested, and used backup.
Researchers at NewSky Security have found a vulnerability that affects most routers used by SingTel, Singapore's main Internet service provider.
Another misconfigured AWS S3 bucket has been found by Kromtech. This one, belonging to Honda India, is said to have exposed some 50,000 customers' data.
In patching news, Google's release of Chrome 67 to the stable channel includes fixes for thirty-four vulnerabilities.
Vietnamese authorities are giving that country's users the same advice about VPNFilter the FBI gave in the US: reboot your routers.
Kaspersky's challenge to the US Government's ban on its software has failed, with both suits dismissed yesterday by the District Court for the District of Columbia. Kaspersky plans to appeal.
The Departments of Commerce and Homeland Security rendered a report required by the May 2017 executive order on cybersecurity yesterday. The report's title, “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats,” fairly expresses its contents. The recommendations include aspirations for the Government to lead by example, and to seek public-private partnerships that will build resistance to botnets into devices under development.
Concerns about possible security threats Chinese device manufacturers present remain very much alive in the United States, Canada, and Australia.
Today's issue includes events affecting Australia, Austria, Canada, China, Estonia, European Union, India, Ireland, Israel, Democratic Peoples Republic of Korea, Russia, Singapore, Taiwan, United Kingdom, United States, and and Vietnam.
Control Risks says non-compliance is a truly enterprise risk for companies operating in the EU. It burdens already taxed programs with particular measures to protect personal data and disclose security issues. Many worry that resources catching up to GDPR before an incident occurs trade-off other critical initiatives, leaving them vulnerable nonetheless. Companies must get executives and experts involved in managing the risk and competing priorities. Let Control Risks help you be both secure and compliant.