Here’s an overview of some of last week’s most interesting news, articles and podcasts:
The attackers who breached Equifax managed to do so by exploiting a vulnerability in its US website, the company has finally confirmed. The vulnerability in question was Apache Struts CVE-2017-5638.
Amidst growing concerns of large-scale cyber attacks, 84 percent of organizations participating in a Ponemon Institute survey indicated threat intelligence is “essential to a strong security posture.” However, many organizations struggle with an overwhelming amount of threat data and lack of staff expertise, which diminish the effectiveness of their threat intelligence programs.
Unsecured Elasticsearch servers turned into PoS malware C&Cs
Security researchers have discovered over 4,000 Elasticsearch servers compromised to distribute and control PoS malware. 99 percent of them are hosted by Amazon.
The European Union needs a strong cybersecurity agency, and the Commission has submitted a proposal for a regulation aimed at strengthening the role of ENISA, the Union’s Greece-based Agency for Network and Information Security.
A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature.
End-to-end encryption is about more than just privacy – it is also critical for protecting business data, and our very lives and limbs as the Internet of Things becomes the norm.
While immediate reactions to Apple’s iPhone X announcement on social media have ranged from excitement to distrust and concern, it appears that widespread biometric authentication is here to stay for consumers. But when will facial recognition technology start being used in the enterprise?
Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute malicious code on, or perform a MitM attack against vulnerable devices.
Within many large organizations, tens to hundreds of millions of API requests are served daily, each with valid credentials, just like those of airport passengers. Each request carries different payloads, just like each passenger’s unique set of luggage.
Being the CISO of such a huge and diverse company as KPN, the Netherlands’ largest telecom and ISP provider, requires great determination, and the current holder of the position fits the bill on that score.
n this podcast recorded at Black Hat USA 2017, Ankur Tyagi, senior malware research engineer at Qualys, talks about visual network and file forensics.
Around half of industry practitioners see the risk of silent cyber exposure – potential cyber-related losses due to silent coverage from insurance policies not specifically designed to cover cyber risk.
As part of its regular, monthly Patch Tuesday update, Microsoft has released patches for 81 new vulnerabilities, including a zero-day in the .NET Framework.
The characteristics of modern applications in the cloud are changing, requiring software and IT architects to shift priorities. Businesses of all sizes are transforming in order to compete in the digital era, but are bogged down by legacy technologies and inefficient siloed processes and tools that are ill-equipped to handle today’s volume of data.
The US Department of Energy (DOE) announced awards of up to $50 million to DOE’s National Laboratories to support early stage research and development of next-generation tools and technologies to further improve the resilience of the Nation’s critical energy infrastructure, including the electric grid and oil and natural gas infrastructure.
IT security professionals believe the effects of cyber attacks on elections go beyond diminishing confidence in the democratic process, according to a Venafi survey of 296 IT security professionals at Black Hat USA 2017.
This change is part of Google’s continuous effort to “accurately communicate the transport security status of a given page.”
A rundown of infosec products released last week.