Risk Management

Network Security

Issued by: Security Week

DHS, FBI Warn of Ongoing APT Attack Against Critical Infrastructure

The Department of Homeland Security and Federal Bureau of Investigation have issued a joint technical alert warning that government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors are subject to an ongoing attack campaign from an advanced actor, most probably Dragonfly (aka Crouching Yeti and Energetic Bear). The alert was…

Network Security

Issued by: Security Week

Security Pros Admit Snooping on Corporate Network: Survey

IT security professionals, particularly executives, often access information that is not relevant to their day-to-day work, according to a new One Identity study focusing on “snooping” on the corporate network. Dimensional Research polled more than 900 IT security professionals on behalf of One Identity. The respondents were from various types of companies in the United…

Malware & Threats

Issued by: Security Week

Tech Giants Warn of Crypto Flaw in Infineon Chips

Microsoft, Google, HP, Lenovo and Fujitsu have warned customers of a potentially serious crypto-related vulnerability affecting some chips made by German semiconductor manufacturer Infineon Technologies. TPM vulnerability allows attackers to obtain private RSA keys The flaw, tracked as CVE-2017-15361, is related to the Trusted Platform Module (TPM), an international standard designed for protecting crypto processes…

Vulnerabilities

Issued by: Security Week

Websites Hacked via Zero-Day Flaws in WordPress Plugins

Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites. The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites. The firm’s investigation revealed that attackers had been exploiting previously unknown vulnerabilities in three WordPress plugins.

Vulnerabilities

Issued by: Security Intelligence

Six Key Traits of an Effective Cyber Risk Advisor

What makes a good cyber risk advisor? What skills do they need to help board directors address cybersecurity? According to a report by BayDynamics, board directors “may not be experts in security, but they do know how to steer a business away from risk and toward profit by listening to subject matter experts. However, they expect…

Malware & Threats

Issued by: Security Intelligence

From the Starship Enterprise to Your Enterprise: Eight Cybersecurity Lessons From ‘Star Trek’

Many people in the security industry today grew up watching “Star Trek,” from the original episodes to Next Generation, Deep Space Nine, Voyager, Enterprise and the many other series that followed. In anticipation of the upcoming “Star Trek: Discovery” series, we thought it would be a good time to remind our readers that, beyond the…

Malware & Threats

Issued by: Security Week

Equifax Sent Breach Victims to Fake Website

Equifax has made another blunder following the massive data breach suffered by the company – it advised some customers on Twitter to access a fake support website set up by a security researcher. Equifax staff advised breach victims on Twitter at least 8 times to access securityequifax2017.com instead of equifaxsecurity2017.com, the website created by the credit reporting agency…

Software Security

Issued by: Security Week

Kaspersky CEO to Testify Before Congress

After the U.S. Department of Homeland Security (DHS) issued a binding operational directive ordering government departments and agencies to stop using products from Russia-based Kaspersky Lab, the security firm’s CEO has been invited to testify before Congress. Eugene Kaspersky, Kaspersky Lab’s chairman and CEO, posted on Twitter a screenshot of the invitation he received from…