RiskSense – Page 3 – WindowsTechs.com

Windows Search Bug Worth Watching, and Squashing

Posted on August 14, 2017 by Michael Mimoso

Patches are available—and should be applied—that address a critical vulnerability in Windows Search that some are calling the next WannaCry. Others aren’t so ready to do that. Continue reading Windows Search Bug Worth Watching, and Squashing→

Insurance regulators pitched on FICO-style score for cybersecurity

Posted on August 7, 2017 by Shaun Waterman

In the fast growing cybersecurity insurance market, underwriters face a uniquely complex problem — measuring or estimating the risk their policy-holders face from cybercrooks, online spies and other hackers. The insurance industry “doesn’t have … a set of baseline tools or metrics … to quantify their customers’ risks,” Anand Paturi, vice president of security research and engineering at RiskSense told CyberScoop. In life insurance for instance, depending on the value of the policy, risk might be measured by reference to actuarial tables which predict life expectancy, or by a medical examination measuring a wide range of physical risk factors. “That [risk] data is how you set the price of the policy,” he explained. But, in a presentation Monday to the National Association of Insurance Commissioners 2017 National Meeting, Paturi argued that the question is much more complicated in cybersecurity. He gave as an example the potentially massive losses from the WannaCry and Petya outbreaks earlier this year. In […]

The post Insurance regulators pitched on FICO-style score for cybersecurity appeared first on Cyberscoop.

Continue reading Insurance regulators pitched on FICO-style score for cybersecurity→

Windows SMB Zero Day to Be Disclosed During DEF CON

Posted on July 26, 2017 by Michael Mimoso

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON. Continue reading Windows SMB Zero Day to Be Disclosed During DEF CON→

Threatpost News Wrap, June 9, 2017

Posted on June 9, 2017 by Chris Brook

How EternalBlue was ported to Windows 10, a Facebook phishing study, QakBot, and this week’s Apple security announcements are all discussed. Continue reading Threatpost News Wrap, June 9, 2017→

Windows 10 Mitigations Make Future EternalBlue Attacks Difficult

Posted on June 7, 2017 by Michael Mimoso

Now that researchers have built a port of EternalBlue to Windows 10, they’ve probably only now caught up to what the NSA has had for a long while. Continue reading Windows 10 Mitigations Make Future EternalBlue Attacks Difficult→

NSA’s EternalBlue Exploit Ported to Windows 10

Posted on June 6, 2017 by Michael Mimoso

Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack. Continue reading NSA’s EternalBlue Exploit Ported to Windows 10→

New infosec products of the week: January 27, 2017

Posted on January 27, 2017 by Mirko Zorz

Prevent DNS-based data exfiltration and detect malware Delivered as a service, Infoblox ActiveTrust Cloud addresses the needs of global enterprises with a mobile workforce and growing branch offices which often don’t have dedicated IT staff or adequate security measures in place. The new solution provides protection for devices on or off the premises, prevent DNS-based data exfiltration, automatically stops device communications with command-and-control servers, and allows rapid investigation of threats. Aegis Secure Key 3z hardware-encrypted … More → Continue reading New infosec products of the week: January 27, 2017→