Leading by Example: Security and Privacy in the Education Sector

Today’s students must grapple with security and privacy issues, such as identity theft and financial fraud, that could affect them well past graduation.

The post Leading by Example: Security and Privacy in the Education Sector appeared first on Security Intelligence.

Continue reading Leading by Example: Security and Privacy in the Education Sector

Zombie Cloud Data: What Your Delete Key May Not Delete

Zombie cloud data — information that lingers in the cloud even after a user supposedly deletes it — can open organizations to data theft and noncompliance.

The post Zombie Cloud Data: What Your Delete Key May Not Delete appeared first on Security Intelligence.

Continue reading Zombie Cloud Data: What Your Delete Key May Not Delete

Why reforming the Vulnerability Equities Process would be a disaster

When the authors of WannaCry turbo-charged their ransomware with NSA exploits leaked by the Shadow Brokers, people thought it was the Vulnerability Equities Process’ worst-case scenario. It’s really not. The VEP is the policy process the U.S. government undertakes when one of its agencies finds a new software vulnerability. It’s how the government decides whether to tell the manufacturer about the bug, so they can patch it and keep all their customers safe; or to keep it secret and stealthily employ it to spy on foreign adversaries who use that software. In the wake of Shadow Brokers dumping several sets of highly advanced NSA hacking tools online — many using previously unknown vulnerabilities — there have been rising demands for reform of the VEP. Lawmakers have got in on the act, pledging to legislate the process with the Protecting Our Ability to Counter Hacking, or PATCH Act of 2017. But […]

The post Why reforming the Vulnerability Equities Process would be a disaster appeared first on Cyberscoop.

Continue reading Why reforming the Vulnerability Equities Process would be a disaster

Microsoft uncovers hacking operation aimed at software supply chain

Microsoft researchers recently uncovered a sophisticated hacking campaign that was serving targeted malware to “several high-profile technology and financial organizations.” The unidentified hackers reportedly compromised a set of third-party editing software tools by injecting malicious code into the programs’ updating mechanism, Windows Defender Advanced Threat Protection research team found. The recent findings underscore the threat organizations face through vulnerable, third-party applications. In many cases, such applications and services are commonly integrated into a company’s IT infrastructure; widening the attack vector for hackers. “[A] forensic examination of the Temp folder on [a] affected machine pointed us to a legitimate third-party updater running as service,” a Microsoft blog reads. “The updater downloaded an unsigned, low-prevalence executable right before malicious activity was observed. The downloaded executable turned out to be a malicious binary that launched PowerShell scripts bundled with the Meterpreter reverse shell, which granted the remote attacker silent control. The binary is detected by […]

The post Microsoft uncovers hacking operation aimed at software supply chain appeared first on Cyberscoop.

Continue reading Microsoft uncovers hacking operation aimed at software supply chain

The Competing Claims of Security Vendors Sow Customer Distrust

There is no such thing as a magic bullet for security. When security vendors push their products too hard, customers grow skeptical of the entire industry.

The post The Competing Claims of Security Vendors Sow Customer Distrust appeared first on Security Intelligence.

Continue reading The Competing Claims of Security Vendors Sow Customer Distrust

Investors drop $20M on startup CyberGRX’s platform for auditing supply-chain cyber risks

Silicon Valley venture capitalists are betting $20 million on a cybersecurity startup that launched in March and is staffed with former NSA and CIA talent. Denver-based CyberGRX on Tuesday announced it had successfully raised funding to help develop and expand its main product, a software tool that is used to gauge security risks associated with a wide array of different third-party vendors. “As enterprises’ dependence on their partner ecosystems grows, so does their exposure to breaches from these key vendors, partners and customers,” explained CyberGRX CEO Fred Kneip, “the combination of outsourcing, globalization and the digitization of business has created new security and resiliency risks that many businesses are just starting to address [and understand].” Founded by former Blackstone executives, CyberGRX describes its platform — called the “third party global cyber risk exchange” — as a sort of rating agency like Standard & Poor’s or Moody’s. CyberGRX has now raised $29 million total. […]

The post Investors drop $20M on startup CyberGRX’s platform for auditing supply-chain cyber risks appeared first on Cyberscoop.

Continue reading Investors drop $20M on startup CyberGRX’s platform for auditing supply-chain cyber risks

Securing Your Cloud-Based Resources: Start With These Four Areas

With cloud-based resources becoming an integral part of the enterprise, it’s time for security leaders to recognize the best ways to protect these assets.

The post Securing Your Cloud-Based Resources: Start With These Four Areas appeared first on Security Intelligence.

Continue reading Securing Your Cloud-Based Resources: Start With These Four Areas

Did Your Developer Leave a Website Backdoor?

A Dutch developer stole e-commerce customers’ login credentials using a website backdoor and admin access that former employers had neglected to revoke.

The post Did Your Developer Leave a Website Backdoor? appeared first on Security Intelligence.

Continue reading Did Your Developer Leave a Website Backdoor?

IBM Report Finds Health Care Data at Growing Risk From Ransomware, Insiders and Third-Party Breaches

A new report based on IBM MSS data revealed that ransomware, insider threats and third-party breaches plagued health care organizations in 2016.

The post IBM Report Finds Health Care Data at Growing Risk From Ransomware, Insiders and Third-Party Breaches appeared first on Security Intelligence.

Continue reading IBM Report Finds Health Care Data at Growing Risk From Ransomware, Insiders and Third-Party Breaches