Posted by Trevan Marden on Jun 15, 2018

Banks are a prime target for cyberattacks. Banks store and utilize a large volume of confidential data surrounding their client’s personal information, account information, and other data.  For bank leaders, it’s important to understand the unique challenges and regulations you must meet to protect this data. Attacks may range from malware, phishing or DDoS, to sophisticated compound attacks that use multiple methods at once to infiltrate the organizations and compromise security. You must be prepared to prevent, detect, and remediate any potential security incidents. 

Posted by Trevan Marden on Jun 13, 2018

In a recent article for Forbes, Dave Lewis recalls an experience earlier in his career in which the physical access controls to production servers were completely undermined by lack of proper network segmentation. In the article, he notes that traditional network segmentation is now being replaced with movement towards “zero trust.” The concepts of “inside the network” versus “outside the network” are melting away as organizations steadily move towards cloud-based and hybrid infrastructures.

Posted by Trevan Marden on Jun 8, 2018

It was reported yesterday that Adobe has once again issued a critical patch for it’s Flash Player browser plugin due to a vulnerability that is being actively exploited to deploy malicious software. We’ve written before about the dangers of Flash and even Adobe has announced it will end support for the software at the end of 2020. However, while many security-minded professionals have heeded the advice to remove or enable click-to-run for this plugin, others have not. Many organizations still rely on websites and software that utilize the plugin for needed functionality and can’t simply remove the software entirely.

Posted by Trevan Marden on Jun 8, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Teen Arrested for Hacking Minnesota Government Systems - Security Week
• Ticketfly confirms 27M accounts exposed -- a week after hack - CNET
• Adobe Patches Zero-Day Flash Flaw - Krebs on Security Drupal drisputes dreport of widespread wide-open websites – whoa - The Register
• Facebook privacy goof makes posts by 14 million users readable to anyone - Ars Technica

Posted by Trevan Marden on Jun 7, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Former Cambridge Analytica CEO Faces His Ghosts in Parliament - Wired
• Marcus Hutchins faces new charges of developing malware and lying to FBI - CyberScoop
• Three months later, a mass exploit of powerful Web servers continues - Ars Technica
• VPNFilter router malware is a lot worse than everyone thought - The Register

Posted by Trevan Marden on Jun 6, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Pwn goal: Hackers used the username root, password root for botnet control database login - The Register
• Loose .zips sink chips: How poisoned archives can hack your computer - The Register
• Facebook Gave Data Access to Chinese Firm Flagged by U.S. Intelligence - New York Times
• RSA Fraud Report: Newsjacking-Based Phishing on the Rise - Bank Info Security

Posted by Trevan Marden on Jun 5, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• How to protect yourself from megabreaches like the one that hit Ticketfly - Ars Technica
• Facebook gave access to data on users and their friends to 60 device makers - CSO
• Phishing Scams Target FIFA World Cup Attendees - DarkReading

Posted by Trevan Marden on Jun 4, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• Cybercrime Is Skyrocketing as the World Goes Digital - Dark Reading
• DHS: 'Nefarious actors' could be exploiting SS7 flaw - CyberScoop
• Are Your Google Groups Leaking Data? - Krebs on Security
• Hackers Demand $770,000 Ransom From Canadian Banks - Bank Info Security

Posted by Trevan Marden on Jun 1, 2018

SIEM is a valuable tool in your organization’s security program. These tools can collect and correlate data from a wide range of disparate devices to intelligently identify suspicious activity. However, without proper planning and preparation, these enterprise software purchases can quickly become shelfware. Here are a few ways traditional SIEMs can let you down:

Posted by Trevan Marden on Jun 1, 2018

Grab your coffee and read up on today's top information security stories and articles from around the web:

• We can't stop botnet attacks alone, says US government report - CNET
• The Current Limitations and Future Potential of AI in Cybersecurity - Security Week
• Pentagon's latest bug bounty program pays out $80,000 - CyberScoop
• Git Fixes Serious Code Repository Vulnerability - DarkReading