El Diario del CISO El Diario del CISO (The CISO Journal) Edición 10 - Page 8

News1.1 EL DIARIO DEL CISO (THE CISO JOURNAL) Thinking and Working for a Digital Security Leader The second Meltdown: New Intel CPU attacks leak secrets Cisco's 'Thrangrycat' Router Flaw Tough to Neuter Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work. Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control 200 million-record breach: Why collecting too much data raises risk Can the re-use of identity data be a silver bullet for industry? Cybersecurity professionals are no match for cyber-adversaries Digital ethics rising in importance Does your cyber insurance cover social engineering? Read the fine print GDPR and the Cloud Haas F1 team leans on service providers as security force multipliers How Microsoft builds empathy between its security and development teams How to defend against scams: 14 red flags everyone needs to be aware of How to implement and use the MITRE ATT&CK framework In the Dark Trying to Trace Attacks Inside Your Network? IT services giant HCL left employee passwords, other sensitive data exposed online Microsoft urges Windows customers to patch wormable RDP flaw Moving beyond template-based notifications Over 90% of data transactions on IoT devices are unencrypted Review: How Awake Security uncovers malicious intent Tapping Veterans’ Unique Skillset to Fill the Cybersecurity Talent Pool The most stressful aspects of being a cybersecurity professional Threat Intelligence and the Evolving Threat Landscape What Do We Want? Wi-Fi Protected Access! When Do We Want It? WPA3 Now! What is malware? How to prevent, detect and recover from it Why reported breaches are the tip of the iceberg Why security needs to be involved early during mergers and acquisitions Will the U.S. government draft cybersecurity professionals? Assange Indicted in US Under Espionage Act Attackers Exploit WhatsApp Flaw to Auto-Install Spyware Bestmixer Cryptocurrency Laundering Site Shuttered Cybersecurity's Week From Hell Database May Have Exposed Instagram Data for 49 Million E-Commerce Skimming Attacks Evolve Into iFrame Injection Equifax's Data Breach Costs Hit $1.4 Billion FBI and Europol Disrupt GozNym Malware Attack Network GDPR: Europe Counts 65,000 Data Breach Notifications So Far Google Restricts Huawei’s Access to Android Hack of Japanese Retailer Exposes 460,000 Customer Accounts Intel's 'ZombieLoad' Fixes May Slow Processors by 9 Percent MuddyWater APT Group Upgrades Tactics to Avoid Detection Owner of Defunct Firm Fined in LeakedSource.com Case Ransomware Increasingly Hits State and Local Governments Researchers: Aircraft Landing Systems Vulnerable ScarCruft APT Group Targets Bluetooth With Malware: Report Surge in JavaScript Sniffing Attacks Continues To Prevent Another WannaCry, Microsoft Patches Old OSs Whistleblower Everett Stern: ‘Do the Right Thing’ Google stored unhashed passwords due to an implementation error | Cyware Hacker News With A Second WannaCry Looming, More Than Half Of Industrial Sites Are Vulnerable - forbes.com Ryan Stewart. Ryan is a senior cybersecurity and privacy analyst Microsoft issued an urgent warning to users of older Windows systems to apply an update in order to protect against a potential widespread cyber attack. Cancer Treatment Centers of America suffered data breach compromising patients’ PHI Coventry High School in Ohio cancels classes due to Trickbot infection Cybercriminals break into production systems of Stack Overflow Cyware Weekly Threat Intelligence, May 13-17, 2019 Cyware Weekly Threat Intelligence, May 20-24, 2019 DHS warns of Chinese-made drones stealing sensitive data Equitas Health suffered data breach compromising members’ personal information Fake missed call alerts target Android users IT Giant HCL Exposed Employee Passwords and Customer Project Details Online Mailing error leads to confusion among the Inmediata Health Group’s breached patients Medicare details of Australians available for sale in the darknet Multiple Russian government sites leak passport and personal data of over 2.25 million citizens New spam campaign uses fake legal threats to lure victims Oklahoma City Public Schools hit with ransomware attack Oregon Contractors Construction Board hit with security breach impacting contractor accounts Redtail Technology exposes sensitive client data Unprotected database exposes the personal information of almost 8 million people in the US Websites of at least eleven institutions in Sri Lanka hit by cyber attacks WhatsApp fixes a critical vulnerability that let attackers install spyware on phones A Laptop With 6 Of The Most Destructive Malware Threats Ever Is Up For Auction Council Post: DevSecOps: One CISO's Journey Council Post: Five Things To Consider When Reporting To Your Board On Cybersecurity Council Post: Frequent Breaches Have Brought Cybersecurity Change To The Forefront. What's Next? Council Post: Solving The Cybersecurity Talent Gap Today, Tomorrow And Beyond ExtraHop BrandVoice: The Truth About (Cyber) Insurance: Do You Feel Lucky? First American Financial Leaked 800-plus Million Sensitive Mortgage Documents New Windows 10 Security Exploit Can Read All Your Files -- What You Need To Know Oracle BrandVoice: The ‘Unprecedented Challenge’ Of Cybersecurity Today Shubert Organization Suffers Data Breach When Cybersecurity And Trade Wars Collide First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records — Krebs on Security The Web site for Fortune 500 real estate title insurance giant First American Financial Corp A Tough Week for IP Address Scammers Account Hijacking Forum OGusers Hacked Feds Target $100M ‘GozNym’ Cybercrime Network Legal Threats Make Powerful Phishing Lures Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003 BestMixer.io Service Shut Down For Laundering $200 Million+ Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond GozNym Cybercrime Group Behind $100 Million Damages Dismantled Hackers Accessed Stack Overflow's Production Systems Over 12,000 MongoDB Databases Deleted by Unistellar Attackers TeamViewer Confirms Undisclosed Breach From 2016 Lapse in LinkedIn security certificate update No real change a year into GDPR, says privacy expert Security Think Tank: How to realise the benefits of security zoning Security Think Tank: Surviving the existential cyber punch, part 3 Spyware targets WhatsApp users Why IT departments miss basic IT security hygiene