El Diario del CISO El Diario del CISO (The CISO Journal) Edición 6 - Page 7

News1 EL DIARIO DEL CISO (THE CISO JOURNAL) Thinking and Working for a Digital Security Leader Cybersecurity skills gap worsens, security teams are understaffed As emerging technology and threat landscapes experience rapid transformation 90% of consumers value additional security measures to verify mobile-based transactions A strong security posture starts with application dependency mapping A third of 2018's vulnerabilities have public exploits, 50% can be exploited remotely Attack traffic increased by 32 percent in 2018 Businesses recognize the need for AI & ML tools in cybersecurity Companies unprepared for PSD2, stricter EU requirements will drive fraud to other regions Data breach reports delayed as organizations struggle to achieve GDPR compliance Data management challenges are having a severe impact on profitability Do people with malicious intent present the biggest threat to personal data? Enterprise attitudes to cybersecurity: Strategies to balance risk and business acceleration Exploitation of vulnerabilities in Moxa industrial switches could disrupt communication between ICS components Hidden third-party tags could be leaving Fortune 100 companies at risk How can healthcare organizations remedy their cybersecurity ailments? How malware traverses your network without you knowing about it How susceptible are hospital employees to phishing attacks? Human behavior can be your biggest cybersecurity risk If an organization has been breached, it's more likely to be targeted again IoT devices using CoAP increasingly used in DDoS attacks Is AI really intelligent or are its procedures just averagely successful? Is your company leaking sensitive data via its Box account? Key 2019 cybersecurity industry trends March 2019 Patch Tuesday: Microsoft patches two actively exploited Windows flaws Marriott CEO reveals more details about the massive data breach Network performance requirements grow in the era of 5G: Are your security processes ready? Organizations still ignoring a large piece of their cybersecurity defense Phishers shift efforts to attack SaaS and webmail services Public-interest technology: Why companies should get involved Researchers create system that predicts vulnerability severity from tweets Researchers expose massive mobile adware and data stealing campaigns with 250 million downloads Researchers unveil February 2019's most wanted malware The impact of spear phishing on organizations and how to combat this growing threat The patterns of elite DevSecOps practices The quantum sea change: Navigating the impacts for cryptography The threat of quantum computers and the solutions that can protect us today Thinking of threat intelligence as a contributing member of your security team Traditional cybersecurity staff retention tactics becoming less effective Two thirds of Android antimalware apps are ineffective or unreliable Unsecured Gearbest server exposes millions of shoppers and their orders Urgent need for IT security legal framework in Europe Users are too confident in their protection from threats What happened to trust and transparency in cybersecurity? Windows Servers in danger of being compromised via WDS bug Worldwide spending on public cloud services and infrastructure to increase 23.8% over 2018 A few binary plating 0-days for Windows While we were thinking about a way to escalate privileges during a pen- test, we discovered that most Windows installations were vulnerable to binary planting. Saudi caller ID Dalil app exposed data of more than 5 million users Chinese hackers target dozens of universities in a bid to steal maritime military secrets Ryan Stewart. Ryan is a senior cybersecurity and privacy analyst. 18 unprotected MongoDB servers expose surveillance data Adwind RAT resurfaces again, relies on another malware for infection Attackers use new CapturaTela info-stealing malware to launch ‘Operation Comando’ campaign Citrix suffered a security breach compromising few business documents Cryptojacking campaigns now target exposed Docker containers Cybercriminals leverage ‘Fake CDC Flu’ warning to distribute GandCrab 5.2 ransomware Email Marketing firm Verifications.io exposes almost 809 million records online Financial institutions in Russia targeted using new version of RTM Bot in recent phishing campaign Hackers abuse XSS vulnerability in cart plugin to target WordPress-based shopping sites Hackers breach college admission database and demand ransom Hackers defaced multiple Israeli webpages with the words ‘Jerusalem is the capital of Palestine’ Kathmandu Holdings suffered a data breach compromising customers’ personal information Latest Ursnif variant targets Japanese users to steal credentials Necurs botnet packs new payloads to evade detection New backdoor ‘SLUB’ targets victims via watering hole attack New Cryptomix ransomware variant targets entire networks instead of individual computers New GarrantyDecrypt ransomware variant impersonates the security team for Proton Technologies New malware campaign distributes StealthWorker malware to compromise multiple platforms New Ransomware-as-a-Service ‘Jokeroo’ promoted on underground hacking forums New Ransomware-as-a-Service ‘Yatron’ promoted via Twitter Newly discovered ‘SPOILER’ vulnerability found affecting all Intel CPUs Newly discovered vulnerability could allow attackers to take full control of Windows IoT Core devices Popular Visitor Management Systems exposed due to security bugs Ransomware attacks evidenced in Jackson County proves costly for officials Reverse engineering tool Ghidra made by NSA is now open-source! School information system hacked; Students’ grades and attendance data modified Seven car manufacturers hit by GPS spoofing attacks Severe RCE vulnerability found in StackStorm DevOps platform Sharecare Health Data Services suffered data breach impacting AltaMed and Blue Shield healthcare centers Torrent trackers used to distribute Pirate Matryoshka malware UN report unravels North Korea’s involvement in cryptocurrency-related attacks Unprotected database exposes private data of 1.8 million Chinese women including 'BreedReady' status Unprotected MongoDB of Dalil exposes data of over 5 million users Unsecured API of ‘63Red Safe’ app exposes user data Winnti cyberespionage group breaches three Asian gaming companies to install a backdoor trojan Wolverine Solutions Group data breach impacts hundreds of healthcare organizations T he Digital Transformation of the CISO, from backroom to boardroom IDC in conjunction with Capgemini, recently published an analysis of the modern CISO. Why cybersecurity alone is not enough to protect private data