El Diario del CISO El Diario del CISO (The CISO Journal) Edición 6 | Page 7

News1
EL DIARIO DEL CISO
(THE CISO JOURNAL)
Thinking and Working for a
Digital Security Leader
Cybersecurity skills gap worsens, security
teams are understaffed
As emerging technology and threat landscapes
experience rapid transformation
90% of consumers value additional security measures to verify mobile-based
transactions
A strong security posture starts with application dependency mapping
A third of 2018's vulnerabilities have public exploits, 50% can be exploited
remotely
Attack traffic increased by 32 percent in 2018
Businesses recognize the need for AI & ML tools in cybersecurity
Companies unprepared for PSD2, stricter EU requirements will drive fraud to
other regions
Data breach reports delayed as organizations struggle to achieve GDPR
compliance
Data management challenges are having a severe impact on profitability
Do people with malicious intent present the biggest threat to personal data?
Enterprise attitudes to cybersecurity: Strategies to balance risk and business
acceleration
Exploitation of vulnerabilities in Moxa industrial switches could disrupt
communication between ICS components
Hidden third-party tags could be leaving Fortune 100 companies at risk
How can healthcare organizations remedy their cybersecurity ailments?
How malware traverses your network without you knowing about it
How susceptible are hospital employees to phishing attacks?
Human behavior can be your biggest cybersecurity risk
If an organization has been breached, it's more likely to be targeted again
IoT devices using CoAP increasingly used in DDoS attacks
Is AI really intelligent or are its procedures just averagely successful?
Is your company leaking sensitive data via its Box account?
Key 2019 cybersecurity industry trends
March 2019 Patch Tuesday: Microsoft patches two actively exploited Windows
flaws
Marriott CEO reveals more details about the massive data breach
Network performance requirements grow in the era of 5G: Are your security
processes ready?
Organizations still ignoring a large piece of their cybersecurity defense
Phishers shift efforts to attack SaaS and webmail services
Public-interest technology: Why companies should get involved
Researchers create system that predicts vulnerability severity from tweets
Researchers expose massive mobile adware and data stealing campaigns with
250 million downloads
Researchers unveil February 2019's most wanted malware
The impact of spear phishing on organizations and how to combat this
growing threat
The patterns of elite DevSecOps practices
The quantum sea change: Navigating the impacts for cryptography
The threat of quantum computers and the solutions that can protect us today
Thinking of threat intelligence as a contributing member of your security team
Traditional cybersecurity staff retention tactics becoming less effective
Two thirds of Android antimalware apps are ineffective or unreliable
Unsecured Gearbest server exposes millions of shoppers and their orders
Urgent need for IT security legal framework in Europe
Users are too confident in their protection from threats
What happened to trust and transparency in cybersecurity?
Windows Servers in danger of being compromised via WDS bug
Worldwide spending on public cloud services and infrastructure to increase
23.8% over 2018
A few binary plating 0-days for Windows While we
were thinking about a way to escalate privileges during a pen-
test, we discovered that most Windows installations were
vulnerable to binary planting.
Saudi caller ID Dalil app exposed data of more than 5 million users
Chinese hackers target dozens of
universities in a bid to steal maritime
military secrets
Ryan Stewart. Ryan is a senior cybersecurity and
privacy analyst.
18 unprotected MongoDB servers expose surveillance data
Adwind RAT resurfaces again, relies on another malware for infection
Attackers use new CapturaTela info-stealing malware to launch ‘Operation
Comando’ campaign
Citrix suffered a security breach compromising few business documents
Cryptojacking campaigns now target exposed Docker containers
Cybercriminals leverage ‘Fake CDC Flu’ warning to distribute GandCrab 5.2
ransomware
Email Marketing firm Verifications.io exposes almost 809 million records
online
Financial institutions in Russia targeted using new version of RTM Bot in
recent phishing campaign
Hackers abuse XSS vulnerability in cart plugin to target WordPress-based
shopping sites
Hackers breach college admission database and demand ransom
Hackers defaced multiple Israeli webpages with the words ‘Jerusalem is the
capital of Palestine’
Kathmandu Holdings suffered a data breach compromising customers’
personal information
Latest Ursnif variant targets Japanese users to steal credentials
Necurs botnet packs new payloads to evade detection
New backdoor ‘SLUB’ targets victims via watering hole attack
New Cryptomix ransomware variant targets entire networks instead of
individual computers
New GarrantyDecrypt ransomware variant impersonates the security team for
Proton Technologies
New malware campaign distributes StealthWorker malware to compromise
multiple platforms
New Ransomware-as-a-Service ‘Jokeroo’ promoted on underground hacking
forums
New Ransomware-as-a-Service ‘Yatron’ promoted via Twitter
Newly discovered ‘SPOILER’ vulnerability found affecting all Intel CPUs
Newly discovered vulnerability could allow attackers to take full control of
Windows IoT Core devices
Popular Visitor Management Systems exposed due to security bugs
Ransomware attacks evidenced in Jackson County proves costly for officials
Reverse engineering tool Ghidra made by NSA is now open-source!
School information system hacked; Students’ grades and attendance data
modified
Seven car manufacturers hit by GPS spoofing attacks
Severe RCE vulnerability found in StackStorm DevOps platform
Sharecare Health Data Services suffered data breach impacting AltaMed and
Blue Shield healthcare centers
Torrent trackers used to distribute Pirate Matryoshka malware
UN report unravels North Korea’s involvement in cryptocurrency-related
attacks
Unprotected database exposes private data of 1.8 million Chinese women
including 'BreedReady' status
Unprotected MongoDB of Dalil exposes data of over 5 million users
Unsecured API of ‘63Red Safe’ app exposes user data
Winnti cyberespionage group breaches three Asian gaming companies to
install a backdoor trojan
Wolverine Solutions Group data breach impacts hundreds of healthcare
organizations
T he Digital Transformation of the CISO, from
backroom to boardroom
IDC in conjunction with
Capgemini, recently published an analysis of the modern
CISO.
Why cybersecurity alone is not enough to protect private data