El Diario del CISO El Diario del CISO (The CISO Journal) Edición 8 | Page 7

News1
EL DIARIO DEL CISO
(THE CISO JOURNAL)
Thinking and Working for a
Digital Security Leader
Researchers warn of unpatched
vulnerability in Oracle WebLogic
Server | CSO Online
Researchers warn of unpatched vulnerability in
Oracle WebLogic Server Detected scans suggest
attacker are seeking vulnerable servers to target
for attacks
12 tips for effectively presenting cybersecurity to the board
Assume breach is for losers: These steps will stop data breaches
Check your access control permissions before hackers do
CSO50 2019: Seeding security in the cloud
GandCrab attackers exploit recently patched Confluence
vulnerability
How to prep legacy Windows systems for the switch to SHA-2
Lock Down Your Wired Network to Mitigate Insider Threat
Microsoft Office now the most targeted platform, as browser
security improves
Outside-the-box malware is getting more common, security
researchers warn
The growing demand for managed detection and response
(MDR)
Top 10 global cybersecurity hubs for 2019
Using citizen IDs for commercial services will take an identity
ecosystem
What is "reasonable security"? And how to meet the
requirement
What is a side channel attack? How these end-runs around
encryption put everyone at risk
What is the EU's revised Payment Services Directive (PSD2) and
its impact?
Why security-IT alignment still fails
Wipro breach highlights third-party risk from large IT services
providers
Millions of Medical Documents for
Addiction and Recovery Patients
Leaked
The information includes data on all rehab treatments
and procedures, linked with patients' names and other
info.
Android-Based Sony Smart-TVs Open to Image Pilfering
Evil TeamViewer Attacks Under the Guise of the U.S. State
Department
Exploits for Social Warfare WordPress Plugin Reach Critical
Mass
Facial Recognition 'Consent’ Doesn’t Exist, Threatpost Poll Finds
Facial Recognition is Here: But Are We Ready?
FBI: BEC Scam Losses Almost Double To Reach $1.2 Billion
France's 'Secure' Telegram Replacement Hacked in an Hour
Is Privacy Really iPhone? Researchers Weigh in on Apple's
Targeted Ad Tracking
Latest Qbot Variant Evades Detection, Infects Thousands
News Wrap: Amazon Echo Privacy, Facebook FTC Fines and
Biometrics Regulation
Users Urged to Update WordPress Plugin After Flaw Disclosed
Wi-Fi Hotspot Finder Spills 2 Million Passwords
Microsoft Removes Password-Expiration
Policy in Windows 10 | SecurityWeek.Com
Microsoft this week announced a series of changes to the
security baseline in Windows 10, including the removal of the
password-expiration policy from the platform.
6 Ways Attackers Are Still Bypassing SMS 2-Factor
Authentication
Amnesty Says Hong Kong Office Hit by China-linked Cyber
Attack
Carbanak Source Code Discovered on VirusTotal
Cisco Finds Serious Flaws in Sierra Wireless AirLink Devices
Cyber Security's New Center Point: Zero Trust
Cyptojacking Attacks Target Enterprises With NSA-Linked
Exploits
Data in Use Is the Point of Least Resistance
Eight Steps to Data Privacy Regulation Readiness
Examining Triton Attack Framework: Lessons Learned in
Protecting Industrial Systems
Facebook Anticipates an FTC Privacy Fine of up to $5 Billion
Healthcare Firm EmCare Says 60,000 Employees and Patients
Exposed in Breach
IoT Security Firm VDOO Raises $32 Million
P2P Flaws Expose Millions of IoT Devices to Remote Attacks
Source Code of Iran-Linked Hacking Tools Posted Online
Vietnam-Linked Hackers Use Atypical Executables to Avoid
Detection
‘Bodybuilding.com’ notifies users of a
security breach that occurred last year |
Cyware Hacker News
‘Bodybuilding.com’ notified users of a security breach that
occurred last year. The breach impacted its IT systems and
customers’ personal details.
‘Wi-Fi Finder’ app exposes 2 million network passwords due to
an unprotected database
Cyware Weekly Threat Intelligence, April 22-26, 2019
Dark web marketplace ‘Wall Street Market’ mired in exit scam
Doctors’ Management Service hit with GandCrab ransomware
attack compromising patient data
Malicious attachment disguised as top-secret US document
leveraged to target organizations in Europe
Misconfigured ElasticSearch database exposes 4.9 million
sensitive documents of ‘Steps To Recovery’ treatment center
New phishing scam impersonating Chase bank asks for sensitive
data including selfies
Online store of Atlanta Hawks falls prey to Magecart group
Ransomware attack hits Cleveland Airport crippling email
services and information screens
Scams ad displayed on Microsoft games and services to target
French users’ personal information
TA505 group uses LOLBins and ServHelper backdoor to
compromise financial firms
The City of Stuart in Florida gets infected with Ryuk
ransomware
Thousands of sensitive documents related to the Mexican
embassy posted online