Why You Need a Healthy Mix of Security Analytics to Investigate Threats

Effective threat management requires security teams to combine security analytics with the abundance of machine-generated data that is prevalent in most enterprise environments. Tools such as network traffic analysis, endpoint detection, security information and event management (SIEM), and user behavior analytics (UBA) harvest this data and reveal who is doing what in the IT environment and when and how they’re doing it. This mix of data can help uncover unknown threats, but it can also confuse some security operations professionals who are not familiar with it when the data is only partially displayed.

Rethinking the Industry’s Approach to the Cybersecurity Skills Gap

At a time when cybersecurity careers should be flourishing — the pay is good, opportunities abound and many colleges now offer degrees in security — positions remain unfilled. ISACA’s “State of Cybersecurity 2019” survey revealed that 58 percent of organizations have unfilled security positions and 32 percent said it takes at least six months to fill these open jobs, a six percentage-point increase from the previous year. One reason for the cybersecurity skills gap is a lack of technical security expertise; another is a lack of business insights.

235% year-on-year increase in attacks on businesses.

A surge in ransomware and trojans in the first three months of the year led to a massive 235% year-on-year increase in detected cyber-threats to businesses in Q1 2019, according to Malwarebytes. The security vendor’s Cybercrime tactics and techniques report for the first quarter revealed a definite shift from consumers to businesses, which is apparently hitting SMBs with fewer IT resources particularly hard.

Vuln: Ghostscript CVE-2018-18284 Security Bypass Vulnerability

Vulnerable: Ubuntu Ubuntu Linux 18.10Ubuntu Ubuntu Linux 18.04 LTSUbuntu Ubuntu Linux 16.04 LTSUbuntu Ubuntu Linux 14.04 LTSRedhat Enterprise Linux Workstation 7Redhat Enterprise Linux Server – Update Services for SAP Solutions 7.6Redhat Enterprise Linux Server – TUS 7.6Redhat Enterprise Linux Server – Extended Update Support 7.6Redhat Enterprise Linux Server – AUS 7.6Redhat Enterprise Linux Server (for IBM Power LE) – Update Services for SAP Solutions 7.Redhat Enterprise Linux Server 7Redhat Enterprise Linux for Scientific Computing 7Redhat Enterprise Linux for Power, little endian – Extended Update Supp 7.6Redhat Enterprise Linux for Power, little endian 7Redhat Enterprise Linux for Power, big endian – Extended Update Support 7.6Redhat Enterprise Linux for Power, big endian 7Redhat Enterprise Linux for Power 9 7Redhat Enterprise Linux for IBM z Systems – Extended Update Support 7.6Redhat Enterprise Linux for IBM z Systems 7Redhat Enterprise Linux for IBM System z (Structure A) 7Redhat Enterprise Linux for ARM 64 7Redhat Enterprise Linux EUS Compute Node 7.6Redhat Enterprise Linux Desktop 7Pulse Secure Pulse Connect Secure 9.0R3Pulse Secure Pulse Connect Secure 9.0R2Pulse Secure Pulse Connect Secure 9.0R1Pulse Secure Pulse Connect Secure 8.3R7Pulse Secure Pulse Connect Secure 8.3R6Pulse Secure Pulse Connect Secure 8.3R5Pulse Secure Pulse Connect Secure 8.3R4Pulse Secure Pulse Connect Secure 8.3R1Pulse Secure Pulse Connect Secure 8.3 R1Pulse Secure Pulse Connect Secure 8.2R6Pulse Secure Pulse Connect Secure 8.2R5Pulse Secure Pulse Connect Secure 8.2R11Pulse Secure Pulse Connect Secure 8.2R10Pulse Secure Pulse Connect Secure 8.2R1.1Pulse Secure Pulse Connect Secure 8.2R1Pulse Secure Pulse Connect Secure 8.2R0Artifex Ghostscript 9.25Artifex Ghostscript 9.22Artifex Ghostscript 9.21Artifex Ghostscript 9.07

Ask Slashdot: Would a Separate, Walled-Off ‘SafeNet’ Help Reduce Cybercrime?

dryriver writes: Imagine for a second that a second, smaller internet infrastructure is built parallel to, but separate from, the regular internet. Lets call this the SafeNet. The SafeNet, which does not allow anonymous use, is not intended for general purpose use like watching Youtube videos, downloading a Steam game, or going on Facebook. Rather, it is a safer, more policed mini-internet that you access through a purpose-built terminal device and use for security critical tasks like online banking, stock trading, medical data transfer and sending confidential business emails, text messages or documents or other things that you don’t trust the general internet with.

Facebook hit with three privacy investigations in a single day

Third time lucky — unless you’re Facebook.

The social networking giant was hit Thursday by a trio of investigations over its privacy practices following a particularly tumultuous month of security lapses and privacy violations — the latest in a string of embarrassing and damaging breaches at the company, much of its own doing.

Microsoft Drops 60-Day Password Expiration Policy

Microsoft is dropping its 60-day password expiration policy starting with the Windows 10 May 2019 Update. “Once removed, the preset password expiration settings should be replaced by organizations with more modern and better password-security practices such as multi-factor authentication, detection of password-guessing attacks, detection of anomalous log on attempts, and the enforcement of banned passwords lists (such as Azure AD’s password protection currently available in public preview),” reports Bleeping Computer. From the report: Microsoft’s Aaron Margosis states that the password expiration mechanism which requires periodic password changes is in itself a flawed defense method given that, once a password is stolen, mitigation measures should be taken immediately instead of waiting for it to expire as per the set expiration policy. In addition, the soon to be removed policies are “a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity.”

The removal of the password-expiration policies without the addition of other password-oriented security configurations does not directly translate into a decrease in security but, instead, it simply stands as proof that security-conscious organizations need to implement extra measures to enforce their users’ security. As Microsoft further detailed, “to try to avoid inevitable misunderstandings, we are talking here only about removing password-expiration policies — we are not proposing changing requirements for minimum password length, history, or complexity.”

Amazon Prime’s dominance is spurring new startup opportunities

John Lin is an associate partner at Trinity Ventures supporting investments in developer tools, artificial intelligence and real estate. More posts by this contributor

E-commerce is one of the economy’s bright spots; U.S. e-commerce sales have nearly doubled in five years, and now exceed $500 billion. Unsurprisingly, Amazon has swooped in to claim a disproportionate share of the riches, gobbling up nearly 50 percent of the market share, driving competitors out of business and solidifying its position as one of the world’s most valuable companies.

RFID Payment Ring Made from Dissolved Credit Card

RFID payment systems are one of those things that the community seems to be divided on. Some only see the technology as a potential security liability, and will go a far as to disable the RFID chip in their card so that it can’t be read by a would-be attacker. Others think the ease and convenience of paying for goods by tapping their card or smartphone on the register more than makes up for the relatively remote risk of RFID sniffers. Given the time and effort [David Sikes] put into creating this contactless payment ring, we think it’s pretty clear which camp he’s in.

What Is Fix Rate, and Why Does It Matter?

Once your application security program is up and running, there are several metrics you can use to gauge your progress and optimize your program. For instance, companies typically measure their scan activity, flaw density, and policy compliance. However, very few include metrics for fix rate, despite the fact that it is an important indicator of a program’s success. Fix rate indicates how long it takes for a team to fix the vulnerabilities their scans find. Fix rate is calculated as follows: