Google is continuing to test new strategies in China after the U.S. search giant released its first mini program for WeChat, the country’s hugely popular messaging app.
Oracle released their quarterly critical patch update today. This patch addresses a record number of 334 vulnerabilities across a wide set of Oracle supported products.
Ubuntu Security Notice USN-3717-2
July 17, 2018
The UK’s National Health Service is celebrating its 70th anniversary this year. To coincide with this, the UK government has made a big financial commitment to the service’s future. The NHS annual budget of £114 billion will rise by 3.4 percent a year.
In response to the news that Telefonica has suffered a data breach which exposed the details of millions of Spanish users, Rob Shapland, IT security experts commented below.
Today PWC published a report which stated that AI will create as many jobs as it displaces by boosting economic growth. In response to the release of this report, Matt Walmsley, EMEA Director at Vectra – a company that automates the hunt for cyber threats by using AI – has provided commentary on how AI is helping to create new cybersecurity jobs.
Single sign-on (SSO) is a centralized session and user authentication service in which one set of login credentials can be used to access multiple applications. Its beauty is in its simplicity; the service authenticates you one on one designated platform, enabling you to then use a plethora of services without having to log in and out each time.
Black Hat USA offers information security professionals an opportunity to keep up with the latest developments, research, and trends. Now in its 21st year, Black Hat has earned a reputation for being one of the must-attend annual security conferences for today’s information security professionals, providing attendees with a variety of options, including several tracks, to learn from the industry’s most forward-thinking thought leaders and world-renowned experts, not to mention networking opportunities with industry peers. Training sessions and briefings offer chances to learn more about software hacks, advanced cloud security strategies, penetration testing, network security, whiteboard hacking, machine learning, IoT, cryptography, forensics, ICS, malware and mobile security.
A business continuity plan is NOT the same as a disaster recovery plan. For an enterprise, disaster recovery focuses primarily on restoration of IT infrastructure and operations after a crisis – while business continuity focuses on the continuation of operations of the entire business during and after a crisis – if possible. This means making sure that day-to-day operations—from HR to manufacturing to sales are up and running so that a company can continue to make money. Make no mistake – disaster recovery is a key component of business continuity, but it is only part of the whole process.
Recently, a client of ours expressed interest in segmenting their existing, flat network. The existence of these types of non-segmented networks is still very prevalent, especially in the manufacturing, supply chain, and medical verticals. The primary reason the organization wished to move on this initiative was in an effort to reduce the scope of their PCI-DSS requirements. However, they also understood the risks to the organization in allowing business network assets (e.g. receptionist laptops, multi-function printers, etc.) to communicate with factory floor assets, such as expensive production steel presses, laser cutters, or chemical mixing systems, especially with Internet of Things (IoT) connectivity needs looming. One successful phishing attack on a user whose laptop can communicate to these production-critical systems could have potentially drastic outcomes on the organization’s ability to generate revenue.
The EU General Data Protection Regulation, or GDPR, came into force on May 25. With every organization with customers and suppliers in the European Union now accountable for the way in which they handle or process personal data, much work has been done to ensure compliance by the deadline. As a result, all levels of a business are now concentrated on meeting the requirements of the new regulation, throwing the issue of data protection into focus like never before.
text file contains over 15,500 usernames, passwords, and files names
For many years now, enterprise networks have seen a steady stream of new devices that are outside of IT department control. The mobility trend has given way to the rise of the IoT and the result is a lot of unmanageable endpoints that represent a clear security risk. Smart lighting, printers, Bluetooth keyboards, smart TVs, video cameras, switches and routers are all connected devices that often lack any built-in security.
With more enterprises adopting multi-cloud and hybrid cloud computing strategies, it’s more important than ever to avoid getting locked into just one cloud provider’s tools and technologies. Multi-cloud and hybrid cloud deployments offer many benefits. They include the ability to pick and choose which cloud vendor’s add-on services are right for your business, as well as the ability to implement best-of-breed solutions when the time is right. Multi-cloud also adds redundancy and security because all of your proverbial eggs are not in one basket.
In Australia yesterday, as reported by abc.net.au, a third party supplier of airport security ID cards was hacked. The breach isn’t necessarily big in number, but it’s serious in terms of airport security as the ID cards are designed to stop criminals or terrorists from accessing planes and other restricted airport zones. Australia’s airports and the people who work at them are considered some of the most sensitive elements of Australia’s national security infrastructure.
Guest post by Limor Wainstein
A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software (OSS) ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a jump-off for creating their software—and that includes malware authors.
Today’s post was coauthored by Debraj Ghosh, Senior Product Marketing Manager, and Diana Kelley, Cybersecurity Field CTO.