Category: Cybersecurity & Infosec

http://www.csoonline.com/article/3186493/security/dont-pay-ransoms-but-if-you-must-heres-where-to-buy-the-bitcoins.html

In literally less than 1 week after Apple released iOS 10.3 to remedy 70 vulnerabilities, an overflow bug is discovered by Google Zero team, leading to today’s iOS 10.3.1 patch. Be sure to go to Settings –> General –> Software Update on your iOS device and ensure you have the latest patches.

https://www.scmagazine.com/buffer-overflow-bug-patched-in-latest-ios-update/article/648280/

Please reserve your spot today for the 2017 Security Advisor Alliance Summit, September 26-27 in Denver!

The Alliance Summit is the Premier gathering of Senior Information Security Leaders focused on Skill Development, Leadership Building and Firm Takeaways that can be implemented immediately to make your business better. Read More

[Infosecurity Magazine] “PwC UK worked closely with UK defense firm BAE Systems and the new National Cyber Security Centre (NCSC) to uncover “Operation Cloud Hopper”, which they’re claiming to be “one of the largest ever sustained global cyber espionage campaigns.”

Such “stepping stone” attacks are not uncommon, but the scale of this campaign is noteworthy, with MSP infrastructure used as “part of a complex web of exfiltration routes spanning multiple victim networks.” Read More

Hackers Stole $800,000 From Russian ATMs With Disappearing Malware

In the ongoing saga of FTC chicanery in the LabMD case… In case you are not up to speed, LabMD was investigated and charged by the FTC for lax security and exposure of patient data in 2009, and in subsequent hearings it became evident that the FTC was on a fishing expedition, paying infosec contractor Tiversa to “manufacture” evidence of malfeasance when there was no proof the data had been stolen or that any harm had subsequently come to patients of the small cancer detection lab.

This week, a federal judge denied the motion to dismiss the First Amendment case that LabMD brought against alleged complicit FTC employees. An excerpt from Law360, below: Read More

I recently wrote a blog article for Ingegy on the topic of IIoT security. Check it out!

A very good write up on how the FAIR quantitative method can be used to help COSO succeed.