This month we have seen mobile and smart devices become a key topic of discussion. With the Chinese company Tencent exposing flaws in the Qualcomm chipsets found in most android devices today, we must remember to stay vigilant in monitoring who and what our devices are connected to.
Perspective: State of the Marketplace
Dropbox has uncovered a staggering 264 vulnerabilities that were discovered during a bug-hunting event. Fortunately this event was sponsored by them specifically for the purpose of finding and remediating security vulnerabilities.
Computer hardware manufacturer ASUS was the victim of a sophisticated attack that left backdoor malware embedded in their update software.
California is proposing an update to their data breach notification law. When California State Bill 1386 went into effect in 2003, it was country’s first data breach notification legislation.
Perspective: Time for a Better Mouse Trap
If your institution uses Microsoft Exchange 2013 or newer, be aware that there is a new vulnerability that requires attention. Hackers have been able to leverage an NTLM authentication function to perform relay attacks using the Exchange Web Services (EWS) interface.
Automation is constantly evolving, and recent advancements in attack tools and methods are demonstrating that malicious automation can be expected to have significant ramifications.
At least eight Eastern European banks were hacked using rogue devices planted inside the network. These devices included cheap laptops, homemade network appliances and usb “Bash Bunnies” to intercept data and provide remote access.
What is Threat Intelligence?
Threat Intelligence is a commonly misunderstood security term. In general terms, it is information gathered from internal and external sources that is used to inform the organization about risks to their information systems and business operations.
India’s Cosmos Bank was hit with a coordinated attack using cloned ATM cards and an attack against the SWIFT system. Of note, the attack involved money mules in 28 different countries and 15,000 transactions over a seven-hour window of opportunity.
On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (CCPA), which provides what is arguably the most restrictive privacy law in the U.S. and would likely have some effect on most businesses across the country.