Weekly InfoSec Roundup 01/12/2018

Flaws, vulnerabilities, patches oh my! This past week was busy in InfoSec with serious flaws and vulnerabilities popping up left and right, followed quickly by patches. With so much going on you may have missed some of the top stories. Check out our list below to get caught up.

 

  • Vulnerability Management: The Most Important Security Issue the CISO Doesn’t Own

  • “Information security and IT need to team up to make patch management more efficient and effective. Here’s how and why.”
    Read More

 

  • Hardcoded Backdoor Found on Western Digital Storage Devices

  • Firmware updates released by Western Digital for its MyCloud family of devices address a series of security issues, including a hardcoded backdoor admin account.”
    Read More

 

  • Serious Flaws Affect Dell EMC, VMware Data Protection Products

  • “Data protection products from both Dell EMC and VMware are impacted by three potentially serious vulnerabilities discovered by researchers at Digital Defense.”
    Read More

 

  • Companies will make major enterprise-wide changes to address cyber risk

  • “In the face of increased cyber risks, companies are likely to take out more standalone cyber insurance policies to mitigate the threats”

    Read More

 

  • Adobe patches information leak vulnerability

  • “In comparison to Microsoft which is having a busy month patching due to Spectre and Meltdown, Adobe’s latest patch update addresses only one vulnerability.”
    Read More

 

  • Patch Tuesday: More Work for Admins With 56 Flaws to Fix

  • “Microsoft heaped more work on IT administrators this week with a Patch Tuesday update round that will bring the total CVEs addressed in January to 55, including four public disclosures and one zero-day vulnerability.”

    Read More

 

  • Survey: Most Security Pros Aim to Patch Vulnerabilities within 30 Days

  • “High-profile cybersecurity incidents continue to result from the simple mistake of leaving a known vulnerability unpatched. To understand how organizations are keeping up with vulnerabilities, Tripwire partnered with Dimensional Research to survey 406 IT security professionals about their patching processes.”

    Read More

 

  • SCADA security: Bad app design could give hackers access to industrial control systems

  • “’Shocking’ flaws show apps for industrial control systems are being built without enough thought for security, according to researchers.”

    Read More

 

  • Risky Business (Part 2): Why You Need a Risk Treatment Plan

  • “No company has the ability to mitigate all risks at all times. No company I’ve ever visited has even had all of its identified risks treated at any given point.”

    Read More

  • Equifax Would Have Paid $1.5bn Under New US Breach Laws

  • “Senators have proposed new legislation which would impose strict liability penalties on credit agencies (CRAs) in the event of a data breach.”

    Read More

 

  • Data Breaches Remain Top Concern for Chief Information Security Officers in 2018

  • “High-profile data breaches at Equifax Inc., Yahoo Inc., and Uber Technologies Inc. dominated headlines in 2017, propelling cybersecurity-related issues to the top of concerns for businesses and consumers. According to a recent report based on a survey of more than 15,000 chief information security officers (CISOs) by the Ponemon Institute, concerns over data breaches will continue to haunt companies in 2018.”

    Read More

 

  • Shocking new Intel flaw gives hackers full control of laptops in less than 30 seconds

  • “A newly-disclosed Intel security flaw impacting most corporate laptops can let hackers with physical access to a computer backdoor the device in “less than 30 seconds”.”

    Read More

 

  • Majority of Companies Lack Sufficient IoT Policy Enforcement Tools

  • “Majority of Companies Lack Sufficient IoT Policy Enforcement Tools
    Shortfall exists despite nearly all global technology enterprise companies having security policies to manage IoT devices.”

    Read More

 

  • How 2017 Thrusted Cybersecurity Into the National Spotlight

  • “What a year 2017 has been. From Shadow Brokers, WannaCry and Petya to the constant and consistent discussion about diversity in cybersecurity and tech, 2017 has been a whirlwind of changes.”

    Read More

Stay updated with our blog posts

Enter your email address and you'll be notified about our new posts

  • This field is for validation purposes and should be left unchanged.
© 2019 BRINQA | Legal | Terms