Weekly InfoSec Roundup 01/19/2018

This weeks roundup covers some of the continued headaches and heart aches that have been associated with Spectre’s many patches, CPU failures, and now malware that has sprung to life in the form of fake patches. Brinqa will also be attending Data Connectors in Houston next week for more details read on.

  • List of Links: BIOS Updates for the Meltdown and Spectre Patches

  • “As Intel, AMD, and other CPU manufacturers have started releasing CPU microcode (firmware) updates for processor models affected by the Meltdown and Spectre patches, those updates are trickling down to OEMs and motherboard vendors, who are now integrating these patches into BIOS/UEFI updates for affected PCs.”
    Read More

 

  • World Economic Forum Publishes Cyber Resiliency Playbook

  • “The World Economic Forum (WEF) has released a playbook for public-private collaboration to improve cyber resiliency ahead of the launch of a new Global Centre for Cybersecurity at the Annual Meeting 2018 taking place on January 23-26 in Davos, Switzerland.”
    Read More

 

  • Backdoor Found in Lenovo, IBM Switches

  • “A high severity vulnerability described as a backdoor has been patched in several Flex System, RackSwitch and BladeCenter switches from Lenovo and IBM.”
    Read More

 

  • Windows Meltdown-Spectre: Watch out for fake patches that spread malware

  • “Criminals have yet to exploit Meltdown and Spectre, but they’re playing on users’ uncertainties about the CPU flaws in their malware and phishing schemes.”

    Read More

 

  • Incident Readiness and Response, an Evolution in Cyber Risk Mitigation

  • “Most Organizations Have an Incident Response Plan, But All Too Often It is Filed Away Somewhere and Forgotten.”
    Read More

 

  • Most Common Exploits of 2017 in Microsoft Office, Windows

  • “The most common exploit affects Microsoft Office and has been used by attackers in North Korea, China, and Iran.”

    Read More

 

  • Who should be responsible for cybersecurity?

  • “Clearly, cybersecurity is everybody’s problem. It’s high time this truth was recognized, starting with the executive suite on down.”

    Read More

 

  • Oracle Patches Spectre Flaw in x86 Servers

  • “Oracle has released its first update round of the year, which includes fixes for products affected by one of the recently disclosed Spectre CPU vulnerabilities.”

    Read More

 

  • Cloud computing: Why a major cyber-attack could be as costly as a hurricane

  • “The economic damage of a successful major cyber-attack against a large cloud services provider could be similar in scale to the financial impact of a destructive hurricane.”

    Read More

  • Google’s G Suite gets new dashboard to spot new threats

  • “Google has launched a new tool for G Suite that gives admins a quick snapshot of phishing and malware threats and trends that affect overall email security.”

    Read More

 

  • Meltdown-Spectre: Intel says newer chips also hit by unwanted reboots after patch

  • “Intel says the unexpected reboots triggered by patching older chips affected by Meltdown and Spectre are happening to its newer chips, too.”

    Read More

 

  • Cisco Patches Flaws in Email Security, Other Products

  • “Cisco has patched several high severity vulnerabilities, including ones that allow privilege escalation and denial-of-service (DoS) attacks, in its Unified Customer Voice Portal (CVP), Email Security, and NX-OS products.”

    Read More

 

  • Strong Incident Response Starts with Careful Preparation

  • “Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.”

    Read More

 

  • Understanding Supply Chain Cyber Attacks

  • “While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.”

    Read More

 

  • How to engage with the C-Suite on cyber risk management, part 4

  • “Creating metrics to indicate risk.”

    Read More

 

  • Brinqa @ Data Connectors Houston

  • Brinqa is a sponsor at the upcoming Data Connectors Conference in Houston on January 25, 2018! Make sure to stop by our booth where we will be available for product demos and discussions around cyber risk management. See y’all in Houston next”

    Read More

Stay updated with our blog posts

Enter your email address and you'll be notified about our new posts

  • This field is for validation purposes and should be left unchanged.
© 2019 BRINQA | Legal | Terms