Weekly InfoSec Roundup 05/11/2018

This week in infosec news we see the Equifax breach is receiving attention once again. It is nearing the year mark of when the breach occurred and lasting consequences and coverage is still going strong. With critical flaws hitting Chrome, Microsoft, and others this week it's important to know how to execute your patch management plan quickly and effectively. 

After Equifax breach, major firms still rely on same flawed software

“Hackers stole 145 million records by exploiting a vulnerability in a widely used open-source web server software that the credit rating giant failed to patch months earlier. Names, addresses, social security numbers, and more were swiped -- leaving Americans at risk of credit fraud and identity theft.”

Read More

Unpatched Flaws Expose Lantech Industrial Device Servers to Attacks

“Two critical vulnerabilities have been discovered by a researcher in industrial device servers from Taiwan-based industrial networking solutions provider Lantech. The flaws can be exploited remotely even by an attacker with a low skill level, but the vendor has not released any patches.”

Read More

Equifax Update Clarifies Breach Details to SEC

“Under-fire credit reporting agency Equifax has released updated figures clarifying the types and volumes of data stolen in its massive 2017 breach.In a letter sent to regulator the US Securities and Exchange Commission (SEC) on Monday, the firm explained that although the total number of affected customers remains the same, it has been able to confirm the total volume of each breached data type.”

Read More

The GDPR Opportunity

“Privacy has been top of mind recently-especially as we near May 25 when the General Data Protection Regulation (GDPR) goes into effect. Companies that do business in Europe will now be on the hook for damages caused by data breaches and are doing everything they can to remain in compliance.”

Read More

Microsoft Patches Two Zero-Day Flaws this Month

“Microsoft has patched over 60 vulnerabilities in this month’s security update round including two being actively exploited in the wild.”

Read More

Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules

“Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.”

Read More

26% of Companies Ignore Security Bugs Because They Don’t Have the Time to Fix Them

“A survey compiled last month at the RSA security conference reveals that most companies are still behind with proper security practices, and some of them even intentionally ignore security flaws for various reasons ranging from lack of time to lack of know-how.”

Read More

Chrome 66 Update Patches Critical Security Flaw

An updated version of Chrome 66 is now available, which addresses a Critical security vulnerability that could allow an attacker to take over a system.A total of 4 security vulnerabilities were addressed in the latest browser release, three of which were reported by external researchers.”

Read More

Despite tougher obligations, “mismanaged” corporate security has left billions of identity records exposed

More than 3 billion identity records were found spread across visible and underground online sources during 2017, according to new research that lends further weight to suspicions that protection of personally identifiable information (PII) is proving tremendously ineffective in the face of thriving demand from online cybercriminals.”

Read More

Brinqa @ Cyber Security Summit Dallas, TX

Brinqa is a sponsor next week at Cyber Security Summit which is close to home in Dallas, Texas on Tuesday, May 15th. Make sure to stop by our booth where we will be available for product demos and discussions around cyber risk management.Make sure to register before tickets sell out!

Click Here

Register for our Next webinar 

“​Modern Vulnerability Management : Knowledge, Automation, Analytics

With growing numbers of new vulnerabilities disclosed every year, increasing attacker sophistication, and a myriad of tools and teams that have to be synchronized for effective response, most organizations struggle with designing and implementing an effective vulnerability management program. In this webinar we discuss 3 key components that all modern vulnerability programs must address :

- Knowledge: How to create actionable intelligence from business context, threat intelligence, and any other relevant data source
- Automation: How to implement automation to streamline significant parts of the VM process
- Analytics: How to effectively engage and inform all stakeholders

Stay updated with our blog posts

Enter your email address and you'll be notified about our new posts

Brinqa Thank You logo speech bubble


  • This field is for validation purposes and should be left unchanged.
© 2021 BRINQA | Legal | Terms | Privacy Notice