Network Security News Weekly

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the week of May 28, 2018


How can Office 365 phishing threats be addressed?
The primary threat to consider in this case is the frequency of phishing attacks within Office 365. While no global statistics are available from Microsoft, the frequency of phishing within Office 365 is estimated to cost the average organization 1.3 compromised accounts each month via unauthorized, third-party login using stolen credentials. While this adds up to nearly 16 compromised accounts per year per organization, the risks they pose are much higher. (By: , Help Net Security)

Protecting against ransomware using PCI DSS and other hardening standards
Most organizations that process card payments, should comply with the PCI DSS standard. Ensuring compliance with PCI DSS is a good place to start in defending against threats like ransomware. Doing so can help organizations identify and strengthen weakened controls and reduce their attack surface. It can also assist companies in implementing security controls such as file integrity monitoring, vulnerability management and deploy a central log aggregator, such as a SIEM. (By: , SC Magazine UK)

Banks Adopt Military-Style Tactics to Fight Cybercrime
Cybercrime is one of the world’s fastest-growing and most lucrative industries. At least $445 billion was lost last year, up around 30 percent from just three years earlier, a global economic study found, and the Treasury Department recently designated cyberattacks as one of the greatest risks to the American financial sector. For banks and payment companies, the fight feels like a war — and they’re responding with an increasingly militarized approach. (By: , New York Times)

25% of companies affected by cloud cryptojacking
Researchers found that 25% of organizations suffered from cryptojacking incidents, a sharp spike representing a 3X increase from the 8% reported in the last quarter. On a related note, 85% of resources were found to have no firewall restrictions on any outbound traffic (up from 80% one year ago). For the record, industry best practices mandate that outbound network traffic should be restricted to prevent accidental data loss or data exfiltration in the event of a breach. (By: , Help Net Security)

Spectre chip security vulnerability strikes again; patches incoming
To fix the problem, Intel has released beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by blocking Speculative Store Bypass from occurring. Intel hopes most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018. (By: , Zero Day)

Global Fraud Hits £3.2 Trillion
Experts have urged organizations to focus more on fraud prevention after new figures were released revealing that doing so could add a staggering £44 billion to the UK economy. Researchers at the University of Portsmouth’s Centre for Counter Fraud Studies teamed up once again with tax and advisory firm Crowe, Clark and Whitehill to produce The Financial Cost of Fraud 2018 report. (By: , Infosecurity Magazine)

EFail Exploit Exposes Encrypted Email Content
The researchers tested 35 S/MIME email clients and found that EFail affected 25. It affects 10 out of 28 OpenPGP clients as well. Apple Mail, iOS Mail, and Mozilla Thunderbird had more severe implementation flaws that were identified and detailed in the report. To definitively show that these attacks can be executed, the researchers also uploaded demonstration videos showing how an attacker could exploit vulnerable email clients. (By: , Trend Micro)



Sign Up For Netsec News Weekly

Ingalls Information Security
TOP