Sunday, December 04, 2016

Cybersecurity Vulnerability and Patch Report, December 4, 2016



CYBERSECURITY VULNERABILITY

AND PATCH REPORT


Weekend Vulnerability and Patch Report, December 4, 2016


Important Security Updates

Dropbox: Dropbox has released version 15.4.22 for its file hosting program. Updates are available at Dropbox’s website. [See Citadel’s warning below]
Google Chrome: Google has released Google Chrome version 55.0.2883.75. Updates are available from within the browser or from Google Chrome’s website.
Mozilla Firefox: Mozilla has released version 50.0.2. Updates are available within the browser or from Mozilla’s website.

Current Software Versions

Adobe Flash 23.0.0.207
Adobe Reader DC 2015.020.20039
Dropbox 15.4.22 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 50.0.2 [Windows]
Google Chrome 55.0.2883.75
Internet Explorer 11.0.9600.18525
Java SE 8 Update 111 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Microsoft Edge 38.14393
QuickTime 7.7.9 [Citadel recommends removing QuickTime. On April 14, US-CERT advised Microsoft Windows users to remove QuickTime. This followed a report in ars technica that Apple has no plans to update the Windows app despite at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.]
Safari 9.1.3 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.30.0.105

For Your IT Department

Cisco Multiple Products: Cisco reports patched vulnerabilities in its Network Time Protocol, Linux Kernel and Open SSL Software affecting Cisco Products. Apply updates. Additional details are available at Cisco’s website.
McAfee Application Control:  McAfee has released updates for its McAfee Application Control (MAC) and Endpoint Security (ENS). Apply updates.  Additional details are available at available at McAfee’s website.

*******************
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2016 Citadel Information Group. All rights reserved.

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



Cyber Security News of the Week, December 4, 2016



CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP


Individuals at Risk

Cyber Privacy

The Surveillance Game: A Website That Gives You Points as It Spies on You: “Oh, you are truly my favorite subject!” exclaimed a soft voice in my ear. “Would you allow me to … see you, please?” My laptop’s webcam asked for permission to activate. Any other time, I’d have denied the request and closed my browser immediately, but I put my thumb over the lens and clicked “Allow.” I needed the points, after all. The Atlantic, November 28, 2016

Cyber Update

Google Fixes 12 High-Severity Flaws In Chrome Browser: Google is urging Windows, Mac and Linux users to update their Chrome browsers to fix multiple vulnerabilities that could allow malicious third parties to take control of targeted systems. ThreatPost, December 2, 2016
Mozilla Patches Firefox Zero Day Used to Unmask Tor Browser Users: As expected, Mozilla released a new version of Firefox on Wednesday to address a zero-day vulnerability that was actively being exploited to de-anonymize Tor Browser users. ThreatPost, December 1, 2016

Cyber Warning

Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1: Apple’s Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won’t work without the original user’s Apple ID and password. This makes stolen iDevices less valuable since they become more difficult to resell, and it has significantly reduced iPhone theft in major cities. ars technica, December 2, 2016
At least 10 million Android users imperiled by popular AirDroid app: For at least the past six months, a popular remote management app available in the official Google Play Store has opened tens of millions of Android users to code-execution and data-theft attacks when they use unsecured networks, researchers said Thursday. ars technica, December 1, 2016
1 million Google accounts compromised by Android malware called Gooligan: Researchers say they’ve uncovered a family of Android-based malware that has compromised more than 1 million Google accounts, hundreds of them associated with enterprise users. ars technica, November 30, 2016
Security Researchers Claim Ransomware Creeping Into Facebook and LinkedIn: Facebook is disputing recent reports that the file-encrypting ransomware known as Locky spread through its instant messaging platform. BankInfoSecurity, November 29, 2016
Skip the Phish on the Menu: Q. I got an email from Amazon for something I didn’t order. Should I be worried my account has been compromised? So far, nothing has happened. The New York Times, November 29, 2016

Information Security Management in the Organization

Information Security Management & Governance

65% of social engineering attacks compromised employee credentials: In fact, 60 percent of surveyed security leaders say their organizations were or may have been a victim of at least one targeted social engineering attack in the past year, and 65 percent of those who were attacked say that employees’ credentials were compromised as a result of the attacks, according to Agari. In addition, financial accounts were breached in 17 percent of attacks. HelpNetSecurity, December 2, 2016
2016: A reflection of the year in cybercrime: First of all it’s that time of year to reflect and be thankful. I want to thank this publication for this blog, for all of my readers and followers on Twitter and LinkedIn, I’m very thankful for my family, friends and colleagues. I’m also thankful to be a free American in the United States of America. God bless all our veterans, troops including my nephew Trevor who serves in the Navy and all first responders who sacrifice everything for each of us every day. CSO, December 2, 2016

Cyber Awareness

The Human Factor in Information Security – Citadel’s Kim Pease & Michael Kemps: No one can deny that cyberattacks are the new norm. Such risks will increasingly challenge our ability to operate our businesses. In the world of cybercrime, everyone — from individuals to nation-states — is a target. However, some targets are more alluring than others. Legal, accounting and other professional firms are increasingly targeted by cybercriminals and hackers who are intent on accessing the vast stores of data with which they are entrusted. Law Journal, December 2016

Cyber Career

The Cybersecurity Profession Has a Clear Career Path. LOL. Just Kidding: Do you know what your career path as a cybersecurity professional is? Have you ever really thought about that? Most don’t, as was reported in a recent study jointly published by the Enterprise Strategy Group (ESG) and the ISSA (Information Systems Security Association) earlier in November 2016. The study reported that over 65% of the 437 professionals surveyed stated that they do not have a clear career path. ITSP Magazine, November 30, 2016

Cyber Security in Society

Cyber Privacy

EFF & others vow to fight new gov’t authority to hack multiple devices with single search warrant (Rule 41): A new rule goes into effect Thursday that gives law enforcement the ability to hack millions of computers or smartphones at once with a single search warrant. But opponents of the controversial Rule 41 say they are committed to fight the government’s expanded powers. ThreatPost, December 1, 2016

Cyber Attack

Fast-Spreading Mirai Worm Disrupts UK Broadband Providers: Mirai, a fast-spreading worm that knocked 900,000 Deutsche Telekom customers offline earlier this week, has also caused hiccups for broadband customers in the U.K. BankInfoSecurity, December 2, 2016
Saudi Central Bank Systems Said to Be Struck by Iran Malware: State-sponsored hackers who unleashed a digital bomb in key parts of Saudi Arabia’s computer networks over the last two weeks damaged systems at the country’s central bank, known as the Saudi Arabian Monetary Agency, according to two people briefed on an ongoing investigation of the breach. Bloomberg, December 2, 2016
There’s a new DDoS army, and it could soon rival record-setting Mirai: For more than a week, someone has waged massive attacks on a daily basis. ars technica, December 1, 2016
New Mirai Worm Knocks 900K Germans Offline: More than 900,000 customers of German ISP Deutsche Telekom (DT) were knocked offline this week after their Internet routers got infected by a new variant of a computer worm known as Mirai. The malware wriggled inside the routers via a newly discovered vulnerability in a feature that allows ISPs to remotely upgrade the firmware on the devices. But the new Mirai malware turns that feature off once it infests a device, complicating DT’s cleanup and restoration efforts. KrebsOnSecurity, November 30, 2016

Know Your Enemy

San Francisco Rail System Hacker Hacked: The San Francisco Municipal Transportation Agency (SFMTA) was hit with a ransomware attack on Friday, causing fare station terminals to carry the message, “You are Hacked. ALL Data Encrypted.” Turns out, the miscreant behind this extortion attempt got hacked himself this past weekend, revealing details about other victims as well as tantalizing clues about his identity and location. KrebsOnSecurity, November 29, 2016
Two Dyn DDoS Hackers Appear To Have Created a New Massive Internet of Things Botnet: The massive cyberattacks that in the last few weeks have crippled several popular services like Twitter and Spotify, the website of a noted security journalist, and many more, may be about to get worse. Motherboard, November 29, 2016

National Cyber Security

FireEye CEO Kevin Mandia Russian State Hackers Changed The Game: Founder of Mandiant and FireEye CEO says Russia doesn’t appear to want to cover its tracks anymore. DarkReading, December 1, 2016
Center for Cyber & Homeland Security Issues Report on How the Private Sector Can Actively Defend Against Cyber Threats: Earlier this year, the Center for Cyber & Homeland Security at the George Washington University (“Center”) announced a new project on active defense against cyber threats. The Center established a high-level task force to examine these issues.  The task force included prominent cybersecurity and industry experts, including Alston & Bird partner and SecureTheVillage Leadership Council Member Michael Zweiback. … The Task Force successfully released its final report in October. It is available here. Alston & Bird Privacy & Data Security Blog, November 29, 2016
Steptoe Cyberlaw Podcast – Interview with John Markoff: Stewart Baker talks with long-time New York Times reporter, John Markoff, on the past and future of artificial intelligence and its ideological converse – the effort to make machines that augment rather than replace human beings. Our conversation covers everything from robots, autonomous weapons, and Siri to hippie poetry of the 1960s and Silicon Valley’s short memory on use of the term “cyber.” – Steptoe Cyberblog, November 28, 2016
Information security priorities for Trump’s administration: The notion that cybersecurity has major national security implications and impacts all government organizations and all Americans should be emphasized. NetworkWorld, November 28, 2016
U.S. Elections Are a Mess, Even Though There’s No Evidence This One Was Hacked: Was the 2016 presidential election hacked? It’s hard to tell. There were no obvious hacks on Election Day, but new reports have raised the question of whether voting machines were tampered with in three states that Donald Trump won this month: Wisconsin, Michigan and Pennsylvania. SchneierOnSecurity, November 23, 2016

Financial Cyber Security

MasterCard, Visa Push Gas Pump EMV Migration Deadline To 2020: Fuel merchants get three extra years to deploy the secure chip-enabled payment infrastructure in their complex environments. DarkReading, December 2, 2016
ATM Insert Skimmers: A Closer Look: KrebsOnSecurity has featured multiple stories about the threat from ATM fraud devices known as “insert skimmers,” wafer-thin data theft tools made to be completely hidden inside of a cash’s machine’s card acceptance slot. For a closer look at how stealthy insert skimmers can be, it helps to see videos of these things being installed and removed. Here’s a look at promotional sales videos produced by two different ATM insert skimmer peddlers. KrebsOnSecurity, November 27, 2016

Internet of Things

Keeping Your Thermostats & Toasters From Joining The IoT Dark Side: We are now in the wake of two of the biggest and most catastrophic Distributed Denial of Service (DDoS) attacks that we have seen yet. Brian Krebs’ Krebs on Security was subjected to a 620 Gbps DDoS. Days later, a second, and more catastrophic attack was levied against DNS provider, Dyn, resulting in Twitter, Amazon, and other Dyn clients (without redundancy) websites and resources being inaccessible to viewers and consumers on the US East Coast. ITSP Magazine, November 29, 2016

Cyber Sunshine

Police Shut Down Global Cybercriminal Fraud Service, seize 39 servers, arrest 5 : Law enforcement in the U.S., Europe and Asia say they’ve dismantled a resilient network rented by cybercriminals in order to infect tens of millions of computers with code that stole bank account details and spread file-encrypting malware. BankInfoSecurity, December 2, 2016
‘Avalanche’ Global Fraud Ring Dismantled: In what’s being billed as an unprecedented global law enforcement response to cybercrime, federal investigators in the United States, United Kingdom and Europe today say they’ve dismantled a sprawling cybercrime machine known as “Avalanche” — a distributed, cloud-hosting network that for the past seven years has been rented out to fraudsters for use in launching countless malware and phishing attacks. KrebsOnSecurity, December 1, 2016

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810

Monday, November 28, 2016

Cybersecurity Vulnerability and Patch Report, November 27, 2016


CYBERSECURITY VULNERABILITY

AND PATCH REPORT


Important Security Updates

AVG Free Edition: AVG has released version 2016.131.7924 of its 32 bit Free Edition. Updates are available on AVG’s website.
AVG Internet Security: AVG has released version 2016.131.7924 of its 64 and 32 bit Internet Security. Updates are available on AVG’s website.
Opera: Opera has released version 41.0.2353.69. Updates are available from within the browser or from Opera’s website.
Skype: Skype has released Skype 7.30.0.105. Updates are available from the program or Skype’s website.
Viber: Viber has released version 6.4.2 for Windows. Updates are available on Viber’s website.

Current Software Versions

Adobe Flash 23.0.0.207
Adobe Reader DC 2015.020.20039
Dropbox 14.4.19 [Citadel warns against relying on security of Dropbox or other cloud-based file exchange systems. We recommend files containing sensitive information be independently encrypted with a program like Axcrypt; encryption keys be at least 15 characters long; and the master Dropbox [or other] password be at least 15 characters long and different from other passwords.]
Firefox 50.0 [Windows]
Google Chrome 54.0.2840.99
Internet Explorer 11.0.9600.18525
Java SE 8 Update 111 [Citadel recommends removing or disabling Java from your browser. Java is a major source of cyber criminal exploits. It is not needed for most internet browsing. If you have a particular web site that requires Java, Citadel recommends using a two-browser approach to minimize risk. If you normally browse the Web with Firefox, for example, disable the Java plugin in Firefox and use an alternative browser — such as Chrome, IE9, Safari, etc — with Java enabled to browse only the sites that require it.]
Microsoft Edge 38.14393
QuickTime 7.7.9 [Citadel recommends removing QuickTime. On April 14, US-CERT advised Microsoft Windows users to remove QuickTime. This followed a report in ars technica that Apple has no plans to update the Windows app despite at least two reliable QuickTime vulnerabilities that threaten Windows users who still have the program installed.]
Safari 9.1.3 [Mac OS X Mavericks, Yosemite, El Capitan]
Skype 7.30.0.105

For Your IT Department

Cisco Multiple Products: Cisco reports patched vulnerabilities in its Network Time Protocol and Open SSL Software affecting Cisco Products. Apply updates. Additional details are available at Cisco’s website.
VMware:  VMware has released updates for its VMware vCenter Server, vSphere Client, vRealize Automation, Identity Manager. Apply updates.  Additional details are available at available at VMware’s website.
*******************
If you are responsible for the security of your computer, Citadel’s Weekend Vulnerability and Patch Report is for you. We strongly urge you to take action to keep your workstation patched and updated.
If someone else is responsible for the security of your computer, forward our Weekend Vulnerability and Patch Report to them and follow up to make sure your computer has been patched and updated.
Vulnerability management is a key element of cyber security management. Cyber criminals take over user computers by writing computer programs that “exploit” vulnerabilities in operating systems (Windows, Apple OS, etc) and application programs (Adobe Acrobat, Office, Flash, Java, etc). When software companies find a vulnerability, they usually issue an update patch to fix the code running in their customer’s computers.
Citadel publishes our Weekend Vulnerability and Patch Report to alert readers to some of the week’s important updates and vulnerabilities. Our focus is on software typically found in the small or home office (SOHO) or that users are likely to have on their home computer. The report is not intended to be a thorough listing of updates and vulnerabilities.
Copyright © 2016 Citadel Information Group. All rights reserved.

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



Cyber Security News of the Week, November 27, 2016


CYBERSECURITY NEWS

FROM OUR FRIENDS AT CITADEL INFORMATION GROUP



Individuals at Risk

Identity Theft

Michigan State University confirms data breach of server containing 400,000 student, staff records: Michigan State University is confirming that someone breached a database containing 4000 student records. WXYZ, November 18, 2016

Cyber Privacy

Navy Reports Data Breach After HP Laptop Compromised: The US Navy is warning more than 130,000 sailors of a data breach, after a laptop belonging to an employee of Navy contractor Hewlett Packard Enterprise Co. was compromised. Navy officials have determined that sensitive information, including the names and social security numbers of both current and former sailors, were accessed by unknown individuals. IT security experts from Alert Logic and Apricorn commented below. InformationSecurityBuzz, November 25, 2016
UBER PORTAL LEAKED NAMES, PHONE NUMBERS, EMAIL ADDRESSES, UNIQUE IDENTIFIERS: A series of vulnerabilities in UberCENTRAL, a portal Uber started during the summer to help businesses facilitate rides for customers, could have leaked the names, phone numbers, email addresses, and unique ID of all Uber users. ThreatPost, November 23, 2016

Cyber Defense

3 Ways to Boost Your Family’s Online Security This Holiday: VISITING RELATIVES OVER the holidays? Along with strategically avoiding any remotely political conversations, now’s the perfect time to help your loved ones better understand their personal digital security. They need it now more than ever. Wired, November 24, 2016
What Could The Next Ransomware Note Say? Let’s Learn from 2016: While ransomware threats are mostly an unknown entity to everyday consumers and Internet users, the widespread havoc these types of attacks have waged on healthcare organizations during 2016 started hitting a little too close to home. Consumers need to dispel the mindset of “that won’t happen to me” and make the connection that their information is being targeted – it’s just happening through a third party database, not their personal devices. ITSP Magazine, November 23, 2015
Travel Security Tips for Personal and Business Trips: One of the great myths of executive travel is the benefit of racking up hospitality rewards for grand vacations in Fiji or the Swiss Alps. In reality, trips are frequent, exhausting and sometimes bound for undesirable destinations that present a slew of security issues. SecurityIntelligence, November 23, 2016
Protecting Your Digital Life in 7 Easy Steps: There are more reasons than ever to understand how to protect your personal information. The New York Times, November 16, 2016

Information Security Management in the Organization

Information Security Governance

Information security role moving beyond tech expertise: At the recent ISSA International Conference in Dallas, SearchCompliance editor Ben Cole met with conference speakers to discuss the changing data threat landscape and how it is influencing the information security role. In this Q&A, SANS Institute CISO Frank Kim explains why communication and other people skills have become a big part of infosec professionals’ job requirements. SearchCompliance, November 21, 2016
Cyber crime affects 40 percent of manufacturing companies: In an increasingly interconnected world, all organizations are at risk from cyber attacks and manufacturing businesses are no exception. BetaNews, November 18, 2016

Cyber Warning

Poison .JPG spreading ransomware through Facebook Messenger: Checkpoint has found an image obfuscation trick it thinks may be behind a recent massive phishing campaign on Facebook that’s distributing the dangerous Locky ransomware. TheRegister, November 25, 2016
Google warns journalists and professors: Your account is under attack: A flurry of social media reports suggests a major hacking campaign has been uncovered. ars technica, November 23, 2016
WORDPRESS PLUGINS LEAVE ONLINE SHOPPERS VULNERABLE: Researchers are calling into question the safety of some of the top WordPress e-commerce plugins used on over 100,000 commercial websites prepping for Black Friday and Cyber Monday online sales. ThreatPost, November 22, 2016
How to dodge Black Friday and Cyber Monday shopping hackers: Hackers are writing apps, setting up phony Wi-Fi networks and unleashing malware in attempts to turn legitimate Black Friday 2016 and Cyber Monday retailing into profits for themselves, according to security experts. CIO, November 22, 2016

Cyber Defense

8 Books Security Pros Should Read: Hunting for a good resource on the security industry? Check out these classics from the experts to learn more about hacking, defense, cryptography and more. DarkReading, November 23, 2016

Cyber Security in Society

Cyber Crime

Madison Square Garden, Radio City Music Hall Breached: Cybercriminals broke into the payment card processing system used by the Madison Square Garden Co., owner of Radio City Music Hall and other iconic entertainment venues, harvesting payment card details for nearly a year. BankInfoSecurity, November 23, 2016

Cyber Attack

Akamai on the Record KrebsOnSecurity Attack: Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated. KrebsOnSecurity, November 22, 2016

Cyber Freedom

Internet freedom around the world keeps decreasing: or the sixth year in a row, Internet freedom is declining. According to the latest Freedom on the Net report, 67 percent of all Internet users now live in countries where online criticism of the government, ruling family or the military is subjected to censorship, and such activity can result in individuals getting arrested. HelpNetSecurity, November 23, 2016

Know Your Enemy

Hackers advertising and selling phishing kits with secret backdoor via YouTube : Cybercrime, like any other enterprise is a business, albeit an illegal one. Apart from targeting individuals, businesses and governments, cybercriminals also cash in by creating, using and marketing malware to other crooks. It appears however, that the age old adage of “honour among thieves” does not apply to cybercriminals these days. IBTimes, November 25, 2016

National Cyber Security

Election Results: Academics Seek Audit in Key States: A group composed of computer scientists and activists has proposed that U.S. election results be audited in three key states in which President-elect Donald Trump won by a razor-thin margin. The group’s goal is to definitively disprove that hackers may have influenced the contentious election. BankInfoSecurity, November 24, 2016
DoD Opens .Mil to Legal Hacking, Within Limits: Hackers of all stripes looking to test their mettle can now legally hone their cyber skills, tools and weaponry against any Web property operated by the U.S. Department of Defense (DoD), according to a new military-wide policy for reporting and fixing security vulnerabilities. KrebsOnSecurity, November 23, 2016
Want to Know if the Election was Hacked? Look at the Ballots: How might a foreign government hack America’s voting machines to change the outcome of a presidential election? Here’s one possible scenario. First, the attackers would probe election offices well in advance in order to find ways to break into their computers. Closer to the election, when it was clear from polling data which states would have close electoral margins, the attackers might spread malware into voting machines in some of these states, rigging the machines to shift a few percent of the vote to favor their desired candidate. This malware would likely be designed to remain inactive during pre-election tests, do its dirty business during the election, then erase itself when the polls close. A skilled attacker’s work might leave no visible signs — though the country might be surprised when results in several close states were off from pre-election polls. J. Alex Halderman on Medium, November 23, 2016

Cyber Vulnerability

Elegant 0-day unicorn underscores “serious concerns” about Linux security: Recently released exploit code makes people running fully patched versions of Fedora and other Linux distributions vulnerable to drive-by attacks that can install keyloggers, backdoors, and other types of malware, a security researcher says. ars technica, November 22, 2016

Financial Cyber Security

Report: European Banks Struck by ATM Jackpotting Attacks: Hackers have been draining ATMs of cash across Europe after compromising the networks of banks and planting malicious software on the machines, the security company Group-IB says. But the Russian company’s report is being cautiously reviewed by some in the financial services industry. BankInfoSecurity, November 23, 2016

Internet of Things

Study: Industry slow to implement information security measures: MUNICH — Industrial companies are aware that information security and risk management are crucial in today’s data-driven and connected world. But, according to a new study, they also are relatively slow in implementing policies to fend off threats. automotiveIT, November 25, 2016
The Internet of Things is making hospitals more vulnerable to hackers: The attack potential grows exponentially as IoT technologies are implemented, warns European cyber security agency. ZDNet, November 25, 2016
Smartphone App Flaw Leaves Tesla Vehicles Vulnerable To Theft: Tesla cars can be tracked, located, unlocked and driven away by compromising the company’s smartphone app. InfoSecurity Magazine, November 24, 2016

Cyber Research

Quantum Computers Could Crush Today’s Top Encryption in 15 Years: Quantum computers could bring about a quantum leap in processing power, with countless benefits for fields like data science and AI. But there’s also a dark side: this extra power will make it simple to crack the encryption keeping everything from our emails to our online banking secure. SingularityHub, November 24, 2016
Battle of the Bots: How AI Is Taking Over the World of Cybersecurity: Google has built machine learning systems that can create their own cryptographic algorithms — the latest success for AI’s use in cybersecurity. But what are the implications of our digital security increasingly being handed over to intelligent machines? SingularityHub, November 9, 2016

Jeff Snyder’s, SecurityRecruiter.com, Jeff Snyder CoachingSecurity Recruiter Blog, 719.686.8810



SecurityRecruiter.com's Security Recruiter Blog