Desafíos
EL DIARIO DEL CISO (THE CISO JOURNAL)
Marzo, Volumen 5/2019
Pensando y Trabajando por un Líder de Seguridad Digital
En esta edición
Desafíos de un Líder de Seguridad Digital (LSD) CISOS.CLUB
Desafíos de un LSD de hoy (Challenges of a DSL’s today) Pensamientos de un LSD Thoughts of a DSL International InfoSec & CyberSecurity News Influencers Influenciadores
Noticias de Seguridad y Ciberseguridad
Reportes y encuestas de la Semana (Report & surveys of the Week)
Ruta de la Seguridad Bolsa de Empleo
Other Magazines & More
Las noticias de Ciber-Seguridad siguen materializando su carácter de constante y continúa en la realidad digital en la que las organizaciones se desenvuelven. Dentro de todo el conglomerado de noticias que circulan a través de los diferentes medios se han comentado con mayor frecuencia, 2.7 millones de registros médicos relacionados con las llamadas de los pacientes que se han visto expuestos; 40% de las urls maliciosas se encuentran en los sitios reales; vulnerabilidades de WinRar, Drupal resaltan que la inevitabilidad de la falla es una constante; los datos expuestos relacionados con el Dow Jones; El cierre de la empresa Cohinve; los análisis realizados por el gobierno Australiano por el ataque al parlamento así como la brecha a la firma UConn que afecta al menos 326.000 registros al menos de pacientes médicos. Estas y más noticias reflejan la dinámica de la Ciber-Seguridad a nivel global y con ellos los esfuerzos que deben realizar los Líderes de Seguridad Digital (#LSD) para atender las tensiones mismas que vienen embebidas en el contexto de la realidad digitalmente modificada y densa a la que hoy se enfrentan las organizaciones.
“El #LSD debe entender y proteger a su primer vector de ataque. Las personas”
“The #DSL must to understand and protect the first attack vector. People" Pregunta de reflexión
Reflection question
¿De qué forma el #LSD debe prepararse la realidad en Ciber-Seguridad existente?
Challenges of a Digital Security Leader (#DSL) CISOS.CLUB The news of Cyber Security continues to materialize its constant character and continues in the digital reality in which the organizations develop. Within the entire conglomerate of news circulating through the different media they have commented more frequently, 2.7 million medical records related to calls from patients who have been exposed; 40% of malicious urls are found on real sites; WinRar vulnerabilities, Drupal highlight that the inevitability of failure is a constant; the exposed data related to the Dow Jones; The closing of the company Cohinve; the analyzes made by the Australian government for the attack on parliament as well as the gap to the UConn that affects at least 326,000 records of at least medical patients..
¿Qué estás haciendo en tu día a día como LSD para incrementar tu nivel de preparación?
These and more news reflect the dynamics of Cyber Security at the global level and with them the efforts that Digital Security Leaders (# LSD) must make to address the same tensions that are embedded in the context of the digitally modified and dense reality which today organizations face.
What are you doing in your day to day as LSD to increase your level of preparation?
How should the #LSD have to prepare to the reality in existing Cyber Security?
www.cisos.club
conectate@cisos.club
EL DIARIO DEL CISO (THE CISO JOURNAL)
Pensamientos
Pensando y Trabajando por un Líder de Seguridad Digital Pensamientos de un LSD Mentalidad de un Líder de Seguridad Digital (#LSD/ #LíderSegDigital) Andrés Ricardo Almanza Junco
Hablar de la mentalidad del cerebro es un vasto y extenso campo del cual se viene estudiando desde hace mucho tiempo. Hoy las neurociencias vienen haciendo esa tarea con más profundidad pensando en el desarrollo de nuevos profesionales en todos los campos existentes. El cerebro, el instrumento de trabajo por demás complejo de los seres humanos, que procesa toda la información que recibimos y con la cual se crean las realidades. Este instrumento que es maleable y con el cual se crean todos los procesos de aprendizaje que se experimentan como ser humano. En este sentido se puede decir que la plasticidad del cerebro como capacidad es algo significativo para los procesos de aprendizajes. La doctora Carol Dweck profesora de Psicología en la Universidad Stanford y considerada una de las más importantes investigadoras del mundo en el campo de la personalidad la psicología social, la motivación y el desarrollo. Autora del libro Mindset: The New Psychology of Success). Ha determinado que existen dos tipos básicos de mentalidades. Se define la Mentalidad rigida-fija (Fixed mindset) y mentalidad de crecimiento (Growth Mindset). EL primero en términos generales es una mentalidad que se resiste y se estanca el segundo como su nombre lo dice es una mentalidad que es abierta y se adapta, que es flexible y se adecua a algunas condiciones.
En palabras de la doctora Dweck “...los individuos pueden ser colocados en un continuo de acuerdo con sus puntos de vista personales acerca de donde proviene de la capacidad de cada uno. Algunos creen que su éxito se basa en la capacidad innata; éstos se dice que tienen una teoría “fija” de la inteligencia (mentalidad fija). Otros creen que su éxito se basa en el trabajo duro, el aprendizaje, la formación y la tenacidad, entendiendo esto como un “crecimiento” o una teoría de “incremento” de la inteligencia (mentalidad de crecimiento).” En su análisis evalúa y resumen en varios componentes los tipos de mentalidades. Los cuales se resumen a través de unas variables estas son. Desafíos, obstáculos, esfuerzos, críticas éxito no solo individual sino de otros. Concluye determinando lo que sucede en cada uno de estas mentalidades en cada escenario.
Esto aplicado a la vida de un Líder de Seguridad Digital #LSD es significativo porque definirá la forma en como ejecuta su función y la forma en cómo podrá obtener resultados en la organización en la que se desempeña. De la forma que defina su mentalidad de esa forma será su desempeño, resultados y claramente su valor al interior de la organización. conectate@cisos.club
EL DIARIO DEL CISO (THE CISO JOURNAL)
Pensamientos2
Pensando y Trabajando por un Líder de Seguridad Digital Pensamientos de un LSD Mentalidad de un Líder de Seguridad Digital (#LSD/ #LíderSegDigital) Andrés Ricardo Almanza Junco
Para ello desde CISOS.CLUB dejamos este cuadro de preguntas que buscan que el lector evalúe su nivel en cada uno de estas dimensiones y con ello determine a juicio del lector su tipo de mentalidad.
Dimensiones Preguntas
Consideraciones
Desafíos
Empezar de lo menos a lo más
¿Qué significa para usted un desafío? ¿Cuál es el primer paso que usted cuando se enfrenta a un desafío?
Obstáculos
¿Cuál es su visión frente al obstáculo que enfrenta? ¿Qué hace cuando usted encuentra un obstáculo?
Esfuerzo
¿Piensa en el esfuerzo con constancia? ¿Asume el esfuerzo como algo necesario?
Críticas
¿De qué forma toma las críticas? ¿Cuál es su sensación cuando recibe una crítica?
Éxito de los ¿Percibe el éxito de otros de qué manera? demás
La resiliencia requiere de resistencia. Use la resistencia como una herramienta de trabajo Es lo normal, es el camino de construir la maestría. Son la herramienta por excelencia. Las útiles recójalas, las que no considera útiles deséchelas Un Líder propende por el éxito de otros es una forma de medir el liderazgo. Los que triunfen primero ayudados por usted serán los que muestren por usted sus resultados.
En las mentalidades de crecimiento se ve la falla como una herramienta de aprendizaje que permite seguir mejorando. La falla no es algo con lo cual se recriminan las personas es un compañero del viaje que impulsa las mejoras, se aceptan y se ve como normal falla. Se intenta inclusive fallar con intención. En las mentalidades fijas sucede todo lo contrario el miedo a fallar es el gran obstáculo que impide la toma de riesgos de manera inteligente. Un #LSD debe por tanto buscar propender por tener una mentalidad de crecimiento que le permita adaptarse de la manera más rápidas a los cambios en un contexto digital como el que se encuentra la humanidad en estos momentos. Cabe decir que la mentalidad se desarrolla y que cada #LSD debe decidir en qué camino andar, no son preconceptos definidos. Entre más cerca de una mentalidad de crecimiento un #LSD esté mejor podrá definir posturas de seguridad acordes con la realidad organizacional. Así las cosas. ¿Cuál mentalidad de crecimiento quiere usted desarrollar?, ¿Cómo cree que usted puede empezar?, ¿Qué de lo que hoy sabe debe conservar para tener una mentalidad de crecimiento?, ¿Qué prácticas debe dejar de lado para avanzar en el camino de una mentalidad de crecimiento?, ¿Cuándo cree que puede comenzar a desarrollar una mentalidad de crecimiento?, ¿Quién cree que lo puede ayudar en dicha carrera? Referencias IDEA REPORT Growth Mindset Culture. NeuroLeadership Institute. 2018 Porqué necesitas una mentalidad de crecimiento y cómo puedes conseguirla. Francisco Sáez The Mindsets of a Leader. Modesto A. Maidique and Nathan J. Hiller. Magazine: Summer 2018 Issue MITSloan Review. Mentalidad de crecimiento: la mejora siempre es posible. Jesús C. Guillén
Thoughts Thoughts
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un LĂder de Seguridad Digital
Thoughts of LSD Mindset of a Digital Security Leader (#DSL/ #DigitalSecLeader) AndrĂŠs Ricardo Almanza Junco Talking about the mindset of the brain is a vast and extensive field which has been studied for a long time. Today neurosciences are doing that task with more depth thinking about the development of new professionals in all existing fields. The brain, the instrument of work by other complex of the human beings that processes all the information that we receive and with which the realities are created. This instrument is malleable and with which all learning processes that are experienced as a human being are created. In this sense, it can be said that the brain's plasticity as a capacity is something significant for learning processes. Dr. Carol Dweck Professor of Psychology at Stanford University and considered one of the most important researchers in the world in the field of personality, social psychology, motivation and development. Author of the book Mindset: The New Psychology of Success). It has determined that there are two basic types of mentalities. Fixed-mindset (Fixed mindset) and growth mindset (Growth Mindset) is defined. The first, in general terms, is a mentality that resists and stagnates the second as its name says it is a mentality that is open and adaptable, that is flexible and adapts to certain conditions.
In the words of Dr. Dweck "... individuals can be placed on a continuum according to their personal views about where it comes from the ability of each one. Some believe that their success is based on innate ability; these are said to have a "fixed" theory of intelligence (fixed mentality). Others believe that their success is based on hard work, learning, training and tenacity, understanding this as a "growth" or an "increase" theory of intelligence (growth mindset).� In his analysis, he evaluates and summarizes the types of mentalities in various components. Which are summarized through some variables these are, challenges, obstacles, efforts, critical success not only individual but others. Conclude by determining what happens in each of these mentalities in each scenario.
This applied to the life of a Digital Security Leader # LSD is significant because it will define the way in which it executes its function and the way it can obtain results in the organization in which it operates. The way you define your mentality in this way will be its performance, results and clearly its value within the organization.
conectate@cisos.club
EL DIARIO DEL CISO (THE CISO JOURNAL)
Thou2
Pensando y Trabajando por un Líder de Seguridad Digital Thoughts of LSD Mindset of a Digital Security Leader (#DSL/ #DigitalSecLeader) Andrés Ricardo Almanza Junco For this from CISOS.CLUB we leave this table of questions that seek that the reader evaluates his level in each one of these dimensions and with it determines in opinion of the reader his type of mentality. Dimensions
Questions
Considerations
Challenges
What does a challenge mean to you?
Start from least to most
What is the first step that you when facing a challenge? Obstacles
What is your vision in the face of the obstacle you face? What do you do when you find an obstacle?
Effort
Do you think about the effort with perseverance?
Resilience requires resistance. Use resistance as a work tool It is normal; it is the way to build mastery.
Do you take the effort as necessary? Criticism
How do you take criticism? What is your feeling when you receive a criticism?
Success of others
Do you perceive the success of others in what way?
They are the tool par excellence. The tools you collect, which you do not consider useful, discard them A leader tends to the success of others is a way to measure leadership. Those who succeed first helped by you will be those who show their results for you.
In the mentalities of growth, failure is seen as a learning tool that allows us to continue improving. Failure is not something that people recriminate themselves with. It is a companion to the journey that drives improvements, they are accepted and it is seen as normal failure. It tries to even fail with intention. In fixed mentalities, the opposite happens: the fear of failing is the great obstacle that prevents risk taking in an intelligent way. A #LSD must therefore seek to tend to have a growth mentality that allows it to adapt in the quickest way to changes in a digital context such as humanity is in these moments. It must be said that the mentality develops and that each #LSD must decide which way to go, they are not defined preconceptions. The closer you get to a growth mindset, the better the #LSD will be able to define security postures that are in line with the organizational reality. So things. Which growth mentality do you want to develop? How do you think you can start? What of what you know today must be preserved in order to have a growth mentality? What practices should you set aside to advance on the path of a growth mindset ? When do you think you can start to develop a growth mindset ?, Who do you think can help you in that career? References IDEA REPORT Growth Mindset Culture. NeuroLeadership Institute. 2018 Porqué necesitas una mentalidad de crecimiento y cómo puedes conseguirla. Francisco Sáez The Mindsets of a Leader. Modesto A. Maidique and Nathan J. Hiller. Magazine: Summer 2018 Issue MITSloan Review. Mentalidad de crecimiento: la mejora siempre es posible. Jesús C. Guillén
News0
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital International InfoSec & Cybersecurity News
500 million WinRAR users open to compromise via a 19-year-old flaw Help Net Security
Russian State Hackers Take Minutes to Move Laterally - Infosecurity Magazine
A vulnerability affecting all versions of the WinRAR file archiver utility could be exploited to deliver malware via specially crafted ACE archives.
operationally effective, according to the latest report
40% of malicious URLs were found on good domains - Help Net Security
Australian PM Blames “Sophisticated State Actor” for Parliament Hack Infosecurity Magazine
While tried-and-true attack methods are still going strong
(ISC)² Secure Summit EMEA will welcome hundreds of the best minds in cybersecurity 2018 saw 6,515 reported breaches, exposing 5 billion sensitive records 74% of organizations face outages due to expired certificates 92% of organizations rank users as their primary security concern Attackers continue to enhance their performance, apply smart business techniques Businesses need to rethink security priorities due to shifting trends By 2025 workforce most likely to consist of humans and bots Cisco SOHO wireless VPN firewalls and routers open to attack CISO's guide to an effective post-incident board report Consumer attitudes towards security breaches are changing significantly Criminal groups promising salaries averaging $360,000 per year to accomplices Detecting Trojan attacks against deep neural networks ENISA provides recommendations to improve the cybersecurity of EU electoral processes Enterprises are blind to over half of malware sent to their employees European standards org releases consumer IoT cybersecurity standard Exposure of sensitive data via cloud applications and services increases 20% Formjacking is the new get rich quick scheme for cybercriminals Free decryption tool could save victims millions in ransomware payments Global mobile networks to support 12.3 billion devices and IoT connections by 2022 Half of business leaders say a breach could end their business, others remain unaware Healthcare industry: Key trends and cybersecurity challenges Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now! How are businesses facing the cybersecurity challenges of increasing cloud adoption? How to combat delivery ramifications after a data breach ICANN calls for wholesale DNSSEC deployment Increasing security measures are driving cybercriminals to alter their techniques Insights on modern adversaries and their tactics, techniques, and procedures IT security incidents affecting German critical infrastructure are on the rise Latest WinRAR, Drupal flaws under active exploitation Many computers are vulnerable to hacking through common plug-in devices Modern browser APIs can be abused for hijacking device resources Most IoT devices are being compromised by exploiting rudimentary vulnerabilities Phishers' new trick for bypassing email URL filters Phishing, software supply chain attacks greatest threats for businesses Prevent shadow IT: Companies need security covering multiple communication vectors Privileged credential abuse is involved in 74% of data breaches Researchers and businesses need to work together to expose IoT vulnerabilities Rockwell Automation industrial energy meter vulnerable to public exploits Ryuk: What does the helpdesk tell us? Social media-enabled cybercrime is generating $3.25 billion a year Tech companies fret over data privacy, but ready to bet on IPO market The importance of consumer trust in the second-hand mobile market The risks associated with the influx of unauthorized collaboration tools Webinar: Defending account takeovers at Remitly
There was a major rise in Chinese state-sponsored cyberactivity in 2018 while Russian actors were by far the most from CrowdStrike..
Australian Prime Minister Scott Morrison has blamed a “sophisticated state actor” for the recent attempt to hack the parliament’s computer network #CPX360 Prepare for Next Generation of Attacks with Prevention Focus 19-Year-Old Awarded More than $1M in Bug Bounties APT Uses Arsenal of Tools to Evade Detection Aussie Heart Hospital Hit by Ransomware Blitz Australian PM Blames “Sophisticated State Actor” for Parliament Hack Blacklist Fail Allows Hacker to Steal $7m in Cryptocurrency Breaking Silos Could Reduce Breach Costs Cloud Adoption on the Rise, IT Pros Unsure of Risk Coinhive Monero Miner Set to Close Criminals Phishing for Porn Site Credentials Domain Squatting a Problem for Many Media Outlets Dow Jones Leaks Global Watchlist Data Europe Intros Global IoT Security Standard Flaws Discovered in Popular Password Managers, Report Claims Former Grad Destroys Computers with Killer USB GCHQ Boss: China’s Tech Rise a “First Order” Cyber Challenge Global Spam Calls Hit 85 Billion in 2018 Half of UK Firms Have Unknown Devices on the Network Healthcare Breaches Affected 11.5 Million People in 2018 Hiring, Threats and Budget Cause Biggest Security Headaches ICANN: We Need DNSSEC Everywhere to Combat Hijackers Labour Issues GDPR Warning After Breach Rumors Lazarus Suspected of Targeting Russian Orgs MassCyberCenter Says State Faces Increased Threats Microsoft: Russians Hacking Again Ahead of Euro Elections Most UK IT Security Leaders Fear CNI Attack NCSC Boss: Huawei Security Concerns Aren’t About China POS Firm Hacked, Data-Stealing Malware Deployed at 100+ Outlets Ransomware Revenue Earning Does Not Match Infection Decline Scarlet Widow Targets K-12 Schools, Nonprofits Sextortion Accounts for 10% of Spear-Phishing Emails Social Media Drives $3.2bn+ in Black Hat Profits Sweden’s Patient Hotline in Privacy Snafu Swedish Privacy Snafu Affected More Companies Threat Report Tries to Change Security's Narrative Tik Tok Kids’ App Hit by Record $5.7m FTC Fine Trend Micro Blocks Over 48 Billion Threats in 2018 Trojan Attack Masked as Payment Confirmation TurboTax Users Hit by Credential Stuffing Attack UK Banks Reported 480% More Breaches in 2018 Value of Stolen Card and Amazon Account Details Rockets Web Application Security Poses Greatest Risk
News1
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital Privacy Ops: The New Nexus for CISOs & DPOs No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
'Formjacking' Compromises 4,800 Sites Per Month. ... 19 Minutes to Escalation: Russian Hackers Move the ... A 'Cloudy' Future for OSSEC As Businesses Move Critical Data to Cloud, Security ... Breach in Stanford System Exposes Student Records Cyber Extortionists Can Earn $360,000 a Year Dark Reading Data Leak Exposes Dow Jones Watchlist Database Human Negligence to Blame for the Majority of ... ICS/SCADA Attackers Up Their Game In 2019, Cryptomining Just Might Have an Even ... Insurer Offers GDPR-Specific Coverage for SMBs IoT, APIs, and Criminal Bots Pose Evolving Dangers More Than 22,000 Vulns Were Disclosed in 2018, 27% ... New Malware Campaign Targets Job Seekers North Korea's Lazarus Group Targets Russian ... Persistent Attackers Rarely Use Bespoke Malware Prep for The Next Cybersecurity Arms Race at Black ... Researchers Build Framework for Browser-Based Botnets Russian Hacker Pleads Guilty to Bank Fraud Secure the System, Help the User Security Experts, Not Users, Are the Weakest Link Security Firm to Offer Free Hacking Toolkit Security Leaders Are Fallible, Too Security Pros Agree: Cloud Adoption Outpaces Security Security Spills: 9 Problems Causing the Most Stress Solving Security: Repetition or Redundancy? The Anatomy of a Lazy Phish To Mitigate Advanced Threats, Put People Ahead of Tech TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised Turkish Group Using Phishing Emails to Hijack ... Why Cybersecurity Burnout Is Real (and What to Do ... Your Employees Want to Learn. How Should You Teach ...
Teen becomes first millionaire through HackerOne bug bounties computerweekly.com A bug bounty is an award given to a hacker who reports a valid security weakness to an organisation
Critical Drupal Vulnerability Allows Remote Code Execution Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek.He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter.
'Thunderclap' Flaws Expose Computers to Attacks via Peripheral Devices Backdoor Targets U.S. Companies via LinkedIn Breach at PoS Firm Hits Hundreds of U.S. Restaurants, Hotels British Intelligence Says Huawei Risk Manageable: FT Bug Allows Bypass of WhatsApp Face ID, Touch ID Protection Canada Helping Australia Determine 'Full Extent' of Hack Cisco Patches Critical Vulnerability in Wireless Routers Cobalt Strike Bug Exposes Attacker Servers Cybercriminals Promise Millions to Skilled Black Hats: Report DDoS-for-Hire Service Admin Pleads Guilty Got Critical Infrastructure? Then You Should Know How To Protect It Huawei Says US Has 'No Evidence' of 5G Spying Allegations Magecart Hackers Change Tactics Following Public Exposure Market Trends and What to Watch for at RSA Conference 2019 Neverquest Trojan Operator Pleads Guilty New Attacks Show Signed PDF Documents Cannot Be Trusted Rockwell Automation to Patch Publicly Disclosed Power Monitor Flaws Russia's Ex-Cybersecurity Chief Gets 22-Year Sentence in Jail Securing Digital Convergence Supply Chain Attacks Nearly Doubled in 2018: Symantec Two White Hats Earn Over $1 Million via Bug Bounty Programs U.S. Government Says Thales Must Divest HSM Business Before Acquiring Gemalto Warning Issued Over Attacks on Internet Infrastructure WinPot ATM Malware Resembles a Slot Machine WinRAR Vulnerability Exposes Millions of Users to Attacks
Data Breaches of the Week: Tales of PoS Malware, Latrine Status | Threatpost | The first stop for security news The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801.
Activist Lauri Love’s computer ‘contained hacked data’, says judge Businesses urged to prepare for extortion campaigns Cooperation a key theme of Brussels cyber security symposium Cyber awareness of UK boards found wanting Cyber criminals earn $3bn a year exploiting social platforms Cyber power needs wider discussion, says GCHQ director EU gathers momentum in cyber security legislation and cooperation Icann calls for community collaboration to protect the internet IT Priorities 2019: Cyber security and risk management among top priorities for 2019 RSA Security bets on digital risk management Security is battling to keep pace with cloud adoption Security Think Tank: Cyber metrics need to be meaningful Supplier consolidation tops infosec goals for 2019 Toyota Australia under cyber attack UK committed to working with EU cyber security partners Using simulated disaster management to tackle the security skills gap
Adobe Patches Critical ColdFusion Vulnerability With Active Exploit Adobe Re-Patches Critical Acrobat Reader Flaw Card-Skimming Scripts Hide Behind Google Analytics, Angular Cisco Fixes Critical Flaw in Wireless VPN, Firewall Routers Cisco Patches High-Severity Webex Vulnerability For Third Time Coinhive to Mine Its Last Monero in March Highly Critical Drupal CMS Flaw Affects Millions of Websites Necurs Botnet Evolves to Hide in the Shadows, with New Payloads Podcast: RSA Conference 2019 Preview Ring Doorbell Flaw Opens Door to Spying The Dark Sides of Modern Cars: Hacking and Data Collection ThreatList: Porn-Focused Malware Triples, Dark Web Loves It Threatpost News Wrap Podcast For Feb. 22 Threatpost Poll: Are Password Managers Too Risky?
News1.1
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital 2.7M recorded medical calls, audio files left unprotected on web | CSO Online Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues.
7 cheap or free cyber security training resources 7 mobile security threats you should take seriously in 2019 Addressing Today’s Risks Requires Reliable Threat Intelligence Are zero-day exploits the new norm? Building a Security-first Culture Starts with Coding Combatting drama and barriers in the infosec community DDoS explained: How distributed denial of service attacks are evolving Dow Jones list of high-risk businesses, people on unsecured database Elasticsearch clusters face attacks from multiple hacker groups Enterprises need to embrace top-down cybersecurity management Hackers can invisibly eavesdrop on Bigscreen VR users How much does it cost to launch a cyberattack? How to protect intellectual property? 10 tips to keep IP safe IoT botnets target enterprise video conferencing systems North Korean hackers target Russian-based companies Qbot malware resurfaces in new attack against businesses Ransomware attacks hit Florida ISP, Australian cardiology group The CSO and CPO role just dramatically expanded overnight The cybersecurity legislation agenda: 5 areas to watch Top 9 cybersecurity M&A deals of 2018 and 2019 (so far) What is a botnet? And why they aren't going away anytime soon What is ethical hacking? How to get paid to break into computers
Coinhive closes its doors | SC Media The popular in browser cryptomining service Coinhive announced it is shutting down operations next week claiming the service isn’t economically viable anymore.
42,000 patients data compromised AdventHealth Medical Group data breach Australian PM says parliament, political party hacks work of state actor Breach could impact roughly 326,000 UConn Health patients Cisco patches two code execution vulnerabilities Cybercriminals spend like rockstars Dow Jones database holding 2.4 million records of politically exposed persons Drupal software update patches highly critical RCE bug Fin6 using FrameworkPOS scraping malware in POS attacks High Critical Drupal flaw being exploited in the wild IoT devices attacked faster than ever, DDoS attacks up dramatically: Netscout Misconfigured database exposes 974,000 University of Washington Medicine patients Monero miners combines RADMIN and MIMKATZ to spread and infect New B0r0nt0K ransomware roughs up Linux servers North Korean hackers allegedly pick on Russian targets for a change Palisades Park receives $200,000 advance after cyberattack Russian cyberattackers are in and gone in less than 20 minutes Shifty new variant of Qbot banking trojan spreads The road ahead in cyber UK consumers more likely to abandon a breached company Wendy’s to pay $50M in data breach settlement
Dow Jones Data Exposed on Public Server An “authorized third party” exposed a Dow Jones database with more than 2.4 million records of risky businesses and individuals on a public server
11 Takeaways: Targeted Ryuk Attacks Pummel Businesses 15 GDPR Probes in Ireland Target Facebook, Twitter, Others Cohen: Trump Was Aware of WikiLeaks Planning Email Dump Criminals, Nation-States Keep Hijacking BGP and DNS Cryptocurrency Miners Exploit Latest Drupal Flaw Data Breach Notification: California Targets 'Loopholes' Dongle Danger: Operating Systems Don’t Defend Memory Facebook Smackdown: UK Seeks ‘Digital Gangster’ Regulation Facebook’s Leaky Data Bucket: App Stored User Data Online Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites Misconfiguration Leads to Major Health Data Breach Password Managers Leave Crumbs in Memory, Researchers Warn Report: UK Believes Risk of Using Huawei is Manageable Sen. Warner Demands Answers on Healthcare Cybersecurity Sunset of Windows Server 2008: Migrate with Docker Tech Industry Pushes for Australian Encryption Law Changes Toyota Australia, Healthcare Group Hit By Cyberattacks UConn Health Among the Latest Phishing Victims Wendy's Reaches $50 Million Breach Settlement With Banks WhatsApp Flaw Could Enable iOS Message Snooping
A potential data breach at UConn Health impacts the personal data of about 326,000 individuals | Cyware Hacker News Healthcare Cybersecurity - UConn Health is notifying about a potential data breach after the hackers gained unauthorized access to a limited number of employee email accounts. A new malspam campaign distributes a malicious RAR archive exploiting the WinRAR ACE vulnerability
Attackers compromised Bangladeshi Embassy website to distribute malicious Word documents Critical vulnerabilities in SHAREit app could allow attackers to download arbitrary files in victims’ devices Cybercriminals encrypt 15,000 medical files belonging to Australian hospital and demand ransom Monero-miner variant found leveraging RADMIN and MIMIKATZ tool kits to spread across networks More than 3000 websites hacked to steal 2.7 billion email addresses and passwords New Golang brute-forcing malware used to target Magento E-commerce sites New Russian language malspam distributes Shade ransomware New Spear Phishing campaign targets US national security think tanks with BabyShark malware Newly discovered MarioNet browser-based attack can allow attackers to control your browser Over 69,000 payment card dumps are available for sale on Joker’s Stash underground marketplace Retail trading industry targeted with malware attacks; stolen data being sold on Dark Web Toyota Australia hit by cyberattack; No customer data compromised Turkish hackers target popular Instagram profiles in a new phishing campaign
News2
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital Thehackersnews
Almost Half A Million Delhi Citizens' Personal Data Exposed Online Another Critical Flaw in Drupal Discovered — Update Your Site ASAP! Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down Hacking Virtual Reality – Researchers Exploit Popular Bigscreen VR App Kali Linux 2019.1 Released — Operating System For Hackers Latest WinRAR Flaw Being Exploited in the Wild to Hack Windows Computers Learn Ethical Hacking with 180 Hours of Training — 2019 Course Bundle New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers Severe Flaws in SHAREit Android App Let Hackers Steal Your Files
Welivesecurity ‘Highly critical’ bug exposes unpatched Drupal sites to attacks Coinhive cryptocurrency miner to call it a day next week Criminal hacking hits Managed Service Providers: Reasons and responses Cyber-extortionists take aim at lucrative targets Escalating DNS attacks have domain name steward worried How to spot if your password was stolen in a security breach ICAO victim of a major cyberattack in 2016, report uncovers Love is never cheap but how costly are sweetheart swindles? ML-era in cybersecurity: A step toward a safer world or the brink of chaos? Switzerland offers cash for finding security holes in its e-voting system
Forbes Council Post: A Culture Of Safety: How HR Can Partner With IT To Improve Cybersecurity ExtraHop BrandVoice: In Cyber Security, People Are Your Weakest Link—Will Advanced Encryption Help Or Hurt? Four Unusual Hacking Strategies I've Seen As A Cyber-Security CEO Huawei Security Scandal: Everything You Need to Know IoT Cybersecurity Goes To College And It Does Not End Well Mistaken For North Koreans, The 'Ryuk' Ransomware Hackers Are Making Millions The Cyber/Physical Convergence Is Accelerating -- So Are The Risks What Does It Take To Run A Cyber-Security Startup?
Cshub Driving A Cyber Security Culture Into The Business Incident Of The Week: UConn Health Phishing Attack Exposes Patient Data Incident Of The Week: UW Medicine Patient Data Exposed Online Latest In Cyber Security News Part 2: Where’s The Equifax Data? Security Control Gaps Are Not Risks Will Huawei Take Down The Five Eye Alliance?
KrebsOnSecurity A Deep Dive on the Recent Widespread DNS Hijacking Attacks Booter Boss Interviewed in 2014 Pleads Guilty Crypto Mining Service Coinhive to Call it Quits Former Russian Cybersecurity Chief Sentenced to 22 Years in Prison Payroll Provider Gives Extortionists a Payday
Informationsecuritybuzz Dow Jones List Containing 2.4 Million Names Of High Risk Banking Clients Left Exposed Dow Jones Loses Proprietary Info In Massive Data Leak HackerOne Reveals 100% Growth Of Hacker Community In Annual Hacker Report High Value Data, High Exposure How To Cut IT Spending If You Run A Small Business Survey News: 60% Of Security Pros Say Cloud Business Moves Too Fast For Security Tax Returns Exposed By TurboTax Credential Stuffing Attacks The Role Of Information Assurance In Managing Data Security TikTok To Pay Record $5.7 Million Settlement In FTC Children's Online Privacy Case Why The First 24 Hours Is Critical In Managing A Cybersecurity Incident
Information-management Bitglass blames hacking, IT incidents as main reasons for breaches China abandons cybersecurity truce with U.S., report says Data security fears still number one barrier to cloud and SaaS adoption Info for nearly 1M patients exposed on UW Medicine web server Rethinking data security for the public cloud Security woes increasingly sting the healthcare industry Setting expectations and preparing for a new breed of cyberattacks Warner seeks guidance on bulking up healthcare cybersecurity What organizations can do to mitigate threats to data management
Cybertalk Hackers devise the ultimate 'get-rich-quick' scheme Hackers take aim at parliamentary elections Only 40% of organizations report having a CSO/CISO Small-to-medium sized businesses tank in the wake of cyber attacks Smart devices may not be smart enough There's no such thing as a perfect password manager What subject most scares VCs about M&As?
Securereading Bug Allows Bypass of Face ID and Touch ID Authentication of WhatsApp iOS version Critical Remote Code Execution Flaw Discovered in Wordpress Critical Remote Execution Flaw Discovered in WinRAR Impacting all Versions New batch of 127 Million Stolen Records was found for Sale on Dark Web New Malspam Campaign Targets WinRAR ACE Flaw to Deliver Malware
ETCiso CISOs discuss best strategies to better protect businesses from cyber threats cyber security: Symantec partners with IBM, Microsoft and others to cut cyber security cost Data a strategic asset, world needs governance framework Laptops: Most laptops, desktops vulnerable to cyber attacks through plug-in devices Our hackers earned $19 mn in bug bounties in 2018: HackerOne www.cisos.club
conectate@cisos.club
News2.1
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital
#Ransomware, #Trojan and #Miner together against 'PIK-Group 139 US bars, restaurants and coffeeshops infected by credit-card stealing malware 20-year-old pleads guilty to DDoS-for-hire scheme that netted $550,000 2019 RSA Conference Preview: An Insider's Guide to What's Hot 2019 Webroot Threat Report: Forty Percent Of Malicious URLs Found On Good Domains. 450,000 usernames and passwords stolen from Coinmama cryptocurrency broker – HOTforSecurity 5 ways to avoid top malware threats 70000 Pakistani banks’ cards with PINs go on sale on the dark web.Security Affairs A Hacker, I am A New IT Certification for a New IT Mindset A Tale of Epic Extortions - How Cybercriminals Monetize Our Online Exposure An effective cybersecurity strategy for an ICS environment should apply a layered protection Attack Code 'MarioNet' Is Pulling Strings in Your Web Browser Auditing Implications of Blockchain and Cybersecurity Australian government cyberattack: More governments likely to be targeted Big Dump of Pakistani Bank Card Data Appears on Carder Site Bug Allows Bypass of Face ID and Touch ID Authentication of WhatsApp iOS version Businesses Warned of Malware Spread via LinkedIn Job Offers China Abandons Cybersecurity Truce With U.S., Report Says Chips may be inherently vulnerable to Spectre and Meltdown attacks CIO’s guide to boards and tech fluency Coinhive, the in-browser cryptomining service beloved by hackers, is dead Companies Hiring on Basis of Skills Rather Than Open Positions Container Vulnerability: Still a Reality Critical Remote Code Execution Flaw Discovered in Wordpress Critical Remote Execution Flaw Discovered in WinRAR Impacting all Versions Cyber Attackers Utilizing Common Methodologies in Different Industries Cybersecurity Startup Armorblox Raises $16.5M, Launches Out Of Stealth Cybersecurity threats to US infrastructure warrant 'moonshot' response Data as an asset
Iranian Hackers Drew Worryingly Close to Israel's Missile Alarm Is Bad Cyber Insurance Coverage Actually Good for Consumers? IT Security Vulnerability Roundup – February 2019 It's time to rethink our approach to cybersecurity training Jenkins Master Post Carnal0wnage - Attack Research Blog Carnal0wnage & Attack Research Blog Kaspersky Lab And ThreatConnect Collaborate To Help Customers Get A Complete Picture Of The Threat Landscape. Latest In Cyber Security News Part 2: Where’s The Equifax Data? LinkedIn Messaging Abused to Target US Companies With Backdoors List of data breaches and cyber attacks in February 2019 - 692,853,046 records leaked Malware attacks Pornhub users accounts for their credentials Maximizing the data lake investment McAfee Mobile Threat Report Unveils 550% Increase in Consumer Security Risks Connected to Fake and Malicious Apps in Second Half of 2018 Measuring Up for Cybersecurity: Some Thoughts Just Before RSA San Francisco 2019 Microsoft warns of hacker 'attacks' on EU elections New batch of 127 Million Stolen Records was found for Sale on Dark Web New Malspam Campaign Targets WinRAR ACE Flaw to Deliver Malware Organizations Face Cyber Threats Big and Small: Research Phishing Campaign Spoofs United Nations and Multiple Other Organizations Phishing Campaign Spoofs United Nations and Multiple Other Organizations Plain wrong: Millions of utility customers’ passwords stored in plain text Police Push Free Decryptor for GandCrab Ransomware Post-Breach HIPAA Enforcement: A Call for ‘Safe Harbors’ Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines Ransomware Pretends to Be Proton Security Team Securing Data From Hackers Recapping IBM Think 2019 and HIMSS19 Red Hat Security Advisory 2019-0415-01 Reducing Your Legal Exposure After a Cybersecurity Incident Running Elasticsearch 1.4.2 or earlier? There's targeted malware going for your boxen Russia - Fastest State Threat in the World SamSam and Mitre ATT&CK
Data Privacy and Security – Largest Health Data Breach of 2019 Strikes Seattle Hospital DNC issues new cybersecurity guidance to Democrats as 2020 races approach: Report DNC updates cybersecurity checklist Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked Driving A Cyber Security Culture Into The Business Europe is prepared to rule over 5G cybersecurity Five of the Top Bug Bounty Platforms Follow the Leaders: 7 Tips to Get the Most Out of Your Security Analytics Four reasons not to blame the CISOs GandCrab Ransomware Affiliates Continue to Push Decryptable Versions Geopolitics: An Overlooked Influencer in Cyber Operations German authorities warn of malware in tablets and smartphones Hacker Sells 620 Million Customer Details on Dark Web for $20k in Bitcoin – HOTforSecurity Hacker steals $7.7 million in EOS cryptocurrency after blacklist snafu Hackers 'scramble' patient files in Melbourne heart clinic cyber attack Hackers ‘scramble’ Patient files in Melbourne heart clinic cyber attack cybersecurity – Cengiz Adabag Hackers abuse LinkedIn DMs to plant malware Hackers getting stealthier, report finds HIPAA Data Breach Reports Due to OCR by 2/28/19 How Can CISOs Improve Board Governance Around Cyber Risk Management? How cybersecurity can expose issuer vulnerabilities How executive vacancies hinder IT modernization and cybersecurity How to combat burnout in cybersecurity How to Think About Cybersecurity Differently Incident Of The Week: UConn Health Phishing Attack Exposes Patient Data Incident Of The Week: UW Medicine Patient Data Exposed Online Infographic on the EU Cybersecurity Act certification framework Insider Threats: A CISO's Guide International law cannot keep up with cyber-criminals Iran-backed hackers hit both U.K., Australian parliaments, says report Security Control Gaps Are Not Risks Singapore moots inclusion of data portability in data protection law Supply Chain Attacks Increase 78% Supply Chain Attacks Spiked 78 Percent in 2018, Cyber Researchers Found Suspected State-Sponsored Hackers Pummel US and Australia The Cybersecurity 202: This nonprofit has a plan to dramatically improve the weakest cybersecurity link The mental health of CISOs is suffering The Navy’s vision in a new era of information warfare The Rise of the Cyber Industrial Complex The Status of Cybersecurity in Italy and the Influence of Cyberspace on the International System's Stability, Peace and Security The week in security: Cybercriminals celebrate NDB’s first anniversary with... more breaches This Week in Security News: Instagram Hackers and Enterprise Threats This Week in Security News: Malware and Machine Learning Tomorrow’s Data Heroes Top 6 Countries with the Best Cyber Security Measures Toyota Australia driven offline by cyber attack, as heart hospital hit by ransomware Two cybersecurity myths you need to forget right now, if you want to stop the hackers Two weeks after hackers tried to steal 13 million euros, Bank of Valletta goes offline again UConn Health Says Data Breach Could Impact More Than 300,000 UN aviation agency concealed serious hack: media Vulnerability exposes location of thousands of malware C&C servers Warner questions health care groups on cybersecurity Weak Human Link Still Main Enterprise Security Concern What the Heck Is a Security Awareness Strategy? Why Is It So Hard To Break Into The Field Of Cybersecurity? Why Many Organizations Still Don't Understand Security Will Huawei Take Down The Five Eye Alliance? Women in tech: Two prominent female security experts speak out (CxOTalk interview)
Influencers
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital INFLUENCERS
An Introduction to Lateral Movement across networks Image Source: Javelin Networks blogIntroduction In this post I’ll be talking about lateral movements.
Demystifying SOC 2 reporting This article is part of our ongoing SOC Insight series. Each piece focuses on a different area of SOC reporting and aims to answer the questions that are important to your business.
How CISOs view their jobs ****Original abbreviated article was published February 12th 2019 on Forbes Magazines Technology Council Community Voice.
How to prepare for business continuity Always expect the unexpected. You never know when disaster might strike, or even comparatively minor inconveniences.
Are Data Security Breaches on the rise? With phishing and ransomware attacks taking up most of the headlines in the tech world, businesses are finally starting to roll up their sleeves.
Chief Risk Officer Role Capabilities An important risk governance consideration
Security for All Sizes: The Size of the Business Matters Hello Peerlysters! I'm kicking off what I hope to make a (mostly) weekly column, "Security for All Sizes".
Selling Cybersecurity: What We Can Learn From The Ice Bucket Challenge In July/August 2014 the ALS Ice Bucket Challenge changed forever how charities should have organised their fundraising efforts.
Why the Role of the CISO sucks and what we should do to fix it. RSAC2019 Gary Hayslip called me a few months back and asked if I wanted to co-present with him at RSA 2019. I was honored and without hesitation said yes.
Multimedia Resources Bridging the Cybersecurity Skills Gap The latest edition of the ISMG Security Report features Greg Touhill, the United States' first federal CISO, discussing how "reskilling" can help fill
Coinhive cryptocurrency miner to call it a day - Week in security with Tony Anscombe Coinhive cryptocurrency miner to call it a day next week.
Dragos CEO Rob Lee: Resilient Podcast This Resilient podcast with Dragos CEO Rob Lee explores cyber risk and IoT threats in operational technology and industrial control systems.
Filling Vacant Cybersecurity Jobs: The Role of 'Reskilling' How can the many job openings for cybersecurity specialists be filled? "Reskilling" can play a critical role,
ML-era in cybersecurity - Week in security with Tony Anscombe Head of the AI/ML Team at ESET, Juraj Jánošík, looks at machine learning and cybersecurity and considers whether it is a step toward a safer world or a step closer to the brink of chaos.
Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag grahamcluley.com Smashing Security #116: Stalking debtors, Facebook farce, and a cyber insurance snag Industry veterans, chatting about computer security and online privacy.
Smashing Security #117: SWATs on a plane Smashing Security #117: SWATs on a plane Industry veterans, chatting about computer security and online privacy.
You Get a Private Network! You Get a Private Network! We're giving away private networks to everybody.
The Application Security Team's Framework For Upgrading Legacy Applications The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January
Threat Intelligence, Recorded Future – Paul’s Security Weekly #596 Security Weekly is the security podcast network for the security community, distributing free podcasts and media since 2005.
EL DIARIO DEL CISO Influenciadores (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital INFLUENCIADORES
Ciber riesgo. Aprendiendo de un riesgo disruptivo Jeimy Cano
ICANN insiste en la necesidad de aplicar DNSSEC en medio de una creciente actividad maliciosa en la infraestructura DNS
Introducción En el contexto de los riesgos informáticos y cibernéticos, los temas de seguridad de la información y ciberseguridad aparecen bien como riesgos operativos o como riesgos no financieros. Por lo general, estas temáticas se relacionan directamente con el área de tecnología o de seguridad informática, quienes finalmente lo asumen desde la perspectiva técnica que tienen a cargo y, no con la vista sistémica y global que se requiere.
Esta realidad, confirma el imaginario técnico que los ejecutivos tienen del tema y hace evidente su desinterés Client Data Protection Manager at Accenture por comprenderlo en profundidad, como esa realidad transversal que afecta la dinámica del negocio y reconoce ICANN, la entidad global de asignación de nombres de dominio y direcciones sus impactos en los diferentes grupos de interés. En este IP, ha lanzado un comunicado en el que considera que existe un riesgo sentido, la gestión del riesgo de ciberseguridad, queda por continuo y significativo para elementos clave de la infraestructura del fuera de la agenda ejecutiva como riesgo estratégico de la Sistema de Nombres de Dominio (DNS). empresa, y pasa a ser “algo que resuelven los de tecnología”. Como una de las muchas entidades que participan en la gestión descentralizada y global de Internet, ICANN es específicamente responsable Podríamos decir que los ejecutivos en las organizaciones, de coordinar el nivel más alto del DNS para garantizar su funcionamiento sufren de al menos dos sesgos claves que les impide ver las estable y seguro a la vez que su resolución universal. implicaciones del riesgo de ciberseguridad. Por un lado, el sesgo de miopía, que tiende a ver el corto plazo y sus Según se indica en el comunicado, ICANN ha estado recopilando información impactos, y el sesgo de optimismo, que lleva a subestimar sobre los ciberataques más importantes en los últimos meses y ha detectado la probabilidad de la pérdida de la materialización de que muchos de ellos se dirigen a los DNS, en los que se realizan cambios no eventos futuros (Meyer & Kunreuther, 2017). Estos dos autorizados en la estructura de delegación de nombres de dominio, sesgos combinados, configuran un marco de comprensión sustituyendo las direcciones de los servidores previstos por direcciones de que limita a los directivos romper con el esquema de máquinas controladas por los atacantes. Este tipo particular de ataques, que “creer que conocen los riesgos”, configurando un escenario tiene como objetivo el DNS, sólo funciona cuando DNSSEC (una capa de que cultiva la inevitabilidad de la falla, basado en la seguridad adicional) no está en uso. Aunque DNSSEC no puede resolver todas realidad que conocen a la fecha. Seguir Leyendo las formas de ataque contra el DNS, cuando se utiliza, es posible detectar modificaciones no autorizadas en la información del DNS. Continuar leyendo Bea Candano
CONVERSANDO CON EL LÍDER DE SEGURIDAD DIGITAL(#LSD) CISOS.CLUB lanza este nuevo espacio denominado conversando con el #LSD #LíderSegDigital. Un espacio de conversaciones con Líderes de Seguridad Digital de Colombia, con quienes se comparten sus experiencias y aprendizajes. La idea de este espacio es #aprender #desaprender y #reaprender de otras visiones en el mundo de la seguridad.
Noticias
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital Noticias de Seguridad y Ciberseguridad
Más de 90 millones de cuentas robadas a la venta en dark web - Noticias de seguridad informática Más de 90 millones de cuentas robadas a la venta en dark web
10 mil dólares de recompensa para el hacker que reportó vulnerabilidad en Yahoo Mail Adobe debe lanzar nuevo parche para corregir vulnerabilidad crítica China expone datos de millones de ciudadanos Corredores y empresas de bolsa de valores son atacados con nuevo malware Cree su propia botnet con Build Your Own Botnet (BYOB) Criminales en darknet buscan reclutar empleados de empresas: Prevención De acuerdo a los investigadores, el blockchain ya no es seguro Elasticsearch versiones 1.4.2 y anteriores vulnerables a infección de malware Encuentran vulnerabilidad en nueva función biométrica de WhatsApp Falso reCAPTCHA esconde malware en apps de Android Filtración masiva de información de Dow Jones Hacker se declara culpable de operar sitios de ataques DDoS Hackers inhabilitan servidor de email en Toyota Hackers roban información de usuarios explotando una vulnerabilidad día cero en Chrome Hackers rusos comprometen sistemas más rápido en comparación con hackers chinos y norcoreanos Hackers se infiltran en sitios web explotando nueva vulnerabilidad en Drupal Honeypy – Cómo atrapar hackers usando honeypots ICANN sugiere implementar tecnología DNSSEC de inmediato Las vulnerabilidades Spectre y Meltdown no podrán ser corregidas con implementaciones de software Nueva herramienta para eliminar cifrado de ransomware GandCrab Nueva variante de ataque contra redes 4G y 5G Nueva vulnerabilidad de escalada de privilegios en Cisco Webex Nuevo método de evasión de filtro de URL para campañas de phishing Robo de datos en TurboTax expone información de los usuarios Tenga cuidado: Su servidor dedicado en la nube podría tener un malware instalado por el propietario anterior Tomar control de cualquier cuenta de usuario usando Trevorc2 Un millón de cuentas de StreetEasy a la venta en dark web Usuarios de Instagram víctimas de campaña de inversiones falsas Verifique si sus cuentas de Dubsmash, Coffee Meets Bagel o MyFitnessPal fueron hackeadas Vulnerabilidad crítica en SHAREit para Android expone información de los usuarios Vulnerabilidad en IIS genera condición DoS Vulnerabilidad expone la información de los alumnos de la Universidad de Stanford Vulnerabilidades críticas han estado presentes en WinRAR por casi 20 años Zephyr: El sistema operativo de Linux para dispositivos IoT
El Ciso debe tomar un rol más proactivo para tener peso en la transformación digital Un estudio de Capgemini pone de relieve que la visibilidad del director de seguridad ha crecido un 77% en los últimos tres años.
Con virus de hace dos o tres años puedes entrar en la mayoría de empresas Cómo encarar las estrategias de ciberseguridad en 2019, en CSO Digital De documentos clasificados a la venta de drogas; recorrido por el lado oscuro de la red El número de ataques DDoS disminuye pero aumenta su sofisticación
“Es necesaria una perspectiva de seguridad más amplia, que incluya el plano físico y el digital” | CyberSecurity News Rusia planea “desconectarse” de internet para probar la eficacia de su propia red. La propuesta ha sido aprobada este martes en primera lectura por la Cámara baja del Parlamento ruso
Bad Hackers organizados podrían estar viralizando el MomoChallenge para robar información Aumentan los ataques de “Sextorsion” a través de Whatsapp Ciber-amenazas que dejan huella Ciberseguridad de la A a la Z El ciberderecho se posiciona como la rama jurídica con el futuro más prometedor El grupo Lazarus ataca a Rusia El Ministerio de Justicia sufrió un ciberataque y el CNI destina 20 técnicos para combatirlos En 2018 Google pagó 3,4 millones de dólares por su bug bounty INCIBE acerca la ciberseguridad a niños de 5 a 8 años mediante un nuevo recurso Las diferencias clave entre Ciberacoso, Cyberbullying y Grooming Las empresas tienen la oportunidad de ganarse la confianza de sus clientes gestionando eficazmente una crisis en ciberseguridad Las redes industriales: nuevo foco de ataque Los 10 riesgos para los operadores de telecomunicaciones en 2019 Los errores de software provocaron 1,7 billones de dólares en pérdidas en 2017 Los gestores de contraseña filtran datos, pero aun así debes continuar usándolos MWC19 y la seguridad en el diseño: ¿El gran reto latente de la industria móvil? Rusia planea probar una desconexión de Internet para todo el país Una vulnerabilidad de Facebook permitía secuestrar cuentas
Los CISOs deben hacerse cargo de la seguridad de DevOps Un nuevo informe analiza la complejidad que conlleva la protección de los entornos de DevOps emergentes y el motivo por el cual los CISO deben hacerse Consejos para aumentar la seguridad en entornos DevOps
Otras Noticias [Ciberseguridad] 91% de CISOs sufre estrés moderado o alto 9 de cada 10 empresas no cuentan con un presupuesto de ciberseguridad adecuado Bancos restablecen sus sistemas web y apps tras colapso en la previa de carnaval Ciberseguridad: 10 consejos de expertos en ciberseguridad para evitar problemas navegando por la red Ciberseguridad: un nicho de empleo que cotiza al alza Seguridad de la Información: 2019 Internet Security Threat Report El 82% de los Consejos de Administración no ha diseñado una agenda estratégica de ciberseguridad El 87% de las empresas no tiene el presupuesto necesario para ciberseguridad ICANN: Ciberataque masivo en curso contra la infraestructura global de Internet ISMS Forum Spain - Asociación Española para el Fomento de la Seguridad de la Información Los hospitales españoles no están preparados ante un ciberataque Plan de Carrera: cómo convertirse en CSO » MCPRO Richard Stallman: “Los móviles espían y transmiten nuestras conversaciones, incluso apagados”
Reportes
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un LÃder de Seguridad Digital Reportes y Encuestas de la Semana (Reports of the Week)
Ruta
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital Ruta de la Seguridad
La ruta de la seguridad es una nueva iniciativa que CISOS.CLUB quiere compartir con todos sus lectores de habla hispana. La idea es tener un calendario de los eventos más importantes a ser realizados en Colombia (por ahora). Lo que buscamos es mantener a la comunidad de profesionales de seguridad enterada de los eventos y con ello generar mayores sinergias. Si alguno de ustedes quiere compartirnos información de eventos que sean importantes y relevantes para acrecentar las comunidades de seguridad digital del país, por favor escríbenos.
Call for Papers abierto para el DragonJAR Security Conference 2019 DragonJAR Security Conference, es la conferencia de seguridad informática que nace de La Comunidad DragonJAR y en los últimos años ha sabido ganarse un espacio en Latinoamérica como uno de los mejores eventos de seguridad informática, HOY queremos anunciar el lanzamiento de nuestro Call for Papers para la 6ta edición (más de media decada) del evento que se realizará el 7 y 8 de septiembre Call for Paper abierto iSecurity Summit 2019 Estamos muy emocionados de anunciar nuestra segunda edición del iSecurity Summit. Un espacio que reúne a profesionales de diferentes partes del mundo durante dos días de talleres y conferencias.
www.cisos.club
conectate@cisos.club
Otros
EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital
Bolsa de Empleo (Colombia) Ingeniero especialista en seguridad de la información en entiades Finanieras - Reemplazo licencia de Maternidad (J-092) en Bogotá D.C. Bogotá DC Oficial de Seguridad de la Información - Bogotá Oficial en seguridad de la información con especialización - SFL787 en Bogotá D.C. - Bogotá DC
Profesional seguridad de la información - Bogotá Profesional seguridad de la información - Bogotá Profesional Seguridad De La Información Y Ciberseg - Bogotá
Other Magazines
News Recolectors El diario del CISO El diario del CISO El diario del CISO IT Security News Weekly Summary – Week 08 | | IT Security News IT Security News Weekly Summary – Week 09 | | IT Security News Jueves, Feb. 21, 2019 - El diario del CISO Jueves, Feb. 28, 2019 - El diario del CISO Jueves, Feb. 28, 2019 - The Ciberseguridad CISO Daily Martes, Feb. 26, 2019 - El diario del CISO Martes, Feb. 26, 2019 - The Ciberseguridad CISO Daily Miércoles, Feb. 20, 2019 - The Ciberseguridad CISO Daily
Miércoles, Feb. 27, 2019 - El diario del CISO Miércoles, Feb. 27, 2019 - The Ciberseguridad CISO Daily Sábado, Feb. 23, 2019 - El diario del CISO Sábado, Mar. 02, 2019 - El diario del CISO Sábado, Mar. 02, 2019 - The Ciberseguridad CISO Daily The Ciberseguridad CISO Daily The Ciberseguridad CISO Daily The Ciberseguridad CISO Daily The Ciberseguridad CISO Daily Viernes, Mar. 01, 2019 - El diario del CISO Viernes, Mar. 01, 2019 - The Ciberseguridad CISO Daily
www.cisos.club
conectate@cisos.club