Page 1

Desafíos de un CISO de hoy (Challenges of a CISO’s today) Se hace un breve resumen recuento de las noticias más importantes de la semana. Un espacio de reflexión para los Líderes de Seguridad acerca de lo que sucede en el mundo. El conocer lo que pasa permite dar una vista ampliada de la realidad y ofrece mayores posibilidades a la hora de mejorar la capacidad de anticipación.

En esta edición Pensamientos de un CISO (Thoughts of a CISO) Una oportunidad de reflexión acerca de lo que un CISO, puede, o debe pensar, pensando en la construcción y desarrollo de sus funciones propias y su

Conversando con el CISO (Evento) Desde ya se está trabajando en la nueva convocatoria para que nuestra comunidad crezca y juntos podamos aprender. Pronto anuncio de nuestro nuevo aliado y una nueva conversación Espéralo!!!!!

crecimiento

Influencer

Influenciador

Recognized industry authors with some articles of interest.

Autores reconocidos de habla hispana de la industria con algunos artículos de interés.

International InfoSec & CyberSecurity News

Noticias de Seguridad y Ciberseguridad

Eventos

Las noticias más importantes del mundo de los principales portales de seguridad digital actuales.

Los eventos de algunas asociaciones y comunidades latinoamericanas que se resaltan en este espacio.

The most important news in the world of the main current digital security portals.

Reporte de la Semana (Survey of the Week) Espacio para revisar los reportes publicados en la semana inmediatamente anterior.

Bolsa de Empleo Espacio de las ofertas laborales de Colombia

Escríbenos

Visítanos


Desafíos de un CISO de hoy

Mayo 2018– Volumen 15

Una semana más que termina y con ella muchos de los desafíos de la ciberseguridad y seguridad de la información, se ponen a la orden del día. Muchos de los eventos que se presentaron la semana inmediatamente anterior, claramente no son elementos aislados; están asociados a una dinámica compleja y en movimiento de lo que representa en la actualidad el mundo de la ciberseguridad. Dentro de los eventos relevantes y resaltados en la semana anterior están. Se empiezan a conocer todos los detalles relacionados con el caso Equifax, los cuales ponen en la mesa la necesidad de pensar en modelos de seguridad más preventivos que reactivos. Invita a la reflexión sobre cómo se están construyendo las posturas de seguridad y claramente que está haciendo el profesional de seguridad, así como la organización para definir posturas de seguridad acordes con su realidad. Igualmente sigue la cuenta regresiva para entrar en vigencia la nueva ley GDPR y con ella la múltiples inquietudes e incertidumbres que surgen en los ambientes organizacionales, a todas luces es claro que muchas organizaciones no están preparadas y será un proceso lento para que muchas de estas organizaciones encuentren la mejor manera de adaptarse a unas nuevas necesidades de protección, lo que sí es claro es que las organizaciones necesariamente deberán trabajar, y repensar conceptos como la privacidad en un mundo que cada vez pone atención a dicho concepto. Por otro lado se han dado procesos de extradición de hackers Rumanos a EE.UU para ser procesados por delitos digitales en ese país, lo que muestra una decida cooperación internacional y un esfuerzo mundial por perseguir de la mejor manera a los adversarios digitales que hoy existen. El FBI publica junto con el IC3 su reporte anual sobre anomalías digitales donde se muestran datos interesantes que ratifican la volatilidad de los entornos digitales, las perdidas por ataques informáticos y las poblaciones afectadas. En el tema de vulnerabilidades siguen apareciendo, por un lado fallas criticas identificadas en los sistemas operacionales Windows, una anomalía interesante llamada SynAck, vulnerabilidades de GPON que son usadas por botnets, continua la aparición de vulnerabilidades en el mundo de Internet Industrial de las Cosas (IIoT), ataques y Ransomware por muchas de las realidades del mundo. Todos estos escenarios sumandos a las múltiples reflexiones tras un año de la aparición de WannaCry que aun muestra como siguen muchas infraestructuras se ven afectadas, pone de manifiesto la necesidad de pensar, repensar y reaprender del mundo de la ciberseguridad. Repensar la posición actual, para actuar de una manera más adecuada frente a la realidad. Reaprender los conocimiento y riesgos de cada negocio y propender por definir nuevas formas y estrategias claras a la hora de la protección. Todos los análisis, situaciones y consideraciones deben ser realizados, es la hora de tener planes de protección más sólidos y consistentes con la realidad actual; es el momento que los profesionales de la seguridad empiecen a ver más allá; que expandan no solo sus saberes técnicos, sino amplíen sus cajas de herramientas para reformular los desarrollos de trabajos que hasta la fecha se vienen desarrollando a la hora de construir posturas digitales. Las preguntas de reflexión en esta oportunidad están centradas en ¿Cuáles pueden ser las nuevas herramientas del profesional de seguridad?, ¿Cómo un profesional de seguridad puede poseer un pensamiento sistémico?, ¿Cuál puede ser el camino de crecimiento de un profesional de seguridad?, ¿Quién puede ayudar en la construcción de esas nuevas herramientas? Escríbenos en

Visítanos en


Pensamientos de un CISO –Thoughts of a CISO

Caja de Herramientas de un Líder de Seguridad y Resiliencia Digital (LiDReS) El (LidRES), un rol con más fuerza en el continuo de las empresas; su crecimiento y demanda en el mercado laboral requiere de una caja de herramientas ampliada y extensiva toda vez que su marco de trabajo, influencia y responsabilidad se ha ampliado. Algunos elementos a considerar en la caja de herramientas:

Toolbox of a Security and Digital Resilience Leader (SeDiRLe) The (SeDiRLe), a role with more force in the continuum of the companies; Its growth and demand in the labor market requires an expanded and extensive toolbox, since its framework, influence and responsibility has expanded. Some elements to consider in the toolbox: Skills built on the character.

Habilidades construidas en el carácter. Liderazgo. El liderazgo se trata principalmente de la influencia; como motor del líder para la ejecución y obtención de resultados. En este sentido el CISO deberá: Influenciar a sus directivos a entender y apropiarse de la ciberseguridad, motivar y conectar con sus pares, para desarrollar y mejorar las posturas de seguridad; empoderar a su equipo para alcanzar objetivos claros; inspirar a sus miembros de organización para que la protección se convierta en un valor para la cultura de la organización; por ultimo relacionarse con sus aliados y a ellos influenciar para construir relaciones amplias en el marco de la protección. Habilidades para el desarrollo de su función. Pensamiento crítico: Muestra las oportunidades al buen juicio, recopilación de información suficiente para la toma de decisiones y claramente entendimiento de los riesgos así como del negocio viendo en todo esto oportunidades y apertura para el desarrollo de posturas solidas de seguridad y resiliencia digital. Colaboración. Construcción de relaciones sólidas y de largo plazo con el objetivo de que la ejecución de tareas, objetivos y programas sean llevado a cabo. Comunicación. La comunicación adecuada de un profesional de seguridad y resiliencia digital logra que las partes entiendan, comprendan y se vinculen a las propuestas y planes definidos. Así las cosas se dejan los siguientes cuestionamientos para reflexión. ¿Cómo está haciendo el Líder de Seguridad y Resiliencia Digital para descubrir, desarrollar y sostener su caja de herramientas? ¿Cuál puede ser el primer paso para su desarrollo? ¿Cuándo se da cuenta un profesional de seguridad que debe ampliar su caja de herramientas? ¿De qué manera se puede preparar a las próximas generaciones de profesionales de seguridad?

Leadership. Leadership is mainly about influence; as the leader's engine for executing and obtaining results. In this sense, the CISO should: Influence its managers to understand and appropriate cybersecurity, motivate and connect with their peers, to develop and improve security positions; empower your team to achieve clear objectives; inspire its organizational members so that protection becomes a value for the culture of the organization; Finally, interact with your allies and influence them to build broad relationships within the framework of protection. Skills for the development of its function Critical thinking: Shows the opportunities for good judgment, gathering sufficient information for decision-making and clearly understanding the risks as well as the business, seeing in all this opportunities and openness for the development of solid security and digital resilience postures. Collaboration. Building strong relationships and long-term with the aim of performing tasks, objectives and programs are carried out. Communication. The adequate communication of a professional security and digital resilience ensures that the parties understand, engage and link to the proposals and plans defined. So things are left the following questions for reflection. How is the Digital Security and Resilience Leader doing to discover, develop and sustain its toolbox? What can be the first step to its development? When does a security professional realize that he must expand his toolbox? How can you prepare the next generations of security professionals?

We invite you to share your opinions

Te invitamos a que compartas tus opiniones Escríbenos en

Visítanos en


Influencers DOUG TAIT Business lawyer Cyber insurance: a complicated necessity Whether an organization suffers a cyber incident is no longer a question of ―if‖ but ―when‖ and as such, cyber security is a risk to be managed not solved. The basic game plan of cyber risk management is to minimize risk. However, no amount of technology, policies or training can guarantee that an organization will not suffer a cyber security incident. Accordingly, once an organization has minimized its risk using technology, policies or training, it should consider transferring the risk that cannot be removed through investment in further security measures, to a cyber insurance policy. In fact, due to the increasingly high costs associated with a cyber incident, many consider cyber insurance not as a mere consideration but rather as an absolute necessity. The complete article is here

Chuck Brooks Principal Market Growth Strategist — Cybersecurity and Emerging Technologies for General Dynamics Mission Systems A cybersecurity action list for law firms There is a congruency with the legal community’s mission of preparedness and the practice of cybersecurity. A primary requirement of the legal profession is to obtain data and explore evidence, access the implications of that evidence, and prepare accordingly to protect and serve the client. Cybersecurity also follows that framework.

There is, however, an urgent need for the legal community to add an element to their operations to make them more in line with cybersecurity; actions to enable providing better protection of their data against breaches. The complete article is here

Seth Jaffe, CBCP, JD Seth is our official rocket scientist in residence. When it comes to cyber security, lack of vendor oversight can lead to legal trouble Third-party cyber security programs got a shot in the arm this week in the form of two legal actions. The first, well summarized by Sue Ross over at Norton Rose Fulbright, is a proposed consent agreement by the Federal Trade Commission against mobile phone manufacturer BLU Products, Inc., alleging that BLU’s failure to oversee its vendor’s security practices amounts to a violation of Section 5 of the FTC Act. FTC consent orders are generally 20 years in length, and require adherence to a strict ―never-let-this-happenagain‖ program. Indeed, BLU would have to implement a comprehensive data security program with a biennial assessment and all sorts of compliance obligations. In short, consent decrees come with an operational and monetary sting, and violation of one can find the company staring down the barrel of steep fines. The complete article is here


Top of News

SynAck Ransomware Gets Dangerous 'Doppleganging' International InfoSec & Cybersecurity News

www.darkreading.com New Process Doppelganging, obfuscation features makes the malware much harder to spot and stop. The authors of the SynAck ransomware family appear to have found a way to make the malware considerably more dangerous for enterprises.

The rise of the NIST cybersecurity framework www.csoonline.com NIST's recently released Cybersecurity Framework version 1.1 showcases the Institute’s expanding role and the reliance of lawmakers on its guidance.

Equifax Revelation www.informationsecuritybuzz.com Equifax has disclosed further details of data that was breached in its cybersecurity incident in September. IT security experts commented below.

One Year After WannaCry Outbreak, EternalBlue Exploit Still a Threat www.securityweek.com One year after the WannaCry ransomware outbreak, the NSA-linked exploit it was using for propagation is still threatening unpatched and unprotected systems, security researchers say.

FBI: Cyber-Fraud Losses Rise to Reach $1.4B threatpost.com About 301,580 consumers reported cyber-fraud and malware attacks to the FBI’s Internet Crime Complaint Center (IC3) last year – with reported losses exceeding a whopping $1.4 billion.

Retailers could increase annual revenue by as much as 5% by investing in cybersecurity measures that shoppers trust www.itsecurityguru.org A new report by Capgemini’s Digital Transformation Institute has revealed that cybersecurity is a new source of competitive advantage for retailers.

Data Breaches Decline in Q1 2018 www.infosecurity-magazine.co A quick review of first-quarter numbers show a shift in the breach landscape.


CSOOnline

Darkreading

Other Important News 17 Zero-Days Found & Fixed in OPC-UA Industrial ... 20 Signs You Are Heading for a Retention Problem 8.7B Identity Records on Surface, Deep, Dark Webs ... APT Attacks on Mobile Rapidly Emerging As Personal Encryption Rises, So Do Backdoor Concerns Author of TreasureHunter PoS Malware Releases Its ... Breakout Time: A Critical Key Cyber Metric Calculating Cloud Cost: 8 Factors to Watch Compliance Complexity: The (Avoidable) Risks of Not ... Electroneum Cryptomining Targets Microsoft IIS 6.0 ... Email Security Tools Try to Keep Up with Threats FBI: Reported Internet Crimes Topped $1.4 Billion ... Gandcrab Ransomware Exploits Website Vulnerabilities Google Security Updates Target DevOps, Containers ‘I'm hacked’ message left on dozens of Canon IoT security cameras 2018 – the year of the targeted attack? 6 takeaways (and 3 predictions) from CISO meetings at the RSA Conference Bitcoin network 3 to 10 times more 'evil' than rest of the internet CNP fraud spikes during the holiday shopping season. Here are 3 things you can do now to protect your holiday sales Conway's Law: does your organization’s structure make software security even harder? Don’t fall off the log! Georgia governor vetoes bill that would criminalize good-faith security research, permit vigilante action How consumer omnichannel authentication benefits businesses How do you secure the cloud? New data points a way 2018 – the year of the targeted attack? Is Converging Your IT and OT Networks Putting Your Organization at Risk?

Microsoft's Patch Tuesday Fixes Two CVEs Under ... Millennials, Women May Bridge Cyber Talent Gap Phishing Attack Bypasses Two-Factor Authentication Phishing Threats Move to Mobile Devices Proofpoint Sounds Warning on Vega Stealer Targeted ... Properly Framing the Cost of a Data Breach Publicly Disclosed Breaches Down Drastically in Q1 2018 Ready or Not: Transport Layer Security 1.3 Is Coming Report: More Breaches Despite Increasing Security ... Risky Business: Deconstructing Ray Ozzie's ... Script Kiddies, Criminals Hacking Video Streams for ... Why DDoS Just Won't Die Trial Begins for Latvian Man Accused of Malware ... US Extradites Romanian Hackers Charged with ... NSA tripled phone record surveillance, collected 534M records in 2017 Review: Keeping the bad phish out of your network pond with Cofense Triage Ring modernizes the neighborhood watch with its Neighbors app Salted Hash Ep 28: GDPR deadline fast approaches Securing IoT in Healthcare is Critical The evolution of security operations, automation and orchestration The good, the bad & the ugly of using open source code components Zero Trust: Why ‘cyber insurance’ offers no GDPR compliance What is a Chief Security Officer? Understanding this critical role What is cyber resilience? Building cybersecurity shock absorbers for the enterprise Who wants to go threat hunting? Why enhanced authentication methods should play a bigger role in your security plan


InformationSecuritybuzz

‘More Exposed Than Ever’ – Businesses Not Ready For Another WannaCry 42% Of IT Professionals Ignore Critical Security Flaws Alarm Fatigue And The Danger To Cybersecurity Critical Windows Vulnerabilities Exploited By Hackers Now Patched In Microsoft May 2018 Updates One Year After WannaCry: What's Changed & What Hasn't? (May 12 Marks One Year) Estimated DDoS IoT Costs Facebook Scandal – A Call To Be More Vigilant About Your Privacy

Securityweek

Oracle Access Manager Vulnerability

HMRC Issue Phishing Warning Are You Securing Your Contract Workforce? Critical Code Execution Flaw Patched in Flash Player Cyber Insurance Startup At-Bay Raises $13 Million Facebook's Growing Privacy Concern Google Releases Additional Meltdown Mitigations for Android How Digital Transformation is Making the Anonymous Personal Microsoft Patches Two Windows Zero-Day Vulnerabilities Misinterpretation of Intel Docs Leads to Flaw in Hypervisors, OSs No Evidence Russian Hackers Changed Votes in 2016 Election: Senators The Solution to the Cybersecurity Talent Gap is Inclusion

Security Professionals Prefer Shorter Vulnerability Disclosure Timelines Tax fraud: Why Human Nature Leaves Data Vulnerable To Hackers Telegram: The New Channel Of Choice For Conducting Cyber-Crime The Importance Of Long-Term Compliance And Tackling Data Sprawl, And The Impact GDPR Will Have On Company Culture Twitter Password Uber To Resume Tests With Self-Driving Cars, Just A Few Months After Fatal Crash UK Manufacturing Is Top Target For Cyber Attackers – NTT Security 2018 Global Threat Intelligence Report Phishers Use New Method to Bypass Office 365 Safe Links Romanian Who Attacked Warcraft Gets Year in Prison Romanians Charged With Vishing, Smishing Extradited to U.S. Russia-linked Hackers Exploit Lojack Recovery Tool in Attacks SafeBreach Raises $15 Million in Series B Funding SynAck Ransomware Uses Process Doppelgänging for Evasion The ABCs Driving the Growth of Industrial Cybersecurity The GDPR Opportunity The Impending Facial Recognition Singularity The Multiplier Effect of Collaboration for Security Operations

Equi-Facts: Equifax Clarifies the Numbers for Its Massive Breach

May Patch Tuesday Fixes Two Bugs Under Active Attack

Adobe Patches Critical Bugs In Flash Player, Creative Cloud

New Facebook-Spread Malware Triggers Credential Theft, Cryptomining

Bugs in Logitech Harmony Hub Put Connected IoT Devices at 'High Risk'

Nigerian BEC Scammers Growing Smarter, More Dangerous

Cryptojacking Campaign Exploits Drupal Bug, Over 400 Websites Attacked

Romanian Hackers Extradited to U.S. over $18M Vishing Scam

Variant of SynAck Malware Adopts Doppelgänging Technique

Secrets of the Wiper: Inside the World's Most Destructive Malware

GDPR Compliance Countdown: The Final Checklist Hackers Using Stolen Credentials To Tap Travel Rewards Hacking Gang Turns To New Tactics In Malware Campaign

Threatpost

NEW REGULATION: NIS Directive Will Ensure The UK Remains ‘On’ During The Most Extreme Cyber-Attacks New Version Of The Hide And Seek Botnet Can Now Survive Device Reboots NHS WannaCry: One Year On


ITSecurityguru Infosecurity -magazine SCMagazine

GandCrab Ransomware Found Hiding on Legitimate Websites

Severe Keyboard Flaws in LG Smartphones Allow Remote Code Execution

Major OS Players Misinterpret Intel Docs, and Now Kernels Can Be Hijacked

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers Global Study by Netwrix Finds Rapid Cloud Adoption by Government Lacks Security Half of UK Organisations Have Fallen Prey to Ransomware Attacks How can machine learning complement your existing security solutions? Immersive Labs supports NCSC to help identify tomorrow’s cyber defenders Kaspersky Lab discover critical vulnerabilities in a popular industrial protocol, affecting products from multiple vendors Dark Web Intelligence Company Warns UK Business of the Rise in Data Attacks on SMBs FBI: Cybercrime Losses Drop as Ransomware Reporting Falls Sharply Hackers Mine for Crypto-Coins on IoT Devices Microsoft Patches Zero Day Flaws this Month NSA Warrantless Searches Jump Over 40% Small Firms Up to 20 Times More Likely to be Breached State-Sponsored Chinese Spy Groups Linked Under Umbrella of Evil Half of Global Fortune 100 continue to download flawed Apache Struts used to breach Equifax

16,500 Student Loan Borrowers' Information Exposed in Data Leak 86% of the UK’s most valuable brands fail to safeguard consumers online Appsec investments driven by losses, not prevention Botnet Operators Cash in on Rewards Programme Credentials Can consumers bank on financial services being secure with GDPR? Catching the Blind Spots of Vendor Risk Management City of London Police Plan to Recruit IT Grads: Report SynAck Ransomware Uses Doppelganging Technique DDoS Attacks Ebb and Flow After Webstresser Takedown Don’t WannaCry Again? Here’s How to Prevent it Equifax Updates SEC on Breached Data Types and Volumes Facebook Users Undeterred by Privacy Scandal Adapt or die: A CISO's new role in a social media first world Confusion over chipmakers' debug exception instructions prompts patching by OS developers Cybercrime losses exceed $1.4B in 2017 Cybersecurity salaries highest in retail sector Encrypted communications lure cybercriminals from dark web to Telegram app Equifax details breach information in SEC filing, hundreds of millions of records exposed

Bankinfosecurity So What?' - Startups Make Their Pitch A View of Cybersecurity’s Future Crabby Ransomware Nests in Compromised Websites Crypto Fight: US Lawmakers Seek Freedom From Backdoors

NIST adds privacy recommendations to its Risk Management Framework Office 365 defenses vulnerable to baseStriker malware SynAck ransomware implements Doppelgänging evasion technique Trojanized CMS plug-ins infect thousands of websites in tech support scam campaign

Thehackersnews 5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws 7 Chrome Extensions Spreading Through Facebook Caught Stealing Passwords A Simple Tool Released to Protect Dasan GPON Routers from Remote Hacking First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection


Equifax: US Breach Victim Tally Stands at 146.6 Million How Authentication Must Evolve in the Age of GDPR Old Security Models ‘Are Breaking Down’ Report: Chinese Actors Steal Code-Signing Certificates Spectre: The Next Generation Zero-Day Attack Exploits Windows via Malicious Word Doc

HelpNetSecurity Breach activity declines, number of compromised records remains high Cybercriminals are turning to Telegram due to its security capabilities Do young people hold the key to closing the cybersecurity talent gap? GDPR Rails: Community GDPR compliance tool Half of all companies do not have adequate application security visibility How to adopt the mindset of continuous security for security operations iOS users are 18x more likely to be phished than to download malware SAP systems: The threat of insecure configurations Why collaboration can be a killer app for defense

Computerweekly Breach disclosure time still high, report shows CNI providers face hefty fines for cyber security failings Equifax breach lessons not learned Hacking the internet of things just got easier – it’s time to look at your security Majority of security professionals favour shorter disclosure deadline

Hackers Found Using A New Way to Bypass Microsoft Office 365 Safe Links Microsoft Adds Support for JavaScript in Excel—What Could Possibly Go Wrong? Microsoft Patches Two Zero-Day Flaws Under Active Attack New Rowhammer Attack Can Hijack Computers Remotely Over the Network Two Romanian Hackers Extradited to the U.S. Over $18 Million Vishing Scam

Securityintelligence Connect the Dots: IoT Security Risks in an Increasingly Connected World Crypto-Miners Supplant Ransomware as the Top Healthcare Cybersecurity Threat Despite Major Data Breaches, Users' Bad Password Security Habits Haven't Improved Millennials Play a Key Role in Solving the Cybersecurity Skills Shortage New Cybercrime Statistics: 1 Billion Bots Involved in 210 Million Fraud Attempts in Q1 Three-Quarters of Organizations Struggle to Attract Qualified IT Security Candidates WannaCry Dominates Ransomware News in 2017, Drives 400 Percent Attack Boost What Is the Current State of Cyber Resilience? WHOIS Behind Cyberattacks? Under GDPR, We May Not Know

Bleepingcomputer Hide and Seek Becomes First IoT Botnet Capable of Surviving Device Reboots 5,000 Routers With No Telnet Password. Nothing to See Here! Move Along! FBI: Number of Ransomware Complaints Went Down in 2017

High School Can't Pick Valedictorian Because Hacker Altered Grades for Years Malicious Apps Get Back on the Play Store Just by Changing Their Name Researchers Come Up With a Way to Launch Rowhammer Attacks via Nigerian cyber attackers up their game Network Packets Security Think Tank: More time equals more opportunity for cyber attackers SynAck Ransomware Uses Process Doppelgänging Technique WannaCry’s EternalBlue exploit still a threat

Malwarebytes

Techrepublic


HTTPS: why the green padlock is not enough Kuik: a simple yet annoying piece of adware Mobile Menace Monday: re-emergence of a fake Android AV Netflix phish claims your membership is on hold Parenting in the Digital World: a review Where did the tech support scam blacklist go?

Zdnet After Equifax breach, major firms still rely on same flawed software Android security: Malicious apps sneak back into Google Play after tweaks Iran likely to retaliate with cyberattacks after nuclear deal collapse Mirai DDoS attack against KrebsOnSecurity cost device owners $300,000 Ransomware, tech-support scams or email fraud: Which cybercrimes cost victims most?

CSOAU Budget 2018: Cybersecurity funding dovetails with national-security priorities DDoS attacks on Australian targets quadrupled in April; were you ready for the surge? Security industry welcomes Budget’s AI support, but BEC-riddled Aussie businesses are more ambivalent You’ve got malware! Businesses beware of email scams

Lbminformationsecurity Is Your Staff Informed on Security Awareness Education? Threat Intelligence Updates: May 2018 Vulnerability Information Updates: May 2018

ETCISO

Despite knowing they need one, 77% of businesses don't have a response plan for cyberattacks How the cyber insurance industry detects the next big attacks How to make CISOs comfortable with cloud security Only 9% of millennials are interested in a cybersecurity career Security researchers want to force people to use different passwords for every website

Healthcareinfosecurity 'All of Us' Research Project: The Privacy Risks ER Staffing Firm Breach Raises Complex Questions Protecting the Industrial Internet of Things Report Outlines Military Health Facility Security Weaknesses Texas Hospital CEOs: Cybersecurity Is No. 1 Worry

Securityboulevard Advice for New CISOs: How to Get a Head Start on Information Security Governance It’s Eleven O’Clock. Do You Know If Your Organizational Data Is Safe? Reported Data Breaches Falling Fast; Cryptojacking and GDPR Likely ‘Culprits’ SAP Cyber Threat Intelligence report – May 2018

Tripwire All About Peerlyst, a Thriving Online Platform for Cybersecurity Pros Why Organizations Need to Secure Their Containers Women in Information Security: Valerie Thomas

KrebsonSecurity

cybersecurity: Cybercrime is the sexiest risk in the corporate world right now Microsoft Patch Tuesday, May 2018 Edition Only new laws will incentivize enterprises to look at security as more of blended-in rather than bolted-on: IBM Resilient’s Bruce Schneier, IT Security News, ET CISO Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K World becoming a computer, privacy is a human right: Nadella, IT Security News, ET CISO Think You’ve Got Your Credit Freezes Covered? Think Again.


ITProportal

Teachtarget

Cyber security and the growing role of red teaming Looking under the microscope at the NIS directive Major increase in identity breaches during 2017

18 Information Security Pain Points For An Organization CISO: Data integrity and confidentiality are 'pillars' of cybersecurity Force multipliers in cybersecurity: Augmenting your security workforce

Securityaffairs

Govinfosecurty

European Central Bank announced a framework for cyber attack simulation on financial firms Reading the 2017 Internet Crime Complaint Center (IC3) report

Faster Payments: Effective Fraud Mitigation Strategies NY AG Schneiderman Quits: What's Next for Enforcement?

ScmagazineUK

Nakedsecurity

How cyber-security can embed a sustainable privacy operating model 20 years ago today! What we can learn from the CIH virus… Rampant cryptojacking harming organisations' cyber-security, experts reveal Could this be the end of password re-use?

Securelist OPC UA security analysis The King is dead. Long live the King!

Infoworld Cloud security: The skills gap is delaying cloud migration What your provider won’t tell you about cloud security

Simple News [Infographics] Government’s Rapid Cloud Adoption Lacks Security 60 Percent of Small Businesses Fold Within 6 Months of a Cyber Attack. Here's How to Protect Yourself A Curious, New Hardware Fix for Cybersecurity Vulnerabilities A New Twist in Security Attestation A Year After the Equifax Data Breach, What If Nothing Changes? Aditya Birla Group: Over 2,000 computers at Aditya Birla Group held hostage by hackers mining cryptos Atlanta mayor says ransomware attack exposed a blind spot for the community Atrion Communications Doubles Down On Cyber With Hire Of Insurance Security Exec As First-Ever CISO Charleston-based PhishLabs raises $20.5 million, buys competing cybersecurity startup Chinese Telecom Companies in Hot Water Circadian VP Keenan Skelly: Changing the Cybersecurity Paradigm CISO View Archives - Mosaic Security Research Cloud service providers and the NIS Directive – are you resilient enough? Cryptocurrency Miners Exploit Widespread Drupal Flaw Cryptojacking spreads across the web Cryptomining with JavaScript in an Excel spreadsheet Cyber Attacks May Be Early Consequence of Trump Exiting Iran Nuclear Deal Cyber Security Tips To Combat Cyber Crime

blog.netwrix.com www.inc.com www.hcanews.com www.pivotpointsecurity.com www.business2community.com economictimes.indiatimes.com statescoop.com www.crn.com www.postandcourier.com www.dataprivacyandsecurityinsider.com www.technewsworld.com mosaicsecurity.com www.itgovernance.co.uk www.inforisktoday.com theconversation.com www.grahamcluley.com securityledger.com www.ica.in


Cybersecurity creating jobs amid growing threats Cybersecurity on a small-school budget: Two liberal arts colleges team up to share a CISO Drupe app removed from Google Play store after photos and messages leaked publicly Equifax now says some passport info was stolen in breach Equifax provides more detail on cyber security incident Equifax reveals full horror of that monstrous cyber-heist of its servers Exposed Video Streams: How Hackers Abuse Surveillance Cameras News Facebook's 'so white and male' leadership highlights bigger diversity issue GDPR Compliance and Why it Matters to HR GDPR working already? GDPR: Don’t forget the human touch How will #GDPR change the way our education sectors operate? How, why and when to hire that interim CISO IAPP Dashboard Digest IBM Employees Can't Use Removable Storage Anymore Insider Threat: How to Protect Your Business from Your Own Employees Iran’s Hacker Hierarchy Exposed IRCTC E-ticket Scam; Attacker Under Custody Is PITB clueless about Pakistan’s largest data breach? Is Your Organizational Data Safe IT Security Weekend Catch Up – May 12, 2018 – BadCyber Keeping vulnerable app online not necessarily wrong decision, experts suggest Law on Cyber Security comes into effect today Leo Phishing Is Culprit Behind Vast Majority of Data Exfiltration, Intelligence Official Says Preparing for the Future: Looking Across the Horizon of Information Security Threats Ransomware: An Enterprise Perspective RSA Survey: Why Is Encryption Usage on the Rise? Russian hackers found the 'ultimate' hacking tool buried in the supply chain of laptops Russians posed as IS hackers, threatened US military wives Security, Privacy, and Digital Forensics in the Cloud – Cyber Forensicator Organisations in Asia uncovering potential of advanced cybersecurity services Why every business needs more control over its data

www.rushvillerepublican.com edscoop.com hotforsecurity.bitdefender.com nypost.com www.itnews.com.au www.theregister.co.uk www.trendmicro.com www.cnet.com totalsecuritydailyadvisor.blr.com racepointglobal.com www.accountancyage.com www.cdn-4.fenews.co.uk www.securityinfowatch.com info.iapp.org www.pcmag.com resources.infosecinstitute.com www.recordedfuture.com securereading.com dailytimes.com.pk blog.thalesesecurity.com badcyber.com www.stuff.co.nz 112.international leocybersecurity.com fedtechmagazine.com moneyinc.com secure360.org www.venafi.com www.cyberscoop.com www.cnbc.com cyberforensicator.com securitybrief.asia securitybrief.com.au


Prevention better than cure, strategies to mitigate cybersecurity incidents Should CISOs Expand Their Portfolios? Survey Suggests Younger Generations, Including Females, May Fill The Cybersecurity Talent Gap The Iran Nuclear Deal Unraveling Raises Fears of Cyberattacks The Risks and Costs of Cyber-Attacks The Seven Stages of GDPR Compliance The three cyber security challenges Australian businesses can't ignore There aren't enough cyber security professionals to protect Massachusetts computer systems, experts say This Week in Security News: Exposure and Susceptibility UK Manufacturers Top Attack Target For Cyber Crooks What are cyber security professionals worth? What to Expect in Your CISO’s Cybersecurity Presentation Will blockchain solve the cyber security skills crisis?

securitybrief.co.nz www.isaca.org www.protectwise.com www.wired.com www.strategy-business.com www.cyberdefensemagazine.com www.afr.com www.masslive.com blog.trendmicro.com www.silicon.co.uk www.enterprisetimes.co.uk www.bitsighttech.com www.information-age.com


Conversando con el CISO Pensando y trabajando por un Líder de Seguridad y Resiliencia Digital Diferente

Escríbenos, nos interesa escuchar tu opinión. Conéctate


Influenciador Leo Soto Making things happen at ContinuumHQ.com, StarsConf.com & MITI.cl. Passionate software developer & MBA.

Dos síntomas de cómo NO tomamos en serio la seguridad Hace un par de semanas supimos de graves fallas de seguridad en el Banco de Chile. La peor de ellas permitía a cualquier persona que tuviera una clave de cliente del Chile hacer compras via WebPay cargando el monto a la cuenta de cualquier otro cliente del mismo banco. � Entiendo que los problemas reportados han sido corregidos. Pero si sólo vemos esto como otra ―incidencia‖ que ya fue parchada, perdemos la oportunidad de ver el problema sistémico que tenemos como industria. Lo más grave de la historia contada por Eduardo no era la compra a nombre de otra persona. Lo más grave es que el equipo que descubrió estos problemas intentó comunicarlos al banco durante meses, y aún así los problemas de fondo persistían. Porque no nos tomamos en serio la seguridad. Y para mostrar que no es una afirmación a la ligera, voy a describir dos síntomas que muestran que por mucho comunicado formal, reuniones con gente de apariencia muy seria o las buenas intenciones — nadie realmente quiere cagarla con la seguridad—en la práctica nuestra industria no se toma en serio la seguridad.. Articulo original tomado de Aqui


Noticias de interés

Noticias de Seguridad y Ciberseguridad

Medio millón de marcapasos necesitan un parche de seguridad seguridad-informacion.blogspot.com.co La Administración de Drogas y Alimentos de los EE. UU. (FDA) aprobó el mes pasado un parche de firmware para marcapasos fabricado por Abbott's (anteriormente St Jude Medical) que son vulnerables a los ataques de ciberseguridad y que corren el riesgo de una pérdida repentina de batería

Equifax desglosa todos los detalles de la brecha de seguridad cso.computerworld.es Equifax acaba de revelar más detalles sobre la brecha de seguridad que sufrió en 2017. La compañía crediticia ha vuelto a elevar el número total de afectados por el robo de datos;

"Hoy es más fácil tener la atención de un Consejo de Administración, en parte, gracias a casos como el de Wannacry" cybersecuritynews.es Aeropuertos, construcción, carreteras, servicios a la ciudadanía; Ferrovial es una de las mayores empresas españolas.

Throwhammer la nueva forma de lanzar ataques de Rowhammer a través de paquetes de red noticiasseguridad.com Throwhammer la nueva forma de lanzar ataques de Rowhammer a través de paquetes de red

Investigadores revelan ocho nuevas vulnerabilidades de Spectre en chips de CPU manuelabreuo.com Las compañías dedicadas a la fabricación de chips de CPU se enfrentan a una nueva oleada de vulnerabilidades de ejecución especulativa de Spectre, las cuales podrían ser reveladas durante esta se mana, informo una compañía de tecnología alemana.

Investigadores encontraron puerta trasera en la biblioteca de python que roba credenciales ssh www.entornointeligente.com Recientemente vimos un intento de ocultar una puerta trasera en una biblioteca de códigos, y hoy ya existe un nuevo caso.


Otras noticias CRYPTEX - Seguridad de la Información: 100 Worst Passwords of 2017! The Full List CRYPTEX - Seguridad de la Información: Facebook presenta ‘Clear History’, la herramienta para proteger los datos personales

seguridad-informacion.blogspot.com.co

CRYPTEX - Seguridad de la Información: International CyberEx 2018, CRYPTEX - Seguridad de la Información: ZooPark - malware para Android es capaz de hacer screenshots a WhatsApp 'ZooPark', un nuevo 'malware' para Android que accede a WhatsApp Equifax desglosa todos los detalles de la brecha de seguridad cso.computerworld.es

España lidera el ranking mundial de ataques 'ransomware' Las 34 compañías unidas en 'pro' de la ciberseguridad mundial Una ciberseguridad global, sin fronteras Los datos desectructurados y sus problemas en ciberseguridad El peligro de las ofertas fraudulentas de empleo en Internet Las empresas de retail podrían incrementar sus ingresos un 5% si invierten en las medidas de ciberseguridad y privacidad que el consumidor valora Hackers atacan el sistema de intercambio de bicicletas de la ciudad de Copenhague

cybersecuritynews.es

noticiasseguridad.com

Sitios web de Drupal incluidos sitios del gobierno, hackeados para extraer criptomonedas manuelabreuo.com

Guerra entre hackers griegos y turcos Investigadores revelan ocho nuevas vulnerabilidades de Spectre en chips de CPU Claves de la nueva ley de protección de datos: ¿papel mojado o realidad?

www.eleconomista.es

Identifican siete extensiones maliciosas de Chrome con un 'malware' día cero que afectan a 100.000 usuarios Noticias de otros portales

<p>La ciberseguridad, una inversión rentable para las empresas de retail</p>

www.revistaaral.com

Atiende Policía Federal más de 233 mil incidentes cibernéticos

www.info7.mx

Celebra el Día Europeo de las Pymes aprendiendo sobre ciberseguridad para tu sector

www.incibe.es

ciberseguridad marítima del mal de comercio fórmula Etereum en la India

bitcoinsp.info


Debes actualizar 7-zip ahora! vulnerabilidad critica encontrada - SectorX

www.sectorx.com.ar

En México, 4 millones de fraudes cibernéticos durante 2017

www.lacolumnadeviveros.com.mx

España se enfrenta a sanciones por no tener lista la nueva ley de ciberseguridad

www.vozpopuli.com

Guatemala lanzará estrategia de ciberseguridad para evitar delitos en línea

www.prensalibre.com

La ciberseguridad en entornos industriales (ICS) – Solasaldia

solasaldia.wordpress.com

La Importancia de España en la Ciberseguridad de Latinoamérica - BoomerNiX

www.boomernix.com

La seguridad de la tecnología de la información es clave para un negocio exitoso

www.eluniverso.com

Las defensas de seguridad tradicionales pueden no ser adecuadas para GDPR

www.ciospain.es

México e Israel fortalecen cooperación en tema de ciberseguridad

www.forbes.com.mx

Monero, la criptomoneda preferida por los desarrolladores de malware

elcomercio.pe

Para el 75% de los españoles la ciberseguridad es clave al elegir retailer

www.itreseller.es

RGPD: no va más

www.dealerworld.es

Riesgos de ciberseguridad en las pymes

www.inese.es

Este ransomware usa una técnica única para evitar ser detectado por el antivirus

dosistecnologica.com

ZooPark, el ‘malware’ que puede leer las conversaciones de WhatsApp

elpais.com


Reportes de la Semana Estos son algunos de los informes y reportes en materia de seguridad, y ciberseguridad publicados por reconocidas organizaciones.


Eventos Algunos de los eventos a ser realizados en Bogotá (Colombia), en los próximos días y meses

LatamTour2018 - OWASP www.owasp.org Do you want to give a talk or a training session in Latin America? Please send your proposals to the corresponding chapter leader before March 1st 2018

ISACA Bogotá Day | ISACA Bogotá Chapter www.isacabogota.org ISACA Bogotá Day, el congreso de los especialistas es el congreso de los especialistas en gestión de gobierno, auditoría, control, aseguramiento, seguridad y riesgos al nivel de las tecnologías de información.

Posible participación de CISOS.CLUB

El congreso sobre centros de datos e infraestructura cloud dcd.events Colombia celebra la 9ª edición de su congreso en 2018, y lo hace en un nuevo espacio, Ágora Bogotá Centro de Convenciones. La cita será el próximo 20 de junio. Participación de CISOS.CLUB como ponente.

XVIII Jornada Internacional de Seguridad Informática ACIS 2018 www.acis.org.co En un mundo digitalmente modificado los profesionales de seguridad de la información se encuentran inmersos en nuevos contextos, donde abundan las incertidumbres y escasean las certezas. Dichos contextos demandan que los perfiles de seguridad se reinventen de cara a la realidad digital, retando sus saberes previos y prácticas estándares. Participación de CISOS.CLUB como ponente.


Bolsa de Empleo

Director De Infraestructura Y Seguridad Tecnológica Auditor de Tecnología y Seguridad de la Información Profesional Seguridad De La Información

Analista ii de seguridad de la información

Oficial De Seguridad De La Información

Analista seguridad de la información

Director De Seguridad Informática

Oficial de seguridad de la información Oficial de seguridad de la información

El Diario del CISO (The CISO Journal) Volumen 15  

En esta nueva edición de El Diario del CISO, encontraras las noticias al rededor del mundo, una forma de mantener al Líder de Seguridad y Re...

El Diario del CISO (The CISO Journal) Volumen 15  

En esta nueva edición de El Diario del CISO, encontraras las noticias al rededor del mundo, una forma de mantener al Líder de Seguridad y Re...

Advertisement