El Diario del CISO (The CISO Journal) Edición 28 by cisosclub

Desafíos de un CISO de hoy (Challenges of a CISO’s today) Se hace un breve resumen recuento de las noticias más importantes de la semana. Un espacio de reflexión para los Líderes de Seguridad acerca de lo que sucede en el mundo. El conocer lo que pasa permite dar una vista ampliada de la realidad y ofrece mayores posibilidades a la hora de mejorar la capacidad de anticipación.

En esta edición Pensamientos de un CISO (Thoughts of a CISO) Una oportunidad de reflexión acerca de lo que un CISO, puede, o debe pensar, pensando en la construcción y desarrollo de sus funciones propias y su

Reporte de la Semana (Survey of the Week) Espacio para revisar los reportes publicados en la semana inmediatamente anterior

Eventos Los eventos de algunas asociaciones y comunidades latinoamericanas que se resaltan en este espacio.

crecimiento

Influencer

Influenciador

Recognized industry authors with some articles of interest.

Autores reconocidos de habla hispana de la industria con algunos artículos de interés.

International InfoSec & CyberSecurity News

Noticias de Seguridad y Ciberseguridad

Other Magazines & More

Las noticias más importantes del mundo de los principales portales de seguridad digital actuales.

Espacio de las ofertas laborales de Colombia

The most important news in the world of the main current digital security portals.

Escríbenos

. Bolsa de Empleo Espacio de las ofertas laborales de Colombia

Visítanos

Desafíos de un CISO de hoy

Octubre 2018–Volumen 28

Los eventos de la semana que queda atrás deja unos grandes aprendizajes y reflejan las dinámicas cada vez más complejas del mundo de la ciberseguridad y seguridad de la información. Continuamente se ve como los momentos y tensiones del contexto digital empujan a sus actores a realidades diferentes y complejas que requieren de los profesionales de seguridad, las organizaciones y las personas una atención plena en todo momento y lugar. Esta semana entre fueron muchos los eventos y momentos que muestran que los adversarios digitales continúan trabajando por consolidar un negocio que es mucho más lucrativo, la convergencia de las tecnologías muestra una inevitabilidad de la falla y la constante del cambio y las vulnerabilidades hacen de la realidad digital ecosistemas llenos de dinámicas que son nuevas y requieren ser aprendidas. Dentro de lo más sonado de la semana están: Todas las expectativas por el caso Facebook y su brecha de seguridad, algunos expertos inclusive desde ya vaticinan la cantidad de multas que se vendrán por este caso que apenas comienza a conocerse sus detalles íntimos, algunos otros expertos desde ya declaran que este será el momento de poner a prueba la legislación GDPR y su valor en la protección de los derechos de los ciudadanos. Otra de las noticias que conmocionó al mundo está relacionada con el componente de hardware de China quien se asegura que con él ha podido expiar a un sinnúmero de compañías de las cuales algunas han salido a desmentir la noticia. Entre otras de las noticias con movimientos alrededor del mundo está los detalles que se vienen divulgando acerca de un grupo de adversarios digitales APT38 y las formas de su operación conectadas con el gobierno del Norte de Corea y algunos basados en los datos y evidencian afirman que este grupo podría estar de muchos de los ataques al sector bancario Latinoamericano que se ha venido presentando. De otro lado nuevos y mejoradas anomalías siguen estando presentes en la realidad casos como Torii y los 100 mil routers de hogar que se han visto afectados en Brasil en el mayor robo de credenciales de ese país son algunas muestras del poder de los adversarios digitales y las implicaciones en la vida diaria. De la misma manera el mundo celebra el mes de la concienciación, concientización y capacitación en seguridad y algunos expertos mantienen las puertas abiertas para pensar que este escenario es clave a la hora de proteger los ambientes digitales y de la misma manera se invita a que se hagan estos procesos no solo en este mes, sino que sea una labor continua, consistente y consciente desarrollada con el propósito de cambiar o incluir nuevos hábitos en las organizaciones entorno a la protección de la información en todas sus dimensiones. Esto pone de manifiesto que el trabajo del profesional de seguridad digital pasa por un momento importante y se requiere de su plena atención y disposición para realizarlo. Asi las cosas se deja la pregunta de reflexión ¿Cuál podría ser la visión de un Líder de Seguridad Digital? Escríbenos en

Visítanos en

Pensamientos de un CISO –Thoughts of a CISO

Desafíos de Líder de Seguridad Digital (Parte I) El Ser y el Hacer de un profesional de seguridad es claro que tiene un gran número de desafíos. Los profesionales de seguridad digital (PSD/LSD) están en medio de las tensiones propias de las organizaciones y de lo que ellas demandan en una realidad digitalmente modificada. Uno de los elementos claves de los (LSD) es estar en el medio en las cadenas jerárquicas y con ello se producen las frustraciones, tensiones que son momentos que deben ser administrados en todas sus dimensiones. Es por ello que se hace necesario que se conozcan y se definan cuáles son los desafíos más importantes de un (LSD), al menos en el reconocimiento pueden darse las luces sufrientes para poder empezar a enfrentar cada uno de estos desafíos. El Autor John Maxwell en su libro el Líder de 360 resalta algunos de estos elementos y son aplicables claramente en la vida del Líder de Seguridad Digital. Entre ellos están: 1) El desafío de la tensión de estar en la mitad de la estructura organizacional. 2) El desafío de la frustración: Estar en continuo choque por la implementación de un programa de seguridad. 3) El desafío de atención: Saber que hay muchas partes interesadas que requieren y necesitan una solución del LSD. 4) El desafío del EGO: Este es uno de los grandes desafíos del LSD, y es frecuentemente utilizado para defender sus posiciones y pensamientos. 5) El desafío de los resultados: El LSD quiere y de él se exigen resultados que en muchos casos depende de terceros para su realización. 6) El desafío de la visión: Suele el LSD querer tener una visión distinta de la visión de la organización y sus planes por tanto no coinciden con la agenda corporativa. En este desafío apoyar una visión que puede no estar acorde con lo que cree el LSD es un momento que pone a prueba al profesional. 7) El desafío de la influencia: Una de las labores nuevas de los LSD está centrada en poder influir en otros para que se lleve a cabo muchas de sus iniciativas, en muchos casos se piensa que con el poder es suficiente, pero claramente al estar en una posición intermedia en una organización se empieza a entender que esto no es posible y claramente los roces se presentan y desembocan en muchos de los desafíos anteriores. Influir se trata de relaciones y es clave para el LSD que tenga unas buenas relaciones y vaya más allá de las posiciones para poder influir y con ello alcanzar.

Challenges of Digital Security Leader (Part I) Being and doing a security professional is clear that he has many challenges. Digital security professionals (PSD / LSD) are among the organizations themselves and what they require in a digitally modified tensions reality. One of the key elements of the (LSD) is to be in the middle of the hierarchical chains and thus frustrations occur, tensions that are moments that must be managed in all their dimensions. That is why it is necessary to know and define what are the most important challenges of a (LSD), at least in recognition can be given the suffering lights to begin to face each of these challenges.. Author John Maxwell in his book The 360 Degree Leader highlights some of these elements and they are clearly applicable in the life of the Digital Security Leader. Among them are: 1) The challenge of the tension of being in the middle of the organizational structure. 2) The challenge of frustration: Being in constant shock for the implementation of a security program. 3) The challenge of attention: Know that there are many stakeholders that require and need a solution to LSD. 4) The challenge of EGO: This is one of the great challenges of LSD, and is often used to defend their positions and thoughts. 5) The challenge of the results: The LSD wants and it requires results that in many cases depend on third parties for its realization. 6) The challenge of the vision: LSD usually wants to have a different vision of the vision of the organization and its plans therefore do not coincide with the corporate agenda. In this challenge to support a vision that may not be consistent with what LSD believes is a moment that puts the professional to the test. 7) The challenge of influence: One of the new tasks of the LSD is focused on influencing others to carry out many of their initiatives, in many cases it is thought that with power is sufficient, but clearly to be in an intermediate position in an organization begins to understand that this is not possible and clearly frictions arise and lead to many of the above challenges. Influence is about relationships and is key to LSD that has good relationships and goes beyond the positions to be able to influence and thereby achieve.

Estos desafíos ponen a prueba en la realidad digitalmente modificada al profesional de seguridad incitan por tanto a repensar, las labores realizadas que no solo es una labor mecánica y básica, sino que por el contrario es una labor con muchas dinámicas e interacciones que ponen al LSD en un constante desafío como Líder y como persona. De esta manera dejo para todos algunas preguntas de reflexión que nos inviten a reflexionar

¿Cómo debe un LSD afrontar sus desafíos? ¿Considera usted que puede existir más desafíos para el LSD? ¿De qué forma está usted enfrentando cada uno de estos desafíos? ¿Cuál podría ser el paso inicial para prepararse para enfrentar estos desafíos?

How should LSD meet its challenges? Do you think there may be more challenges for LSD consider? In what way are you facing each of these challenges? What could be the initial step to prepare to face these challenges?

We invite you to share your insights Te invitamos a que compartas. tus opiniones Escríbenos en

Visítanos en

Influencers Why is Cyber Risk So Difficult to Manage? Companies Are Too Focused on the Threat. www.linkedin.com Ryan Dodd Founder and CEO at Cyberhed Why is cyber risk managed differently from other major risks companies face? Energy companies don’t spend outsized budgets on hedging risk from swings in energy prices. Well managed energy companies spend their money to extract more value of their existing assets, ensuring profitability in any price environment.

“Hacked” Facebook Accoun t — or Cloned? shawnetuma.com

Shawn E. Tuma Dear friends who keep talking about “hacked Facebook accounts”: When there is an account that is pretending to be your account on Facebook (or other social media platforms) that is sending friend requests to others, in most cases, this does not mean that your account has been “hacked” (i.e., inappropriately accessed by someone other than you

Cybersecurity: Three Dynamics Working in Our Favor www.linkedin.com Cindy FornelliFollow Executive Director at Center for Audit Quality Cybersecurity risk is one born from profound disruption. Just as the internet transformed our businesses and lives for the better, it also spawned new categories of wrongdoing and a true rogue’s gallery of cybercriminals.

A hacker’s guide to not get hacked www.peerlyst.com Alex Smirnoff Owner/Founder at Glanc Assume you are a technically savvy person who knows the basics. You never install random crap from the internet. A typical phishing email makes you laugh, you almost pity the mankind which can be fooled by scammers as silly as those.

International InfoSec & Cybersecurity News

China inserts microchips into motherboards used by Apple ...

Facebook Scrambles to Provide Breach Info to Regulators ...

www.scmagazine.com A microchip planted by China on Supermicro motherboards used by organizations, including the CIA, the U.S. military, Amazon and Apple, left sensitive information vulnerable

www.infosecurity-magazine.com Facebook is racing to provide more information to European regulators about a major security breach affecting an estimated 50 million user accounts, with the threat of major GDPR fines hanging over the firm

BEC-as-a-Service: Hacked accounts available from $150 ...

Torii Botnet - Not Another Mirai Variant

www.helpnetsecurity.com For criminals looking to outsource their work, BEC-as-aService is widely available for as little as $150 – with results available in a week or less.

www.informationsecuritybuzz.com Avast’s threat labs team have uncovered “the most sophisticated botnet that they have ever seen”, and it is targeting IoT devices

100,000-Plus Home Routers Hijacked in Campaign to Steal ...

APT38 is behind financially motivated attacks carried out ...

www.darkreading.com An unknown attacker has hijacked over 100,000 home routers and changed their DNS settings in a major campaign to steal login credentials from customers of several banks in Brazil.

securityaffairs.co Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government

Betabot - An Example of Cheap Modern Malware ...

Securing connected medical devices: Will categorizing them as ICS help?

www.securityweek.com What appears to be a new campaign delivering the Betabot malware has been detected by security researchers.

www.csoonline.com Now that they’re no longer protected by an “air gap,” let’s consider what’s needed to protect connected medical devices from security threats.

National Cyber Security Awareness Month: What’s New for 2018?

Apple, Amazon deny Bloomberg report on Chinese hardware ...

securityintelligence.com To kick off October, we take a look back at what happened in cybersecurity in 2018 and a sneak peek at this year's National Cyber Security Awareness Month.

ciso.economictimes.indiatimes.com Apple, Amazon deny Bloomberg report on Chinese hardware attack Apple Inc and Amazon.com Inc denied a Bloomberg Businessweek report

Other Important News Adobe update cleans up 86 bugs in Acrobat and Reader, many critical Apollo hackers steal info from database of 200M contact Apple iOS 12 passcode bypass allows unauthenticated access to iPhone features Apple, Amazon deny servers affected by China microchip plot

SCMagazine

APT28 turns away from election hacking and back to cyberespionage Augmented reality could help solve the cybersecurity talent gap Betabot trojan packed with anti-malware evasion tools Burgerville discloses year-long data breach, courtesy of FIN7 cybergang California bill bans bots during elections Canada’s Recipe Unlimited hit with cyberattack forcing some locations to close Weak passwords outlawed out West, California law aims to secure IoT devices Do you know where your data is? Exposed! Open and misconfigured servers in the cloud Facebook breach could have impacted third-party apps; is huge GDPR fine on the horizon? Facebook: So far no signs that breach hackers attacked third-party app accounts FireEye outs APT38 as North Korean cyber bank heist gang

Infosecur ityMagazine

Formjacking attacks spike as Magecart sets sites on ecommerce GhostDNS hijacking campaign steps up attacks on Brazilians; 100K+ devices compromised #IPEXPO: Cyber-Attacks: Why You Can’t Always Trust Companies, or Security Staff #IPEXPO: Follow Motoring's Example on Safety, as Cyber is Failing #IPEXPO: Tech Industry Must ‘Deliberately Affect Change’ #IPEXPO: What Threat Intel Teaches Us About App Security

Hacktivist pleads guilty to defacing websites for NYC comptroller, Combating Terrorism Center Image in system: Securing the Software Defined Wide-Area Network – Six Critical Functions In Cellphone Spying, Stingrays Are A Red Herring Lightly secured cloud, with a chance of IoT attacks Malicious remote admin tool seemingly linked to KONNI malware, North Korea Marine Corps bug bounty program finds 150 vulnerabilities National Cybersecurity Awareness Month kicks off Precision agriculture advancement offers large attack surface, DHS report RDP attacks on the rise warns FBI, DHS Researchers: Turla and Zebrocy APT actors shared code, targets in 2018 Security Rising: From Business Defender to Digital Enabler Shifting the policy on cyberwar TP-Link router vulnerable to remote takeover flaw Two men arrested in $14 million SIM swapping cryptocurrency theft U.S. Deputy ADA: Indictments of alleged foreign hackers have merit, even without an arrest U.S. indicts GRU officers over anti-doping agency hacks; Western allies condemn Russia VMware, Apache, Mozilla push out patches

Financial Sector Breaches Have Tripled Since 2016 GRU Officers Allegedly Hacked Wi-Fi Networks Worldwide Introducing APT38: North Korea’s Cyber Heist Outfit Malware Less Common in Q2, Still Top Attack Method

12.5m Business Email Accounts Accessible via Web 150 Bugs Found in the Hack the Marine Corps Challenge 18 Vulnerabilities Found in Foxit PDF Reader Apollo Faces Criticism for Breach of 200 Million Contacts Credential-Phishing Attempts Highest on Tuesdays DevOps Producing More Insecure Apps Than Ever DHS Moves to Defend Infrastructure Across Sectors Did Chinese Spies Really Put a Chip in It? Fin7 Hackers Breached US Chain Burgerville Facebook: No Evidence of Third-Party App Access Failure to Protect Data Costs Bupa £175,000 Fake News Domains Spoof UK News Sites Adobe fixes 47 critical flaws in Acrobat and Reader APTs are targeting IT service providers You gotta fight, for your right, to erasure Bridging the priority gap between IT and security in DevOps

HelpnetSecurity

California Governor signs strong net neutrality protections into law Can we trust digital forensic evidence? China allegedly infiltrated US companies through implanted hardware backdoors Emerging technologies lag in criticality while key skills remain a barrier Even with internal focus, most companies utilize external resources for cybersecurity For some cloud services more than 75% of accounts are utilized by hackers Heading into October Patch Tuesday on the heels of big announcements from Microsoft How to minimize the negative effect of mobile device loss or theft Identity fraudsters are getting better and better at what they do In terms of main threat actors, expectation rarely matches reality It only takes one data point to blow open a threat investigation

MoD Launches Cyber Cadet Training Program NCSC: Russia’s GRU to Blame for DNC and Other Attacks Password Security Better, Still Poses Business Risk Phishing Attack Impersonates Law Firm Ransomware Casts Anchor at the Port of San Diego ReliaQuest Gifts $1m to Build Cyber Lab at USF Researchers Call for a Shared Dark Web Taxonomy Security Serious' Unsung Heroes Awards Winners Announced Tesco Bank Fined £16m+ After 2016 Cyber Heist Torii IoT Botnet Takes Mirai to a New Level Tory App Snafu Exposes Ministers’ Personal Info Twitter Updates Aim to Improve Election Integrity Latest Building Security In Maturity Model reflects software security initiatives of 120 firms Most enterprises highly vulnerable to security events caused by cloud misconfiguration Most organizations believe hackers can penetrate their network New IoT legislation bans shared default passwords Organizations need to shift strategies, adopt a proactive approach to cybersecurity Popular TP-Link wireless home router open to remote hijacking Python-based attack tools are the most common vector for launching exploit attempts Quantifying a firm's security levels may strengthen security over time Regularly updating your wireless router is not enough to ward off attacks Safe IT/OT integration with unidirectional security gateways The ultimate fallout from the Facebook data breach could be massive True password behaviors in the workplace revealed Vulnerable Android password managers make phishing attacks easier Worldwide spending on cloud IT infrastructure continues to grow, reaches $15.4 billion WWW inventor announces Solid, a push to create a decentralized web users can trust

Jigsaw releases Intra, an Android app that encrypts DNS queries to thwart online censorship

Darkreading

Informationsecuritybuzz

200M Contacts Affected In Sales Engagement Startup Data Breach 5 Ways CISOs Can Improve Cybersecurity 8 Ways To Empower Your Security Operations Center Airports Are Implimenting Biometric Technology And The Risks It Presents Browser Spam Burgerville Breach Burgerville Fast Food Chain Suffers Major Credit Card Breach California Bans 'Secret' Election Bots Chinese Spy Chips Could Your Organisation’s Servers Be A Botnet? CRITICALSTART’s Section 8 Researchers Identify Vulnerability In Paessler’s PRTG Expert Reaction: Kim Kardashian The Most Dangerous Celebrity To Search For Facebook Breach Now Affecting 90m Users - What Do The Experts Say? Facebook Could Face Billions In Fines Fornite Gaming Cheats Suffer From Malware Attack GRU Cyber Attacks 'Short, Brutal Lives': Life Expectancy for ... Who Do You Trust? Parsing the Issues of Privacy, ... 12 AppSec Activities Enterprises Can't Afford to Skip 7 Steps to Start Your Risk Assessment An Intro to Intra, the Android App for DNS Encryption California Enacts First-in-Nation IoT Security Law CISOs: How to Answer the 5 Questions Boards Will ... Employees Share Average of 6 Passwords With Co-Workers Financial Sector Data Breaches Soar Despite Heavy ... For $14.71, You Can Buy A Passport Scan on the Dark Web GDPR Report Card: Some Early Gains but More Work Ahead

Hack The Marine Corps Results: Nearly 150 Vulnerabilities Reported, $151,542 Paid To Hackers Hacked Facebook Accounts For Sale On Dark Web Head Of Compliance At Securityscorecard On Bupa Fine Home Router Vulnerabilities That Could Impact The Work Environment Industry Leaders Reaction on China Hacks Information Security Advice For Small And Medium Business Kim Kardashian Is The McAfee Most Dangerous Celebrity™ 2018 More UK Households Now Own A Smart Speaker Than A Pet Rabbit, But Do People Understand The Security Implications? New Betabot Infostealer Malware Campaign Positive Technologies Report: Every Fourth Cyberattack Targets Ordinary Users Potential Misuse Of Legitimate Websites To Avoid Malware Detection Russian Cyberattacks Exposed Smoke Loader Malware Updated And Detected In The Wild Weak Passwords To Be Banned In California UK Accuses GRU Of Cyberattacks Malware Outbreak Causes Disruptions, Closures at ... Mandia: Tipping Point Now Here for Rules of Cyber ... Most Home Routers Are Full of Vulnerabilities October Events at Dark Reading You Can't Miss Putting Security on Par with DevOps Report: In Huge Hack, Chinese Manufacturer Sneaks ... Stop Saying 'Digital Pearl Harbor' Successful Scammers Call After Lunch The Right Diagnosis: A Cybersecurity Perspective US Indicts 7 Russian Intel Officers for Hacking ... When Facebook Gets Hacked, Everyone Gets Hacked

Securityaffairs Securityweek CSOOnline

Inside the North Korean Hacking Operation Behind ... Adobe security updates for Acrobat fix 86 vulnerabilities, 46 rated as critical Apollo data breach exposed more than 200 million contact records Apple did not disable Intel Manufacturing Mode in its laptops US offers its cyber warfare defense capabilities to NATO Attackers chained three bugs to breach into the Facebook platform Canada blames Russia for cyber attacks against its structures Canadian restaurant chain Recipe suffered a network outage China planted tiny chips on US computers for cyber espionage Cyber Defense Magazine - October 2018 has arrived. Enjoy it! Cyber Defense Magazine Annual Global Edition for 2018 has arrived. DHS issued an alert on attacks aimed at Managed Service Providers Weak Passwords Abused for 'FruitFly' Mac Malware Distribution

Experts found 9 flaws that expose LenovoEMC, Iomega NAS to hack Experts warns of a new extortion campaign based on Breach Compilation FCA fines Tesco Bank £16.4m over 2016 cyber attack GhostDNS malware already infected over 100K+ devices Hidden Cobra used the new ATM cash-out scheme FASTCash to hit banks Silk Road admin pleaded guilty to drug trafficking charges and faces up to 20 years in prison New Danabot Banking Malware campaign now targets banks in the U.S. Researchers associated the NOKKI Malware to North Korean APT Sony Bravia Smart TVs affected by a critical vulnerability Telegram CVE-2018-17780 flaw causes the leak of IP addresses Russian State-Sponsored Operations Begin to Overlap: Kaspersky

Canada Says it Was Targeted by Russian Cyber Attacks

Tesco Bank Fined by UK Regulator Over Hacking

China Used Tiny Chips on US Computers to Steal Secrets: Report

The DNC Hacker Indictment: A Lesson in Failed Misattribution

DHS Warns of Attacks on Managed Service Providers

The Scandals Bedevilling Facebook

DHS Warns of Threats to Precision Agriculture

U.S. Energy Department Invests Another $28 Million in Cybersecurity

How Letting Go of the Familiar Can Improve Security Maturity

UK, Australia Blame Russia for Bad Rabbit, Other Attacks

Improving Security Operations Through Collaboration Industry Reactions to Chinese Spy Chips: Feedback Friday North Korean Attacks on Banks Attributed to 'APT38' Group 10 essential enterprise security tools (and 11 nice-to-haves) Basic Cyber Hygiene Practices That Go a Long Way Bruce Schneier's Click Here to Kill Everybody reveals the looming cybersecurity crisis Can digital identity cure the chronically ill? Cloudy future for security analytics Cybercriminals are using blockchain to improve security. Should you?

US to Let NATO Use its Cyber Defense Skills Using Compliance as a Springboard to Better OT Cybersecurity

Facebook security and privacy issues revealed Gwinnett Medical Center investigating possible data breach

Recipe Unlimited denies ransomware attack, despite alleged ransom note Review: Senzing uncovers relationships hiding within big data New vicious Torii IoT botnet discovered SQL injection explained: How these attacks work and how to prevent them The Options Clearing Corporation taps AI to stay ahead of hackers The potential costs of cybercrime that can’t be calculated What is the future of authentication? Hint: It’s not passwords, passphrases or MFA Will your company be valued by its price-to-data ratio?

Securityintelligence ETCISO

An Open Letter to Security Managers: Stop Trying to Do It All As IoT Security Concerns Rise, Are Solutions Keeping Up?

Don't Overlook Your Data Blind Spots: 5 Tips for Protecting Unstructured Data Gazorp Malware Builder Offers Free, Customized AZORult Attacks on the Dark Web Sednit APT Group Uses First UEFI Rootkit Detected in the Wild to Execute LoJax Malware New ATM Attack Uses Custom Skimmers to Steal Credit Card Data and PINs

SMB Security Best Practices: Why Smaller Businesses Face Bigger Risks The Inconvenient Truth About Your Eight-Character Password The Vinyasa of Security: Why Continuous Improvement Is Essential for Any Cybersecurity Strategy The Wild West of Data Risk Management in the Age of Cloud, Mobile and Digital Transformation Viro Botnet Uses Spamming and Keylogging Capabilities to Spread Ransomware Visibility and Control: A One-Two Punch for Securing iOS Devices in the Enterprise Why Healthcare Cyberattacks Should Concern Consumer Data Collectors

2.2 bn Facebook users must log out, re-login across devices: Experts

Facebook hack: Facebook faces $1.63 billion in EU fine over fresh data breach

Apple, Amazon deny Bloomberg report on Chinese hardware attack

Facebook India: Latest Facebook breach piles on India worries facebook: Post-breach, Facebook resets access tokens of 50mn users; asks them to reboot account

Astaroth Trojan Malware Returns to Infect South American Users

Artificial Intelligence is key cybersecurity weapon in the IoT era: Research Continental ties up with IIT Madras for Cyber Security in Powertrain applications Encryption is the traditional but core enabler to maintain data privacy: Ian Yip, CTO, McAfee APAC

Threatpost Artificial Intelligence: A Cybersecurity Tool for Good, and Sometimes Bad Dark Web Azorult Generator Offers Free Binaries to Cybercrooks Facebook Breach Sparks Concerns Around Third-Party Apps, Website Security Keyloggers Turn to Zoho Office Suite in Droves for Data Exfiltration Sony Smart TV Bug Allows Remote Access, Root Privileges ThreatList: 83% of Routers Contain Vulnerable Code Threatpost New Wrap Podcast For Oct. 5 Virus Bulletin 2018: Turla APT Changes Shape with New Code and Targets

Securitynow 7 Russian Spies Indicted in US for Hacking Anti-Doping Agencies Attackers Can Compromise Corporate Email Accounts for $150

facebook: What is the impact of the Facebook hack on you? IBM: Free flow of data should not be confused with data security: IBM's Harriet Green

Securerityboulevar 100K Routers Hijacked for Phishing in GhostDNS Campaign Canada advances cybersecurity strategy to fend off nation-state attacks Google Cracks Down on Malicious Chrome Extensions Is Formal Education Critical for a Career in Cybersecurity? Ponemon Study Finds AI Can Help Close Security Gaps Privacy: Whoâ&#x20AC;&#x2122;s Listening in the Workplace? Sophisticated IoT Botnet Torii Uses 6 Persistence Methods

TheHackersNews Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash Chinese Spying Chips Found Hidden On Servers Used By US Companies

China Hacks Hardware in Spying Attempt on Apple, Amazon & Others Report Facebook's Data Breach: Will It Be First Test of GDPR? Torii Is a New Evolution in Botnet Malware US Voting Machines Riddled With Vulnerabilities & Security Flaws US Warns About ATM Thefts Linked to North Korea's Hidden Cobra Group

ITSecurityguru Awareness – seriously? CyberInt Avengers Assemble! Deflecting DDoS – Key Tactics in the Battle Against IoT-Powered Attacks LSU Researchers Working to Prevent Cyber Attacks on Nation’s Infrastructure Monday saw the cybersecurity industry gather for massive Flash Mob event in London

Welivesecurity Cybercrime and cybersecurity surveys reveal important answers ECSM is the perfect opportunity to raise awareness of online dangers ECSM: Five simple steps to staying safe online now and in the long run Facebook reveals breach impacting at least 50 million users How to find forensic computer tools for each incident

Securitymagazine 3 Questions Startup Founders Should Ask About Data Privacy A Proposed Model for Permanent Change in Cybersecurity Clear, Purge & Destroy: When Data Must be Eliminated How to Work with Hackers to Make Your Company More Secure Overcoming Human Error to Secure the Smart Workplaces Transformation

Grahamcluley China accused of sabotaging thousands of servers at major US companies with tiny microchips hidden on motherboards Smashing Security podcast: 'A Facebook omnishambles'

Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers New iPhone Passcode Bypass Hack Exposes Photos and Contacts Silk Road Admin Pleads Guilty – Could Face Up to 20 Years in Prison Telegram Calling Feature Leaks Your IP Addresses—Patch Released

Healthcareinfosecuity Bupa Fined $228,000 After Stolen Data Surfaces on Dark Web Dutch and British Governments Slam Russia for Cyberattacks Feds Indict 7 Russians for Hacking and Disinformation North Korean Hackers Tied to $100 Million in SWIFT Fraud Responding to Ransomware Attacks: Critical Elements

Computerweekly Everyone, everywhere is responsible for IIoT cyber security Facebook could face up to $1.6bn fine for data breach Rise in data-stealing Betabot malware C-suite needs to drive outcomes-based security Use Cyber Essentials to kick-start outcomes-based security

Washingtonpost PowerPost 'No indication' China intends to interfere with election infrastructure, Homeland Security Secretary Nielsen says Facebook disclosed a major hack very quickly. But the alert was short on details. U.S. and allies make coordinated push to 'name and shame' Russian hackers

Forbes Choosing Cybersecurity Solutions: How Are Your Venture Capital Skills? On The Forefront Of Israeli Cybersecurity Innovation And Investment Strategy

Two reasons to reconsider your Facebook membership

The Cyber Kill Chain Explained

Krebsonsecurity

Govtech

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It? Solving Cybersecurity's People Problem Voice Phishing Scams Are Getting More Clever University of North Georgia and FBI to Conduct State Survey on Cybersecurity When Security Researchers Pose as Cybercrooks, Who Can Tell the Utility Was Targeted by Russian Hackers, Feds Say Difference?

Information-management

Siliconrepublic

Facebook data security flaw exposes a crisis of customer faith Facebook lessons: Rushed privacy features result in sloppy security Facebook's worst security breach hammers user trust once again

How do cyber-criminals use credential phishing attacks to steal vital business data? New Cybersecurity Skills Initiative will train 5,000 professionals

Dataprivacyblog

Eweek

SEC’s First Cybersecurity Enforcement Has Many Lessons Security Breach Compromises 50 Million Facebook Accounts

How Organizations Can Benefit From Friendly Hackers What a CIO Needs to Know About Cloud Security

Bankinfosecurity

Techtarget

Facebook Submits GDPR Breach Notification to Irish Watchdog Report: Chinese Spy Chip Backdoored US Defense, Tech Firms

How does FacexWorm malware use Facebook Messenger to spread? How does stegware malware exploit steganography techniques?

Tripwire

Cyberdefensemagazine

BEC-as-a-service offers hacked business accounts for as little as $150 Women in Information Security: Pam Armstrong

Operation Eligible Receiver – The Birthplace of Cybersecurity: Privileged User Management The ‘Gazorp’ Azorult Builder emerged from the Dark Web

Zdnet

Techrepublic

Breaking bank security: Record theft rises to new heights Edge computing: the cyber security risks you must consider

Cybersecurity investments: Why ROI calculations may not tell the whole story How 85% of mobile apps violate security standards

Careerinfosecurity Experts' View: Avoid Social Networks' Single Sign-On Facebook Can't Reset All Breach Victims' Access Tokens

Simple News 20181004-DSWeeklyIntSum.pdf Close access and spear phishing: How Russian officers used cyber attack methods Data security spending on the rise as malware gets more sophisticated

info.digitalshadows.com www.breakingnews.ie www.healthdatamanagement.com

DNC Phishing Scare Was a Training Exercise Gone Awry: Lessons Learned Facebook hack: What we know about the security breach Facebook, Apple confirm they were targets of Supermicro malware attack FDA Announces Playbook for Medical Device Cybersecurity FDA Reveals Steps to Bolster Medical Device Cybersecurity Four Cyber Security Essentials for Your Communications Hack the Marine Corps Nets 150 Computer Bugs and $150,000 in Rewards Hackers Are Selling Botnets and Stolen ‘Fortnite’ Accounts Over Instagram Hackers Infect 30,000 Routers in India With Cryptocurrency Mining Malware How Diving With Sharks Could Help Us Improve Cybersecurity Industrial cybersecurity services aim to address skills gap Israeli cybersecurity co Hysolate raises $18m KLAS’ Jared Jeffery on Cybersecurity Investments Knowledge Corner Spotlight - 31417 :: SEC: Strategic Security Advisory Services for CSOs Meet the new face of cybersecurity: deception technology Mitigating Cybersecurity Risks In The Era Of GDPR More than a dozen federal departments flunked a credit card security test National Cyber Security Awareness Month Payment Card Security Revisited Protect yourself: Spear phishing attacks on the rise Russian-linked group behind DNC hack now conducting covert intel operations, firm says Safeguarding the Crown Jewels: The Board’s Role Software testing and cyber-security: The forgotten defence Splunk .conf18: CISOs Share How Tech Innovation Alters the Cybersecurity Landscape Tesco Bank Hit With £16 Million Fine Over Debit Card Fraud The A-Z of security threats 2018 The Executive Women’s Forum on Information Security, Risk Management & Privacy Appoints Two Zealous Millennials to Their Board of Advisors The Facebook hack could be Europe’s first big online privacy battle The Nuances of Information Security and Privacy Transformation starts with agile leadership

www.infosecisland.com edition.cnn.com mashable.com www.dataprivacyandsecurityinsider.com www.inforisktoday.com www.uctoday.com www.nextgov.com motherboard.vice.com www.cryptoglobe.com www.theepochtimes.com www.controlengeurope.com en.globes.co.il healthsystemcio.com www.securityexecutivecouncil.com www.cso.com.au www.businesscomputingworld.co.uk www.cbc.ca www.csiac.org bigideasforsmallbusiness.com news.vanderbilt.edu thehill.com www2.deloitte.com www.itproportal.com biztechmagazine.com www.databreachtoday.com www.itpro.co.uk www.prweb.com www.theverge.com cybersecurity.cioreview.com www.mckinsey.com

VirtualArmour CEO Ross Armbrust Cybersecurity Industry What Makes A Superstar Security Leader? Why the CISO Matters Why your online data isn’t safe Zuckerberg’s Facebook page? I’ll livestream its deletion, says hacker

investingnews.com go.forrester.com blog.isc2.org news.harvard.edu hotforsecurity.bitdefender.com

Multimedia Resources Analysis: Facebook Breach's Impact www.bankinfosecurity.com The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the

Battling the Insider Threat: What Works? www.inforisktoday.com Education plays a critical role in any program designed to combat insider threats, says Christopher Greany, head of group investigations at Barclays. He'll discuss

Critical Elements of a Solid Cybersecurity Program www.careersinfosecurity.com Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC

Cybersecurity Challenges Facing Ambulatory Surgery Centers www.careersinfosecurity.com Ambulatory surgery centers face a variety of difficult cybersecurity challenges, says Tom Hui, CEO of software vendor HSTpathways. "Freestanding surgical centers often don't have a dedicated IT professional that is on staff and on call 24x7," he says in an interview with Information Security Media Group.

Mimecast, LogRhythm, & Tanium – Enterprise Security Weekly ... securityweekly.com Security Weekly is the security podcast network for for the security community, distributing free podcasts and media since 2005. We

connect the security industry and the security community through our security market validation programs.

ShadowTalk by Digital Shadows by Digital Shadows on Apple Podcasts itunes.apple.com Download past episodes or subscribe to future episodes of ShadowTalk by Digital Shadows by Digital Shadows for free.

Sophisticated Online Attacks: An In-Depth Analysis www.healthcareinfosecurity.com Hear from the FBI on the tenets of cyber defense and current trends in cybercrime. Then, learn from Shape Security about a specific type of cybercrime: imitation

UK blames Russia for cyber attacks across the world www.youtube.com Britain has accused Russia of conducting a series of "indiscriminate and reckless" cyber attacks across the world. The Foreign Secretary, Jeremy Hunt claims the attacks were carried out by the GRU - a Military Intelligence Unit also blamed for the Nerve Agent Attack in Salisbury.

Weekly Podcast: Russian cyber crimes, Facebook breach and ... www.itgovernance.co.uk Hello and welcome to the IT Governance podcast for Friday, 5 October. Here are this week’s stories. The NCSC (National Cyber Security Centre) has accused the Russian military intelligence service – the GRU – of a campaign of “cyber attacks targeting political institutions, businesses, media and sport”..

Influenciador Bea M. Candano Client Data Protection Manager en Accenture

Nuevo estudio de compatibilidad entre Blockchain y el GDPR A finales del mes de Septiembre, la Autoridad Francesa de Protección de Datos (CNIL) publicó un estudio acerca de la compatibilidad de la tecnología Blockchain con el Reglamento General de protección de datos de la UE (RGPD o GDPR). En este estudio, además, propuso soluciones concretas para las organizaciones que deseen utilizar esta tecnología dentro de sus actividades de procesamiento de datos. Estas son sus conclusiones principales. La CNIL distingue entre quienes tienen permiso para escribir en la cadena (participantes) y los que validan una transacción y crean bloques de información aplicando las reglas de Blockchain para que éstos sean aceptados (mineros). Articulo original tomado de Aqui Wilmack Sanchez, MBA-CISSP

¿Cuál es tu prioridad de protección? ¿Qué es lo más valioso que debes proteger? ¿Cuáles son los riesgos asociados en tu experta opinión? ¿Cuáles son los controles que estás implementando? Esas son las preguntas obligadas en cualquier gestión del riesgo. Pero... ¿esta rigurosidad es aplicada fuera de nuestro entorno laboral? Esta organización realizó un estudio sobre los hábitos riesgosos a nivel tecnológico en los niños enter 8 y 14 años. Aquí algunos apartes. Seguir leyendo

Noticias de interés

Una vulnerabilidad en Bitcoin pudo haber permitido el temido ataque del 51%...

Noticias de Seguridad y Ciberseguridad

cybersecuritynews.es Las versiones más antiguas de Bitcoin han parcheado una vulnerabilidad que podría haber permitido que se produjera el tan temido ataque del 51% en la criptomoneda más grande del mundo por tan solo 68.000€.

Facebook será investigada en Europa por su última brecha ... cso.computerworld.es El principal regulador de la red social en Europa, el Comisionado de Protección de Datos (DPC, por sus siglas inglesas) de Irlanda, ha iniciado una investigación sobre el último ataque que la compañía reveló la semana pasada y que ha afectado a 50 millones de usuarios.

INCIBE-CERT, nombre del Centro de Respuesta a Incidentes Seguridad Ciudadanos www.lavanguardia.com León, 1 oct (EFE).- El Centro de Respuesta a Incidentes de Seguridad e Industria (CERTSI) pasa a denominarse desde hoy INCIBECERT a raíz de su reconocimiento como CERT (Computer Security Response

China se infiltra en compañías como Apple o Amazon con un chip diminuto... hipertextual.com Una investigación publicada hoy revela que China ha estado modificando millones de placas base para infiltrarse en empresas de todo el mundo y robar información.

EEUU advierte que se seguirá reforzando para evitar ... www.larepublica.ec Una mujer se sienta de espaldas a un mapa del mundo donde se pueden ver ciberataques en tiempo real, en las oficinas centrales de Bitdefender en Bucarest, Rumania, el miércoles 28 de junio de 2017.

Nuestros bancos están siendo hackeados: El nuevo apetito por Latinoamérica de Mr. Kim Jong Un y otros cibercriminales www.americaeconomia.com La banca latinoamericana está en la mira de avezados grupos, algunos subvencionados por Estados, asociaciones ilícitas que no escatiman en recursos tecnológicos para analizar, atacar y robar. Mientras la ansiada transformación digital les abre brechas de seguridad a los hackers, la industria regional tendrá que adaptarse a un trabajo colaborativo constante con los Estados y su ciberdefensa

Otras noticias ¿Cómo segmenta Facebook la publicidad? Están robando tus datos ¿Qué hay que estudiar para garantizarse un empleo? Growth Hacking, matemáticas, robótica y marketing digital A España le va mejor en ciberseguridad que en en el fútbol Alerta ante nuevas variantes del ransomware más sorprendente Cómo eliminar Ransom Warrior, la última novedad en malware Cybertech Europe 2018: resiliencia y colaboración. Aquí están las armas para lidiar con el crimen cibernético El 53% de las pymes sufrieron ciber-ataques en 2017 El Centro de Respuesta a Incidentes de Seguridad para ciudadanos y empresas pasa a denominarse INCIBE-CERT El nuevo malware para IoT se multiplica por 3 en la primera mitad de 2018 Facebook se enfrenta a sanciones si demora la transparencia de datos Observan un aumento de la minería de criptomonedas en el segundo trimestre Rebotes, listas negras y spam-traps Roberto Baratta: “Sabemos qué color de pelo y qué zapatos debe tener un DPO, ¿y el CISO?” Telegram filtra los datos IP sin permiso Western Digital no dice nada sobre una vulnerabilidad en MyCloud sin solucionar ¿Cómo segmenta Facebook la publicidad? Están robando tus datos California prohibirá uso de contraseñas débiles CEO de Phantom Secure se declara culpable de vender teléfonos encriptados a criminales Cómo hacker con WebEx Conceptos básicos de respuesta a incidentes de Windows Hacker enfrenta encarcelamiento luego de atacar múltiples sitios del gobierno de EU Hackers explotan vulnerabilidad en Bitcoin Nueva herramienta para combatir las noticias falsas Operación de hacking norcoreana detrás del ataque a diversos bancos Cuando las fugas de datos conllevan despidos Incibe consigue el reconocimiento de CERT para su centro de respuesta a incidentes Los errores humanos se pagan caro en ciberseguridad Occidente se posiciona contra la escalada de ciberataques rusos

cybersecuritynews.es

noticiasseguridad.com

cso.computerworld.es

Telefónica ha aumentado su inversión en ciberseguridad un 60 % este año Noticias de otros portales ¿Sabemos lo que implica la seguridad de la información? Adobe lanza importantes parches de seguridad para Windows y Mac China se infiltra en importantes compañías mundiales mediante microchip Ciberseguridad y ciberprivacidad EEUU advierte que se seguirá reforzando para evitar ciberataques rusos – La República EC El 30% del crecimiento de la economía española desde 2015 corresponde a la digitalización El Big Hack o por qué los chips espía suponen todo un reto para la seguridad informática Estas son las 6 filtraciones de datos más sonadas de 2018 FMI llama a fortalecer ciberseguridad global Hacker chileno será el primer latinoamericano en unirse al directorio de la asociación de ciberseguridad (ISC)2 ~ eXPerienciaUE.NET INCIBE-CERT ha gestionado 89.000 incidentes de seguridad hasta agosto Los hackeos más sonados de 2018 se saldan con alrededor de 65 millones de víctimas en el mundo Occidente acusa a Rusia de una vasta ciberconspiración PyMEs mexicanas son blanco fácil para el cibercrimen Red Seguridad.Revista especializada en Seguridad TIC Regulando IoT Se dispara la demanda de cursos IT especializados en ciberseguridad, según Alhambra-Eidos Sector Financiero y de Telecomunicaciones, los que más ataques cibernéticos reciben en Colombia Venezolanos son blanco fácil de los ciberataques, según experto en seguridad informática

www.lavanguardia.com

www.eleconomista.es www.redeszone.net vader.news www.estrategia.cl www.larepublica.ec directivosygerentes.es www.genbeta.com globbsecurity.com www.eleconomista.com.mx experienciaue.blogspot.com bitlifemedia.com noticiasdedeportes595817580.wordpres s.com www.nexpanama.com tiempodigital.mx www.redseguridad.com www.networkworld.es www.interempresas.net www.dataifx.com www.entornointeligente.com

Reportes de la Semana Estos son algunos de los informes y reportes en materia de seguridad, y ciberseguridad publicados por reconocidas organizaciones.

Eventos Algunos de los eventos a ser realizados en Bogotá (Colombia), en los próximos días y meses

@CISOS_CLUB celebra alianza con @TacticalEdge en pro de la creación y crecimiento de la comunidad de profesionales de seguridad de la información. Tercer Congreso Internacional de Ciberseguridad. Las tecnologías de la información y las comunicaciones deben generar valor en las sociedades, contribuir al buen gobierno, mejorar los procesos y procedimientos de la administración pública, profundizar la democracia, crear mercados y mejorar la competitividad de las ciudades y países.

Susan Ballesteros nos presenta el resultado de su investigación sobre el ransomware como un servicio: los diferentes actores de amenazas y sus técnicas, tácticas, y procedimientos.

El tema pretende exponer las metodologías y retos que las Organizaciones tienen para poder detectar amenazas antes de que se produzca un incidente de seguridad.

Bolsa de Empleo Analista Tecnico Seguridad de la informacion Fontibon Importante empresa de Logistica - NGA.470 en Bogotá D.C. - Bogotá DC co.mercadojobs.com Descripción - Importante empresa de logística requiere Analista tecnico seguridad de la Información,

Coordinador De Seguridad De La Información - Bogotá co.mercadojobs.com Requisitos: Empresa de Tecnología y servicios requiere para su equipo coordinador de Seguridad de la Información, Ingeniero de sistemas con especialización

Especialista De Seguridad De La Información - Bogotá co.mercadojobs.com Importante empresa del sector financiero requiere personal profesional en ingeniería en áreas de sistemas, electrónica

Ingeniero De Seguridad De La Información - Bogotá co.mercadojobs.com Multinacional del sector turístico requiere profesional en ingeniería de sistemas, telecomunicaciones, electrónico con especialización en seguridad

Oficial seguridad de la información - Bogotá co.mercadojobs.com Importante empresa líder en desarrollo de software para el sector financiero requiere oficial de seguridad de la información quien será el responsable

News Recolectors & Other Newspaper #cybersecurity - Jueves, Oct. 04, 2018 - El diario del CISO

Lunes, Oct. 01, 2018 - El diario del CISO

#cybersecurity - Sábado, Oct. 06, 2018 - El diario del CISO

Martes, Oct. 02, 2018 - El diario del CISO

#cybersecurity - Viernes, Oct. 05, 2018 - El diario del CISO

Martes, Oct. 02, 2018 - The Ciberseguridad CISO Daily

#infosec - Jueves, Oct. 04, 2018 - El diario del CISO

Miércoles, Oct. 03, 2018 - El diario del CISO

#infosec - Sábado, Oct. 06, 2018 - El diario del CISO

Miércoles, Oct. 03, 2018 - The Ciberseguridad CISO Daily

#security - Viernes, Oct. 05, 2018 - El diario del CISO

Sábado, Oct. 06, 2018 - The Ciberseguridad CISO Daily

Boletín Semanal de Ciberseguridad Industrial

The Ciberseguridad CISO Daily

IT Security News Weekly Summary – Week 40 | | IT Security News

Viernes, Oct. 05, 2018 - The Ciberseguridad CISO Daily

Jueves, Oct. 04, 2018 - The Ciberseguridad CISO Daily CWE_091018_ezine_p27.pdf

Page 1 - Cyber Defense eMagazine - October 2018

Fall 2018 | United States Cybersecurity Magazine

Page 1 - Cyber Defense Magazine - Global Print Edition 2018

PECB-Insights_Issue-15-August-2018.pdf