By Uzair Amir
Trump administration has announced that it will be starting to
This is a post from HackRead.com Read the original post: US may screen social media of Immigrant & Non-Immigrant Visa Applicants
April 01, 2018 at 12:13...
Saturday, March 31, 2018
MailChimp Bans ICO & Blockchain Marketing- Fundraisers Devastated
By Waqas
Well-known email distribution platform MailChimp announced a change in its
This is a post from HackRead.com Read the original post: MailChimp Bans ICO & Blockchain Marketing- Fundraisers Devastated
March 31, 2018 at 07:49...
Friday, March 30, 2018
Hackers take over power billing records of Indian state; demand ransom
By Uzair Amir
The AMR system (automatic meter reading system) of Uttar Haryana
This is a post from HackRead.com Read the original post: Hackers take over power billing records of Indian state; demand ransom
March 30, 2018 at 10:23...
Flawed Meltdown patch by Microsoft makes Windows more vulnerable
By Waqas
Microsoft’s January patch was released amidst claims of addressing the
This is a post from HackRead.com Read the original post: Flawed Meltdown patch by Microsoft makes Windows more vulnerable
March 30, 2018 at 09:06...
Things I Hearted this Week – 30th March 2018
Another week and social media giants Facebook and Google are under scrutiny by all and sundry as to the information they gather and the privacy implications. I know that something is big when my Dad asked me about the whole debacle over dinner this week – and he doesn’t even use, or fully understand Facebook.
Many years ago, my Dad used to run his own magazine, and so understands...
Trustico’s SSL Certificate Breach: A Reminder to Lockdown SSL Private Keys
Trustico’s SSL (Secure Sockets Layer) certificate and private key breach is certainly unique in the way it played out, but unfortunately, the type of breach is not. The problems surrounding SSL and TLS (Trusted Layer Security) private key security for SSL/TLS certificates have already been experienced in the larger PKI space where the security of a single private key can impact...
(ISC)² Item Writing Explained
To ensure the CISSP exam remains up-to-date and relevant to the industry, we are constantly working on the exam items (aka “questions”), and that process is 100% member-driven!
(ISC)² spoke with Lisa Vaughan, CISSP, about her experience in a recent Item Writing Workshop. Lisa is the Chief Information Officer for the Mississippi Department of Environmental Quality and...
What Does CISSP CAT Mean for You?
By now, you’ve heard that the CISSP exam format has changed from linear to Computer Adaptive Testing (CAT). This change to the English language exam started in December of 2017. If have questions about what this change means for you, as you’re preparing for your CISSP, we’ve got answers in our latest video:
Looking for even more information? Check out our CISSP CAT FAQs.
The...
CloudPassage is officially Splunk Cloud Certified!
Great news for anyone who likes a good integration: CloudPassage Halo is Splunk Cloud Certified! What does that mean? It means that CloudPassage Halo events can go directly into the Splunk Cloud App without having to go through a syslog server. We’re thrilled to be welcomed into the Splunk Cloud Certified family, especially considering how rigorous the approval process is.
Special thanks goes to our engineering team, who was able to complete this project in just two weeks, on top of some other major rollouts we have coming (more on this next month).
In...
(ISC)² ITEM WRITING EXPLAINED
This post was originally published here by (ISC)² Management.
To ensure the CISSP exam remains up-to-date and relevant to the industry, we are constantly working on the exam items (aka “questions”), and that process is 100% member-driven!
(ISC)² spoke with Lisa Vaughan, CISSP, about her experience in a recent Item Writing Workshop. Lisa is the Chief Information Officer for the Mississippi Department of Environmental Quality and it was her first-time volunteering as an item writer. She was a participant in a CISSP Item Writing Workshop...
Securing Jenkins – Fast
This post was originally published here by casey pechan.
Jenkins is one of the most popular open source Continuous Integration (CI) tools available. It’s extremely flexible, easy to use, and it performs a critical function in many agile development situations. Using Jenkins for CI allows developers and DevOps personnel to automate the repetitive work of testing application...
Under Armour says hackers stole 150 million MyFitnessPal user accounts
By Carolina
Another day, another data breach – This time, hackers have
This is a post from HackRead.com Read the original post: Under Armour says hackers stole 150 million MyFitnessPal user accounts
March 30, 2018 at 05:34...
Thursday, March 29, 2018
Animal abuse website hacked; thousands of users exposed
By Waqas
An animal abuse website or otherwise called a “bestiality” platform
This is a post from HackRead.com Read the original post: Animal abuse website hacked; thousands of users exposed
March 30, 2018 at 03:04...
Boeing production plant hit by malware, apparently WannaCry ransomware
By Waqas
The world’s largest aerospace company Boeing has been hit by a
This is a post from HackRead.com Read the original post: Boeing production plant hit by malware, apparently WannaCry ransomware
March 30, 2018 at 12:48...
Fauxpersky Keylogger Malware Stealing Passwords from Windows PCs
By Waqas
Cybercriminals are quite innovative, to be honest; they are always
This is a post from HackRead.com Read the original post: Fauxpersky Keylogger Malware Stealing Passwords from Windows PCs
March 29, 2018 at 10:23...
YARA Rules for Finding and Analyzing in InfoSec
Introduction
If you work in security anywhere, you do a lot searching, analyzing, and alerting. It’s the underpinning for almost any keyword you can use to describe the actions we take when working. The minute any equation I’m working on comes down to “finding” or “analyzing”, I know what to reach for and put to use. It’s YARA. The variables of the equation...
HCISPP Spotlight: Debi Carr
Name: Debi Carr
Title: CEO and Consultant
Employer: D. K. Carr and Associates, LLC
Location: Christmas, FL, U.S.A.
Years in IT: 28 years
Years in cybersecurity and/or privacy: 20 years
Cybersecurity certifications: HCISPP, CAHIMS
How did you decide upon a career in healthcare security and/or privacy?
As a practice manager of a healthcare practice, I was appointed the “Privacy...
White paper: Best practice considerations for Kubernetes network management
At first glance, Kubernetes can seem like an overwhelmingly versatile open-source system; especially if your organization has only just begun adopting containerization. Our latest white paper: Best practice considerations for Kubernetes network management, will help your team simplify and streamline your approach to Kubernetes network management.
This paper will help you oversee:
Networking in Kubernetes
IP address management
Overlay networks
Segmentation and policy enforcement
Focus on Flannel
So if you’re involved in the architecture or implementation...
Popular VPNs Leaking Your Real IP Address Through WebRTC Leak
By Waqas
Paolo Stagno, an Italian security researcher using the online moniker
This is a post from HackRead.com Read the original post: Popular VPNs Leaking Your Real IP Address Through WebRTC Leak
March 29, 2018 at 07:44...
The latest Cyberthreat Defense Report reveals lowered optimism, attacks, and the importance of DevOps
This post was originally published here by casey pechan.
We’re a proud sponsor of the Cyberthreat Defense Report, a report that we think should be read by every CISO, CIO, and their teams. What makes this report so special is that it’s vendor agnostic, and it examines exactly how organizations perceive cyberthreats, and how they leverage third party products to overcome them.
This year’s survey compiled responses from 1,200 security decision makers and professionals, all from organizations with more than 500 employees.
The top five key findings...
Wednesday, March 28, 2018
HiddenMiner Android Monero Mining Malware Cause Device Failure
By Waqas
Another day, another Android malware – This time, the malware
This is a post from HackRead.com Read the original post: HiddenMiner Android Monero Mining Malware Cause Device Failure
March 29, 2018 at 04:27...
A 3-month old flaw in iPhone camera app takes users to phishing sites
By Waqas
Last week it was reported that there were a bunch
This is a post from HackRead.com Read the original post: A 3-month old flaw in iPhone camera app takes users to phishing sites
March 28, 2018 at 11:47...
Baltimore’ 911 CAD system hacked; remained suspended for 17 hours
By Waqas
The 911 dispatch system of Baltimore became the target of
This is a post from HackRead.com Read the original post: Baltimore’ 911 CAD system hacked; remained suspended for 17 hours
March 28, 2018 at 11:00...
Dude, Where’s My [Unstructured] Data?
Okay, so as a 90’s born kid who grew up in the 2000s, the whimsical spectacular “Dude, Where’s My Car” was a huge intro to my love for comedy. If you haven’t seen the flick – TL;DW is this: Jesse (Ashton Kutcher) and buddy Chester (Seann William Scott) have a wild night and can’t remember anything that happened. They walk outside and realize Jesse’s car is missing, and all...
Gemalto Partners Drive Accelerated Growth and Digital Transformation in APAC
Rana Gupta, Vice President of APAC Sales, Enterprise & Cybersecurity at Gemalto
Last week at Gemalto Accelerate in Da Nang, Vietnam we brought together our APAC Enterprise & Cybersecurity team and more than 70 Gemalto partners from across the APAC region for another great sales and partner kickoff. During the three-day event, we celebrated our 2017 achievements and...
The Digital Identity ecosystem is evolving and operators cannot afford to miss out
There used to be a time when something you ordered would be delivered in a month—and that was completely normal. Now, customers have become used to same and next-day delivery. Everything else has accelerated too. You can find out the answer to any question in an instant thanks to Google and when you call or write to a business you expect an instant response.
This always-on culture is a real challenge for businesses. Customers now flit between online websites, social media and bricks-and-mortar stores. For mobile network operators catering to this...
Our latest integration – Check Point connects with CloudPassage
Co-authored by Ash Wilson and John Janetos.
We’ve got some great news for our current (and future) customers. We’ve partnered with Check Point to provide you with the best of both worlds for infrastructure security: the best network and workload security in a single integrated solution. So you can now surround any number of your dynamic or traditional environments with one secure perimeter. Whether you’re growing your DevSecOps practice, expanding your cloud footprint, or already in the cloud, capitalizing on our integrated solution automates the...
Northern Irish Parliament Hit by Brute Force Attack
By Carolina
The email service at the Northern Ireland Parliament, Stormont has
This is a post from HackRead.com Read the original post: Northern Irish Parliament Hit by Brute Force Attack
March 28, 2018 at 07:22...
Tuesday, March 27, 2018
Hackers spread password stealer malware from YouTube comment section
By Waqas
Another day, another malware aiming at Windows devices – This
This is a post from HackRead.com Read the original post: Hackers spread password stealer malware from YouTube comment section
March 27, 2018 at 11:32...
Tales from the SOC: The Simulated Attack
Introduction
In today’s world, understanding threats and how to avoid them are critical to a business’s success. Last year, we saw an evolution in malware and attacks. Ransomwares like WannaCry made their debut; featuring worm-like attributes that allowed ransomware to self-propagate through a network, exploiting vulnerable machines and continuing the damage. We started to...
