One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1076840 |
| Date de publication | 2019-03-22 13:00:00 (vue: 2019-03-22 15:00:34) |
| Titre | Things I hearted this week, 22 March 2019 |
| Texte |
RSA has come and gone, and things are settling down into a normal routine. I did write a post-RSA blog which covered the highlights and trends I observed.
Because of RSA and the subsequent week of getting through the backlog of emails and work, the news list has piled up with over 141 separate news items lined up in my list. But don’t worry, I’ll only share the ones I truly hearted.
Device and account security checklist
Bob Lord has put together a great resource to help people and companies better secure themselves and their organisations. Even if you’re a security expert, it’s worth checking out and sharing the checklist with friends and family.
Device and Account Security Checklist 2.0 | Medium, Bob Lord
The Citrix data breach
On March 6, 2019, the FBI contacted Citrix with the news that international cyber criminals had likely gained access to the internal Citrix network. The firm says in a statement that it has taken action to contain this incident. “We commenced a forensic investigation; engaged a leading cyber security firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI,” says Stan Black, Citrix CISO.
Citrix breach once again highlights password weaknesses | ComputerWeekly
Why The Citrix Breach Matters -- And What To Do Next | Forbes
Related
Ad Network Sizmek Probes Account Breach | Krebs on Security
New phishing campaigns target real estate agents
Actors have been launching phishing campaigns that abuse several brands of well-known real estate franchises with the intent of capturing targeted real estate agents' email credentials. While this type of targeting in the real estate sector is not new, this post highlights the in-depth tactics, techniques, and procedures (TTPs) used. The TTPs and imagery used in the PDF are used to lure people in. Credential harvesting websites can be used for situational awareness to defend against these attacks.
Closing on credential theft. New phishing campaigns target real estate agents. | Medium
Pros-for-hire no better at writing secure code than compsci beginners
Freelance developers hired to implement password-based security systems do so about as effectively as computer science students, which is to say not very well at all.
Boffins at the University of Bonn in Germany set out to expand on research in 2017 and 2018 that found computer science students asked to implement a user registration system didn't do so securely unless asked, and even then didn't always get it right.
|
| Envoyé | Oui |
| Condensat | “we | 000 141 2017 2018 2019 837 about abuse acceptable access account action actions actors again against agents agents' alerted all along also always any app are asked assist; atlanta attack attacks average awareness back backed backlog based because been beginners being believe better black blog bob boffins boingboing bonn booters brands breach but cammi campaigns can capturing checking checklist ciso citrix clear closing code come commenced communicate companies companies; company company's compared compsci computer computerweekly contacted contain continue cooperate counsel covered crackdown credential credentials crimes criminals customers' cyber data ddos decrease decreased deed defend demanded denial denied depth developers device devs: did didn't discovered distributed doing don’t down due easy effective effectively email emails ends engaged estate estate agents even except expand expert family fans fbi fbi’s fewer firm forbes forensic found franchises freelance friends gained general germany get getting global gone good great had harvesting has have hearted help helpnetsecurity highlights hire hired his how i’ll idol ignored imagery impact implement incident indicating intent internal international investigation; it’s items jessica job junk keep known krebs largest last launching lawyer lawyers leading letter likely lined list logins lord lure making march matters maximum medium medium mention met method misguided more nearly need network network; new news next normal not number nypd observed once ones only organisations other out over overall password passwords pattern pdf people percent period pewdiepie pham phishing piled plaintext post potentially powell power probes problem procedures productive products proper pros provider provides put quit ransomware real reason recognition reduced reducing register registration related releasing research researcher resource responds right routine rsa same say says science sector secure securely security sedc sedc's seem separate service set settling several share sharing shutdown situational size sizes sizmek software solve some spec stan statement steps stop stored stories students subsequent supporting system systems tactics taken target targeted targeting techniques than theft them themselves then these things through together took total trends truly ttps type university unless used user users using utility vendors verge very wanted warns weaknesses websites week well what when which whose why work worldwide worry worth write writing year you’re your zdnet |
| Tags | Ransomware Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.