One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 359024 |
| Date de publication | 2017-04-07 13:00:00 (vue: 2017-04-07 13:00:00) |
| Titre | Alien Eye in the Sky 7th April 2017 |
| Texte |
It's been an exciting week for sure in InfoSec. Here are some of the top stories I found:
1. New features in Open Threat Exchange (OTX)
The worlds largest open threat sharing platform has introduced some new tricks. There are many improvements, but perhaps one of the most interesting is the new adversary pages. Each adversary gets its own page and pulls together information from various sources.
Operation Cloud Hopper
Operation Cloud Hopper Pulse
2. Robbing banks
Cyberciminals apparently took control of a Brazilian Bank for five hours. During this time they intercepted all of its online banking, mobile, point of sale, ATM, and investment transactions. The attack made use of valid SSL digital certificates and Google Cloud.
Fileless banking malware attackers break in, cash out, disappear
More evidence N. Korea linked to Bangladesh heist
3. Password managers don’t have to be perfect
Troy Hunt weighs in on the LastPass issue and why despite these issues, the benefits of a password manager outweight the disadvantages.
Overall, this is an excellent point which many security professionals often lose sight of. Often, much time and many resources are spent in an attempt to get the perfect security solution, when in actual fact, “good enough” often is adequate.
How changing your Netflix password can save your marriage
4.Infrastructure diversity – Hunting in Shared Infrastructure
A really good read that also serves as a reminder to red teams not to fall into a rigid routine
Russian hackers have used the same backdoor for two decades
5. Explaining the broadband privacy bill
The average person remains somewhat confused around what the privacy bill is and what does it mean. Like what can your ISP track or not?
So JD wrote a letter to his family explaining it.
6. Don’t mess with your IoT provider
It’s not just cyber-criminals that are looking to hold your IoT devices to ransom. A customer purchased an IoT garage opener and wasn’t overly happy with it, so left a negative review. The result – the manufacturer blocked the device from accessi |
| Envoyé | Oui |
| Condensat | “good “worst ‘army 000 2017 7th about accessing accounts actual addressing adequate administration administrator adversary after against aironet alien all also apparently application april are around arrests atm attack attackers attacks attempt authored average backdoor bangladesh bank banking banks become been being benefits bill blocked boot botnet brazilian break brian broadband but call called can carrying cash certificates changing charges cisco claiming cloud code coded college comeback compromised conferences confused control copy counter cowboy created criminals customer cyber cyberciminals ddos decades defining despite developer developers device devices digital disadvantages disappear ditch diversity does don’t doubt during each elevator employer end enough” ever evidence excellent exchange exciting expanded explaining extra eye fact fall family fbi features fileless fired five flooded former found: from garage get gets goes good google greatly growing guilty hacked hacker hackers hacking happens happy hard has have having heist here him his hits hold hopper hopper pulse hour hours how huddleston huge hunt hunting i’ve ill improvements increase indictment information infosec infrastructure insider insights intent intercepted interesting internet introduced investment iot isp issue issues it's it’s its jml joiners just korea krebs lack largest last lastpass launches layer leavers left less letter liability like linked looking lose machines made malicious malware manager managers manufacturer many marriage mean mess mirai mobile month more most movers much nanocore negative netflix network new noise’ not observed oft often one online open opener operation orcus otx out outweight overall overly own page pages password passwords peaked perfect perhaps person pitch place platform pled point popular powered press privacy process professionals proves provider pulls purchased purposes questions raises ransom rat read really red regarding related remains reminder remote resources result review rigid robbing rogue routine rps russian sale same samsung save security seen” serious servers serves services shared sharing sight sky solution some somewhat song sources spent ssl stories story sure sysadmin taylor teams these threat time tizen together took tool tools top touted track transactions tricks troy twist two unexpected university use used valid variant various vending very wasn’t week weighs what what’s when which who why working world worlds wrote year your |
| Tags | |
| Stories | LastPass |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.