Source |
AlienVault Blog |
Identifiant |
618076 |
Date de publication |
2018-04-27 13:00:00 (vue: 2018-04-27 16:01:49) |
Titre |
Things I Hearted this Week, 27th April 2018 |
Texte |
Master Keys
F-Secure researchers have found that global hotel chains and hotels worldwide are using an electronic lock system that could be exploited by an attacker to gain access to any room in the facility. The design flaws discovered in the lock system’s software, which is known as Vision by VingCard and used to secure millions of hotel rooms worldwide, have prompted the world’s largest lock manufacturer, Assa Abloy, to issue software updates with security fixes to mitigate the issue.
Researchers Find Way to Create Master Keys to Hotels | F-Secure
A ONE-MINUTE ATTACK LET HACKERS SPOOF HOTEL MASTER KEYS | Wired
SEC Fines Yahoo $35 Million
The company formerly known as Yahoo is paying a $35 million fine to resolve federal regulators’ charges that the online pioneer deceived investors by failing to disclose one of the biggest data breaches in internet history.
The Securities and Exchange Commission announced the action Tuesday against the company, which is now called Altaba after its email and other digital services were sold to Verizon Communications for $4.48 billion last year. Yahoo, which is no longer publicly traded, neither admitted nor denied the allegations but did agree to refrain from further violations of securities laws.
SEC Fines Yahoo $35 Million for Data Breach That Affected 500 Million Users | Bleeping Computer
Company Formerly Known As Yahoo Pays $35M Fine Over 2014 Hack | CBS SF
SOCs require automation to avoid analyst fatigue for emerging threats
SecOps needs an immediate shift across industries. Some SecOps teams develop playbooks for an additional layer of training, but when security events occur, it is uncommon to follow every step a playbook describes. The data becomes overwhelming and the resulting alert fatigue leads to analysts overlooking threats entirely, leading to an increase in emerging threats.
SOCs require automation to avoid analyst fatigue for emerging threats | HelpNetSecurity
On the topic incident response, I enjoyed this piece by Steve Ragan,
Two incident response phases most organizations get wrong | CSO Online
Also related:
How to Build a Cybersecurity Incident Response Plan | Dark Reading
The Seven Circles of Security
An insightful post from a CISO highlighting where most of their time is spent. Number six will shock you! Well, it probably won’t, but a little clickbait never hurt did it?
The Seven Circles of Security: Where This CISO Spends Her Time | |
Envoyé |
Oui |
Condensat |
2018 27th > april border:0;margin:0;padding:0; com/i/googleplus20 feedblitz hearted png style= things week |
Tags |
Guideline
|
Stories |
Yahoo
|
Notes |
|
Move |
|