Last updated at Tue, 03 Oct 2017 17:34:37 GMT
First, if you aren't listening to the Risky Business podcast, fix that. Patrick Gray is my go-to source for infosec news.
In the News:
The insight we get into breaches is sparse, so be armed with these stories.
- JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever | Bloomberg
- Arrests in JP Morgan, eTrade, Scottrade Hacks | That Krebs Guy
- SecureDrop Leak Tool Produces a Massive Trove of Prison Docs | WIRED
Every once in a while, we get an opportunity to use consumer goods for security and technology discussions- these articles should go in your quiver.
- This smart TV takes tracking to a new level | Washington Post
- Man-in-the-middle attack on Vizio TVs coughs up owners' viewing habits | Ars Technica
- Vizio Smart TVs spy on you by default - here's how to stop them | Graham Cluley
Technically Relevant:
- Police Body Cameras Shipped with Pre-Installed Conficker Virus | Softpedia
- "Trusted Computing Base" is a concept that occasionally needs an example- this is a good one if you're tired of using the Lenovo stuff.
- HTTPS certificates with forbidden domains issued by “quite a few” CAs | Ars Technica
- Visibility into SSL Certs is an important thing, we will see more of this.
- Question for your management- do you have backup certificates, and run-books for that deployment process?
- 88 Percent of Networks Susceptible to Privileged Account Hacks | Threatpost
- Making your systems hard targets is one thing. Knowing who and what is being done on those boxes is a different thing entirely.
- KeeFarce – Extract KeePass Passwords (2.x) From Database
- November 2015 Patch Tuesday Brings 12 Updates, Four Critical | Threatpost
- November 2015 Adobe Flash Player Security Patches | Threatpost
- Apache Commons Collections Unserialize Java Vulnerability | Threatpost
Of Interest to Management:
- Unicorns Dropping Like Flies | ZeroHedge
- Bubble? No bubble? What is happening in tech startups? This one is a conversation starter.
- What is a unicorn? | Divestopedia
- Security Budget Tips [PART 2], from CISOs, for CISOs
- I've been collecting guidance and points of performance from CISOs- if you are interested in contributing, drop me a line!
- For executive presentations, be aware of the colors you choose- a reminder from the NFL.
- Making data accessible is a thing- here is a fun reminder that people can't see what you see.
- FCC fines Cox for falling for Lizard Squad scam, exposing customer data | Ars Technica
- Strong proof point for identifying and responding to Social Engineering attacks.
- Man charged for bogus tweets that sent stocks plummeting | NakedSecurity
- via @Rsnake https://twitter.com/RSnake/status/664208007077621760
- This reminds me of a recent Black List episode 3-01 The Troll Farmer
- Can you explain SQL Injection?
- We made this really easy for you, and it's totally accessible to executives.
- You could also try to explain it this way... but I'd recommend against it:
Slightly Less Random
The CIA's manual for how to be a terrible employee
(if this sounds like some place you've worked or consulted ... I'd rather you not leave that in the comments.)
As always, hope this is helpful!