Here’s an overview of some of last week’s most interesting news and articles:
66% of US law firms reported a breach in 2016
The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments.
Operators of decade-old Malware-as-a-Service outfit charged
The duo allegedly developed various hacking software – malware toolkits, remote access Trojans, keyloggers, malware obfuscation kits – and offered it for sale through a hidden service accessible via the Tor network.
Windows 10 will use protected folders to thwart crypto ransomware
Windows 10 Fall Creators Update (the next major update of Microsoft’s popular OS) is scheduled to be released in September, and will come with major new end-to-end security features.
Satellite phone communications can be decrypted in near real-time
Satellite phone communications encrypted with the GMR-2 cipher can be decrypted in mere fractions of a second, two Chinese researchers have proved.
TLS security: Past, present and future
From a security perspective, TLS 1.3 is a major breakthrough and tries to get rid of all cryptographic techniques and primitives that is known to be weak and exploitable.
Review: Advanced Persistent Security
The authors say defenders need to be proactive, not by mounting random defenses before even being aware of a specific attack, but by constantly preparing to react to an expected occurrence
Five crucial ways to help keep a system safe from harm
It’s become a sad truth that these days attempted data breaches have become practically inevitable.
How to create an effective application security budget
Here are some helpful tips on how to create an effective application security budget, one that can easily scale to meet both the application security and business goals of an organization now, and in the future.
Why Kodi boxes can pose a serious malware threat
Kodi and similar streaming devices have serious security issues.
South Korean bitcoin exchange hacked, user accounts plundered
Bithumb, a South Korean bitcoin and ether exchange, has suffered a data breach that resulted in customer losses potentially reaching billions of South Korean won (currently, a billion won is equivalent to some 870,000 US dollars).
GDPR: 12 steps businesses can use to prepare right now
In this podcast, Darron Gibbard, Chief Technical Security Officer, EMEA, Qualys, talks about preparing for the GDPR and provides a good basis to start your program and understand what departments you need to be working with, and how you should be engaging with your respective businesses.
Rising information security threats, and what to do about them
The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to every CISO.
Security’s blind spot: The long-term state of exception
The people who were responsible for the security of those who were breached had assumed that things were happening a certain way – that is, only approved applications were in use, all critical systems were patched properly, appropriate alerts were being monitored, and internally written software had been hardened. However, these things were not always true, all the time. There were exceptions living outside of the security policy and distorting the acceptable risk tolerance.