InfoSec Reading Weekly Roundup – 6 March 2017

The weekly InfoSec reading roundup is a collection of the most interesting news and articles that I read in the past week. Note that if you are reading this at work, some of the links below might be blocked by the corporate web proxy or gateway. Please don’t try to bypass them. Read them on your phone or at home!

CISO Perspective on RSA 2017 – Top 10 Takeaways (AlienVault)
“All access to services must be authenticated, authorized and encrypted.”
“Within 60 seconds of connecting it to the Internet, the device was compromised.”
“In order to save the Internet, I’ll have to kill it.”
“90% of intrusions begin with a phishing email …every company has at least one person who will click on anything.”

Maturing Your Security Ecosystem (McAfee)
“Compliance alone has never been a guarantee of security or privacy; it is a necessary but not sufficient level of defense.”
“Stopping 100% of threats 100% of the time is currently 100% unrealistic.”

The Anatomy of a Malvertising Sequence (RiskIQ)
MUST READ. A simple example of how you can get infected without clicking on any links. “…from the publisher to a legitimate rotator network, to a pornographic session hijack, to a malicious rotator network, to a malicious exploit kit payload, all without requiring a single click from the user.”

Anomali Weekly Threat Intelligence Briefing – February 28, 2017 (Anomali)
Covert Channels and Poor Decisions: The Tale of DNSMessenger (Talos)
Detection: What you don’t know will hurt you (Avast)
Dot Ransomware: Yet another Commission-based Ransomware-as-a-Service (Fortinet)
Free decryption tools now available for Dharma ransomware (CSO)
GhostAdmin: The Invisible Data Thief – Notes from the Underground (AlienVault)
Global cybercrime prosecution a patchwork of alliances (CSO)
How to get your infrastructure in shape to shake off scriptable attacks (CSO)
How to respond to a cyber attack (CSO)
Infosec mourns over Howard Schmidt, who helped make the country a safer place (CSO)
IoT weaknesses put webcams at risk for attack [infographic] (Avast)
Study User Behavior to Focus Intrusion Detection (BankInfoSecurity)
Why a Computer Beating Poker Pros is Great News for Cybersecurity (Anomali)

Prithvi Mandava

Prithvi Mandava

Prithvi is an experienced cyber security professional with global experience across 3 continents. He has proven skills and experience on Cisco, Check Point, Fortinet, Juniper and other vendors' products and technologies. He also has a passion for nature and landscape photography and can be seen lugging his camera gear in and around some pretty locations.

A few of the industry credentials he currently holds include CISSP, CISM, CISA, CCNP R&S, CCNA Security, CCNA.

Prithvi Mandava Photography
Original Indian Music