Cyber Security November 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.


  1. Tomi Engdahl says:

    Security Automation Can be a Game Changer for Any SOC or CSIRT, Including Yours

    As I’ve written about in previous articles, security automation technology is creating impressive gains for security and incident response teams, by helping them improve operational effectiveness, increase speed and agility, and reduce risk. More and more security analysts and SOC managers are beginning to understand the potential of automation as they experience it firsthand or hear about it from their peers.

  2. Tomi Engdahl says:

    What is Phishing?

    Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing?

  3. Tomi Engdahl says:

    The state of cyberwarfare: 2 things you need to know

    If you want to understand why you should be worried about the proliferation of cyberweapons and the lack of arms control treaties governing them, then read on.

    Cybersecurity headlines in recent years have been dominated by companies losing money by being hacked and leaking the data of millions of customers.

    But today, cybersecurity is moving beyond the financial impact to concerns over public safety, national security, and even cyberwarfare.

    To understand the state of cyberwar and its potential impact, we should all keep in mind two things:
    1. The proliferation of cyberweapons is already happening
    2. Arms control of cyberweapons hasn’t caught up

  4. Tomi Engdahl says:

    Getting to know the Threat Hunting process

    these are the steps of the investigation:

    1- Hypothesis Generation The first step when it comes to formulating an investigation is to create hypotheses. The aim of these hypotheses is to find evidence of threats before they are exploited, or even ones that are already being exploited.

    2 – Validation of the hypotheses. Once a hypothesis has been defined, its validity needs to be verified. We then need to look for the existence of threats that fit this hypothesis. In this stage it is usual for some hypotheses to be discarded, while research into others is prioritized due to their likelihood or criticality.

    3 – Finding evidence. From the results obtained in the previous search, we need to verify if a threat really exists. False positives and mistakes in configuration are set aside, and efforts are focused on the validated hypotheses.

    4 – Discovery of new patterns. The attack is reconstructed to find any new patterns and tactics used to carry it out.

    5 – Notification and enrichment. Using the knowledge generated during the Threat Hunting process, the automatic detection systems are enriched and improved. This way, the organization’s global security is improved thanks to the discoveries made during the investigation.

  5. Tomi Engdahl says:

    5 Tips for Uncovering Hidden Cyberthreats with DNS Analytics

    How DNS Analytics Can Boost Your Defense

    The Domain Name System (DNS) is one of the foundational components of the internet that malicious actors commonly exploit and use to deploy and control their attack framework. The internet relies on this system to translate domain names into numbers, known as Internet Protocol (IP) addresses. Giving each IP a unique identifier allows computers and devices to send and receive information across networks. However, DNS also opens the door for opportunistic cyberattackers to infiltrate networks and access sensitive information.

  6. Tomi Engdahl says:

    Knowing Value of Data Assets is Crucial to Cybersecurity Risk Management

    Knowing the True Value of Data Assets Will Improve Cyber Security and Promote Meaningful Cyber Insurance

    Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when the true value is known can the correct level of security be applied.

    Sponsored by DocAuthority and based on Gartner’s Infonomics Data Valuation Model, Ponemon Institute queried 2,827 professionals across the U.S. and UK to gauge how different business functions value different information assets. The business functions included in the research comprise IT security, product & manufacturing, legal, marketing & sales, IT, finance & accounting, and HR.


Leave a Comment

Your email address will not be published. Required fields are marked *