Here are the must-read Cybersecurity, Infosec, and Identity Management articles from January 1 – 13, 2016. You can sign up for our biweekly newsletter here.
Researchers Out Default Passwords Packaged With ICS/SCADA Wares
Information was gathered on more than 100 products using default passwords such as “admin.admin,” “password,” “root,” and “administrator,” found in the open passwords lists and vendor documentation. They say it’s only the “tip of the iceberg” of ICS/SCADA products that come packaged with default authentication. Meanwhile, CyberX found a buffer overflow flaw in several models of Schneider Electric Modicon M340 PLC that can be exploited when a random password of between 90 and 100 characters is typed into the PLC’s web interface. Read Now >>
Preventing data breaches is a business problem not an IT issue
Preventing data breaches and achieving 100 percent compliance has to start with the board and the CEO. Too many clients don’t know that “Information Security Governance is a fundamental responsibility of senior management to protect the interests of the organization’s stakeholders. This includes understanding risks to the business to ensure that they are adequately addressed from a governance perspective. The tone at the top must be conducive to effective security governance. It is unreasonable to expect lower-level personnel to abide by security policies if senior management does not.” IT Governance Institute 2003 Read Now >>
Education Department cyber breach could dwarf OPM hack
More than $1 trillion in student loans and data on more than 100 million Americans are stored in education’s data centers, which are frighteningly insecure and vulnerable to cyber attacks. Education IG employees playing the role of hackers made their way into Education’s main enterprise IT system and gained unfettered access to the network without anyone noticing. Read Now >>
Security Alert as Internet Explorer Support Deadline Lands Next Week
Microsoft is ending support for anything older than IE9 next week. Security experts are urging IT managers to make sure they migrate to newer versions of Internet Explorer or risk exposing themselves to a new wave of attacks. Tripwire’s director of security and risk, Tim Erlin, warns that staying on unsupported versions “will have a serious impact on your organization’s attack surface” over time. Read Now >>
Rovnix Zeroes in on Japanese Banks with Minimal Detection Rate
Detected by only 7% of AV vendors, the sophisticated Rovnix banking malware has landed in Japan. Rovnix arrives in the form of an unsolicited email from an .ru domain containing a malicious .zip attachment disguised as a waybill from a transportation company. Worse still, Rovnix is highly persistent thanks to a bootkit feature. Read Now >>
The Best of CES 2016
According to PC Mag, many of these products will be key in shaping the tech landscape for the next 12 months. And some of them might not even make it to market. Read Now >>
Signup for our biweekly newsletter here.
Photo credit: Leticia Barr