Log your IT activities in a SOC to comply with GDPR and in a local private cloud to comply with NIS.
In hybrid cloud environments you can actually setup higher security than needed. A balanced level of security is a matter of overview, expertise and costs.
For the past months everyone has been focusing on the GDPR deadline the 25th of May . In the meantime the passing of another important new privacy and security legislation, with big implications for European businesses using cloud services from US tech giants, went almost totally unnoticed.
Big Data and cloud computing are the drivers of digital transformation. Large, sometimes sensitive data volumes are being processed more quickly and comprehensively than ever before. Multicloud and hybrid cloud computing enable access to pretty much unlimited resources, as well as create unimaginable possibilities – and even new high demands on IT security, too, particularly when it comes to clouds.
How can you protect yourself from hackers and more specifically, DDOS attacks?
Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally
Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker.
A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability.
So far, Censys.io has reported more than 170,000 active MikroTik devices infected with the CoinHive site-key used in this campaign (the site-key is the same across infections, indicating a single entity behind the attacks). The campaign is mainly targeting Brazil – but infections are growing internationally, according to Trustwave’s Secure Web Gateway (SWG) team, indicating much larger ambitions.
“This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote a posting today. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.”
Top 5 Security Links
Remember when several massive ransomware attacks went global and hit many big businesses? Fredrik Svantes, Senior Information Security Manager at Basefarm, discussed with us the latest developments that keep the cybersecurity community busy.
A new method has been found to make cracking WPA/WPA2 easier
The makers of Hashcat found a simpler way to gather the Pairwise Master Key Identifier (PMKID) from WPA/WPA2-secured wifi network. Before this method was discovered an attacker would have to wait for a user to authenticate, and then steal the 4-way handshake of the user. This new method is a “client-less attack”, meaning it can gather all the information needed without anyone using the network. This can significantly speed up the process of obtaining the PMKID.
The good news is that the passwords still needs to be cracked by brute force or dictionary attack, so if you are using a secure password this is still a non-trivial process. It also only works on Pre-Shared Key (PSK), meaning using other authentication methods should be safe.
Top 5 Security links
- Flaw in BIND Security Feature Allows DoS Attacks
- Bypassing and exploiting Bucket Upload Policies and Signed URLs
- Windows 10 Enterprise Getting “InPrivate Desktop” Sandboxed Execution Feature
- Expect API Breaches to Accelerate
- Let’s Encrypt Is Now Officially Trusted by All Major Root Programs
10. august marks the formal publication of an overhaul of the Transport Layer Security (TLS) protocol. TLS is an Internet standard used to prevent eavesdropping, tampering, and message forgery for various Internet applications. It is probably the most widely deployed network security standard in the world. Often indicated by the small green padlock in a web browser’s address bar1, TLS is used in financial transactions, by medical institutions, and to ensure secure connections in a wide variety of other applications.
TLS 1.3 represents a significant security win for the Internet and its users. We look forward to using it and tracking its adoption on the Internet.
Top 5 Security links
- Foreshadow Attacks — 3 New Intel CPU Side-Channel Flaws Discovered
- Google Tracks Android, iPhone Users Even With ‘Location History’ Turned Off
- The Norwegian National Security Authority (NSM) establishes the National Cyber Security Center
- Google Chrome Bug Opens Access to Private Facebook Information
- Patch Tuesday: Microsoft Addresses Two Zero-Days in 60-Flaw Roundup
“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.
Top 5 Security links
- New Apache Struts Vulnerability Leaves Major Websites Exposed
- Vulnerability in OpenSSH “for two decades” (no, the sky isn’t falling!)
- Intel rips up microcode security fix license that banned benchmarking
- $1.1M is Lost to Cybercrime Every Minute of Every Day
- Evolution of Android Security Updates