BF-SIRT Newsletter 2017-46

This weeks top stories is that research by Google and the University of California found that phishing attacks are more efficient than data breaches at getting criminals into victim’s account and that the average person still has can’t pick a good password, and security researchers described a proof-of-concept exploit dubbed AVgater that affects multiple antivirus products and can lead to a full system takeover.

Github has announced a new feature to their dependency graph that will warn developers about vulnerable dependencies in their projects.

You can also read about Malwarebytes researchers warning IT workers seeking love online to beware “CatPhishing” scams, and in an interview Premera Blue Cross CISO and vice president sizes up healthcare security threats for 2018.

Top 5 Security links
Google study finds phishing attacks more efficient than data breaches
AVGater abuses antivirus software for local system takeover
Github Will Warn Developers About Vulnerable Dependencies in Their Projects
Beware Catphishing attacks targeting the hearts of security pros
A CISO Sizes Up Healthcare Security Threats for 2018