Security is Not a One-Person Job

Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company.

“Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work together.” No statement could better summarize what building a culture of security looks like. Learn more about how Walls and Prime Therapeutics implemented DLP to protect highly sensitive data for millions of people.

Read more..


Top 5 Security links


BF-SIRT Newsletter 2018-18


Twitter said Thursday that a glitch caused account passwords to be stored in plain text on an internal log, sending users across the platform scrambling  to change their passwords.

The social media company said that it found and has fixed the glitch, and its investigation shows no indication of a breach or misuse by anyone. While the company did not specify how many passwords were impacted, a Reuters report pegged the number at more than 330 million.

“I’d emphasize that this is not a leak and our investigation has shown no signs of misuse,” a Twitter spokesperson told Threatpost. “We’re sharing this information so everyone can make an informed decision on the security of their account.

Top 5 Security links
Meow, click me , Meow
Facebook’s getting a clear history button
Medical devices vulnerable to KRACK Wi-Fi attacks
Security Trade-Offs in the new EU privacy law
Glitch: new ‘Rowhammer’ attack can remotely hijack Android phones

Apple Security Update 2013-003

Apple have released security update 2013-003 for OS X.
This update fixes three issues with QuickTime where playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution.

More information:

Basefarm SIRT Newsletter 21

News links for this week goes through a bit of a mix, containing articles such as a three part interview with a Blackhat hacker which is interesting to read through. Another interesting article, which although is a very old subject, is TheRegister talking about how having WiFi turned on your phone could be a bad idea. To get an idea how easy it is to set this up you can browse over to HakShop who have been selling a box since 2008 which is taking advantage of this.

Top 5 Business Intelligence links
Aha, I see you switched on your mobile Wi-Fi. YOU FOOL!
NC Fuel Distributor Hit by $800,000 Cyberheist
The Global Cyber Game
Operation Aurora hack was counterespionage, not China picking on Tibetan activists
Rise In Sophisticated, Targeted Cyber Attacks Heightens Demand for Intrusion Prevention Systems Globally

Top 5 Miscellaneous Security links
Interview With A Blackhat
NYPD detective charged with hiring email hackers to break into colleagues’ personal accounts
Google Strengening Keys on SSL Certificates to 2048 Bits
Anonymous threat shutters Gitmo WiFi
Chinese hackers who breached Google in 2010 gained access to thousands of surveillance orders