#CyberSecurityPulse: Changing stereotypes in the security sector

ElevenPaths    12 June, 2018

Ripples of outrage spread across the cybersecurity industry last week after women in red evening gowns were seen promoting a product at the Infosecurity Europe 2018 conference. The event’s organisers condemned the move, saying vendor contracts ban the use of so-called ‘booth babes’. Thankfully, this behaviour is in the minority. In fact, it is perceived that there is beginning to be greater gender diversity, that more women are participating in conferences and that multiple programmes and initiatives are being implemented, including a renewed focus on recruitment.

The value of a diverse workforce is becoming a reality. Change is taking place at the enterprise level, as companies accept that gender diversity can enhance their overall capabilities. Unfortunately, the industry as a whole is nowhere near gender parity or equality, but some efforts are being made to attract women in the field of cybersecurity and one such initiative is in schools to attract female talent in time.

Many issues remain unresolved, but it is gaining relevance. While the numbers are still stagnant, the industry is realising that at the root of the problem is the need for culture to change. It’s going to take years, so approaching this issue with an entrepreneurial and collaborative mindset and using the data to make decisions will be essential.

More information available at SC Magazine

Highlighted News

Lawmakers renew push to preempt state encryption laws

anti-doping imagen

A bipartisan group of lawmakers is renewing a push for legislation to block states from mandating that technology companies build backdoors into devices they produce in order to allow law enforcement access to them. The measure is designed to preempt state and local governments from moving forward with their own laws governing encryption before the federal government acts on the issue. Specifically, the legislation would prohibit state and local governments from mandating that tech companies “design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency or instrumentality of a State, a political subdivision of a State or the United States,” according to a copy of the bill.

More information available at Congress.gov

South Korean Cryptocurrency Exchange Coinrail hacked

EI-ISAC imagen

South Korea-based cryptocurrency exchange Coinrail announced on Sunday a cyber-incident during which an intruder made off with a large amount of ICO tokens stored on the company’s servers. The exchange announced the hack via a message on its website where it admitted a hacker stole tokens issued during the initial coin offerings (ICOs) of Pundi X (NPXS), NPER (NPER), and Aston (ATX), which were being traded at the time on its servers. As soon as it detected the intrusion, Coinrail put its portal in maintenance mode. The exchange said it secured and moved most of its cryptocurrency assets in cold storage (offline) wallets. While hacked exchanges often went under in the early days of Bitcoin, nowadays, with pressure from authorities, most offer compensation plans for affected users. Coinrail did not publish any information about compensation plans.

More information available at Coinrail

News from the rest of the week

Google Patches 11 Critical Android Bugs in June Update

Google patched 57 vulnerabilities affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote code execution bugs (CVE-2018-9341, CVE-2018-5146 and CVE-2017-13230) in the Android media framework “that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.”

More information available at Android

Banking trojans replaced ransomware as top email-based payload in Q1

The concept of infecting targeted users with banking trojans has been so successful in the recent past that in the first quarter of 2018, banking trojans overtook ransomware as the top malicious payload distributed through email. In all, banking trojans accounted for 59 percent of all malicious email payloads in the first quarter of 2018 which also saw email-based malware attacks rise significantly. A new report from Proofpoint has shown that the number of firms receiving more than 50 email-based malware attacks grew by 20 percent compared to in the last quarter of 2017.

More information available at Proof Point

InvisiMole Spyware is a powerful malware that went undetected for at least five years

Malware researchers from ESET have spotted a new sophisticated piece of spyware, tracked as InvisiMole, used in targeted attacks in Russia and Ukraine in the last five years. According to the researchers, the authors of the InvisiMole spyware have removed any clue that could attribute the malware to a specific actor, the unique exception is represented by the compilation data of a single file (dating to October 13, 2013). Compilation dates for all the remaining files have been removed by the authors.

More information available at Github

Other news

Ticketfly Confirms 27M Accounts Exposed

More information available at CNet

Dozens of Vulnerabilities Discovered in DoD’s Enterprise Travel System

More information available at Darkreading

Apple will let users run iOS apps on macOS

More information available at The Hacker News

Leave a Reply

Your email address will not be published.