AttackWise cyber security week in review 25 March 2019

//AttackWise cyber security week in review 25 March 2019

In the news

  • Norsk Hydro, one of the world’s largest aluminium producers, battled on Tuesday to contain a cyber attack which halted parts of its production. Subsequent analysis has speculated the attack included compromise of Active Directory.
  • Facebook mistakenly stored millions of users’ passwords in plaintext
  • A disgruntled former employee has been sentenced to 2 years jail for deleting 23 servers of data.

Research, reports, opinions

  • Forrester Research has released a report that presents an analysis of the maturity and business value of the 18 technology categories that support threat detection and response. You can get the report via Rapid 7 (download registration required).
  • Just in case you needed convincing, an article on why phone numbers stink as identity proof.
  • The US Cybersecurity and Infrastructure Security Agency (CISA) has released a recordingof their recent briefing on China attacking Managed Service Providers (MSPs) as a way to attack their customers. I’m surprised how plain spoken the briefing is.

Vendor news

  • Microsoft has announced Windows Defender ATP Antivirus for Mac

Security advisories

  • Durpal has released a “moderately critical” advisory for their web content management system.
  • Mozilla has released critical advisories relating to Firefox.

UK industry events