Week in review: Vaporworms, DevOps roadmap for security, ethical data management

Here’s an overview of some of last week’s most interesting news and articles:

Cybersecurity and ethical data management: Getting it right
Laura Norén, director of research at Obsidian Security and a sociologist with an interest in the social impact of technology and the ethics of data science, explains that there are four typical ethical considerations that come up in data-saturated projects.

Reported breaches in the first 9 months of 2018 exposed 3.6 billion records
The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically.

What’s keeping Europe’s top infosec pros awake at night?
As the world adapts to GDPR and puts more attention on personal privacy and security, Europe’s top information security professionals still have doubts about the industry’s ability to protect critical infrastructure, corporate networks, and personal information.

November 2018 Patch Tuesday: Microsoft fixes 63 flaws, one actively exploited zero-day
As part of the November 2018 Patch Tuesday, Microsoft has released 62 security patches and several advisories.

BEC scammers stole €19m from film company Pathé
The Dutch branch of the French film production and distribution company Pathé has lost over 19 million euros to BEC scammers.

Cyber attacks ranked as top risk in Europe, North America, East Asia and the Pacific
There are significant differences in risk perceptions across the eight regions covered in the World Economic Forum’s Regional Risks for Doing Business report.

Online shopping fraud to surge during Black Friday and Cyber Monday
New benchmark data from ACI Worldwide revealed a projected 14 percent increase in fraud attempts during the upcoming 2018 peak holiday season.

Online shoppers continue to engage in risky behavior
Findings from a new McAfee survey reveal the risky habits of online shoppers, including using unsecured Wi-Fi for online shopping and purchasing items from online retailers they are not fully confident are genuine (51 percent).

Implications of the NIS Directive for the industrial sector
The law lists 14 cybersecurity principles that form the objectives of NIS, but each member country must develop its own regulations to achieve them. Here are some of NIS’ best practices and guidelines complying with the legislation.

Vaporworms: New breed of self-propagating fileless malware to emerge in 2019
WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems.

HITB Armory: Independent security researchers to showcase their tools
Organized in collaboration with Maximiliano Soler from ToolsWatch and Matteo Beccaro from Opposing Force, the HITB Armory is a brand new area of HITB2018DXB where independent researchers will get to show off their projects, run their demos and allow you to play around with their security tools.

eBook: The DevOps Roadmap for Security
Download this eBook to learn how to extend the benefits of DevOps to security and how to embrace and implement modern DevSecOps principles, practices, and tooling.

1 in 5 merchants compromised by Magecart get reinfected
In the last quarter, 1 out of 5 breached stores were infected (and cleaned) multiple times, some even up to 18 times. This shows that counter measures taken by merchants and their contracted security firms often fail.

What mid-market security budgets will look like in 2019
There are many tricks to building a good relationship with your organization’s financial decision-maker to help get your security budget requests approved.

IoT related security missteps cost enterprises millions
Among companies surveyed that are struggling the most with IoT security, 25 percent reported IoT security-related losses of at least $34 million in the last two years.

Ransomware is the leading cyber threat experienced by SMBs
Ransomware continues to be the leading cyber attack experienced by SMBs over viruses and spyware, according to Datto. Their report surveyed 2,400 MSPs that support the IT needs of nearly half a million SMBs around the globe.

Despite rise in security awareness, employees’ poor security habits are getting worse
Despite an increased focus on cybersecurity awareness in the workplace, employees’ poor cybersecurity habits are getting worse, compounded by the speed and complexity of the digital transformation.

FlawedAmmy: Dangerous RAT enteres most wanted malware list
The latest Check Point Global Threat Index reveals that while cryptomining malware continues to dominate the rankings, a remote access Trojan has reached the top ten’s list for the first time.

Consumers would stop engaging with a brand online following a breach
A survey reveals many consumers are making drastic changes to the ways they interact with companies and secure their own personal data following a breach.

New infosec products of the week: November 16, 2018
A rundown of infosec products released last week.