Week in review: Emergency alert systems easily hacked, the cost of GDPR compliance

Here’s an overview of some of last week’s most interesting news and articles:

One in 10 C-level execs say GDPR will cost them over $1 million
Companies are taking the new General Data Protection Regulation (GDPR) much more seriously than HIPAA and PCI: 99 percent are actively involved in the process to become GDPR-compliant, despite the cost and internal reorganization involved, a new survey that polled 300 C-level security executives has shown.

Researchers use power lines to exfiltrate data from air-gapped computers
Researchers from the Ben-Gurion University of the Negev have come up with another way to exfiltrate data from air-gapped computers: this time, its via malware that can control the power consumption of the system.

What’s your security story? How to use security as a sales tool
Positioning security as a value-add to the business rather than a necessary evil is a challenge for many organizations.

AMD users running Windows 10 get their Spectre fix
As you might remember, AMD processors were found not to be vulnerable to Meltdown attacks, but they were affected by Spectre (both variants). Variant 1 necessitates application-level fixes and variant 2 (CVE-2017-5715) requires changes at the OS level.

Key obstacles in enterprise security budgeting
IANS released its latest findings on budget-related best practices for information security leaders to consistently command the budget and resources they need.

2.6 billion records were stolen, lost or exposed worldwide in 2017
While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records.

Thousands of WP, Joomla and SquareSpace sites serving malicious updates
Thousands of compromised WordPress, Joomla and SquareSpace-based sites are actively pushing malware disguised as Firefox, Chrome and Flash Player updates to visitors.

Information security can enable business as soon as we change the conversation
Information security is an enabler for business. This has been a mantra for some time, and although it is repeated at major conferences, the reality is that the lack of good security practices is more a disabler.


Broad and inconsistent interpretations of behind the times laws, new anti-infosec legislation, lawsuits and criminal prosecutions are having a chilling effect on security research.

FIDO2: Authenticate easily with phishing-resistant security
The FIDO Alliance and the World Wide Web Consortium (W3C) have achieved a standards milestone in the global effort to bring simpler yet stronger web authentication to users around the world.

Hackers leverage flaw in Cisco switches to hit Russian, Iranian networks
The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia and Iran.

Court rules to ban access to Telegram in Russia
It didn’t take long for judge Yuliya Smolina of the Tagansky District Court of Moscow to rule that the Telegram secure messaging service should be blocked on the whole territory of Russia.

How many can detect a major cybersecurity incident within an hour?
Less than half of all organizations were able to detect a major cybersecurity incident within one hour. Even more concerning, less than one-third said that even if they detected a major incident, they would be unable to contain it within an hour, according to LogRhythm.

Emergency alert systems used across the US can be easily hijacked
A vulnerability affecting emergency alert systems supplied by ATI Systems, one of the leading suppliers of warning sirens in the USA, could be exploited remotely via radio frequencies to activate all the sirens and trigger false alarms.

The eternal struggle: Security versus users
Security people seem to cherish their reputation for being pessimistic and untrusting. Some take it further and cast their disdain upon the users, who obviously need to be protected from themselves.

Major uptick in mobile phishing URL click rate
Phishing attacks are particularly effective on mobile devices because hidden email headers and URLs make it easy to spoof email addresses and websites while new vectors, including SMS and messaging apps, enable attackers to make their campaigns personal.

How the human factor puts your company at risk
Positive Technologies has released a new report with statistics on the success rates of social engineering attacks, based on the 10 largest and most illustrative pentesting projects performed for clients in 2016 and 2017.

Steps executives are taking to increase security while launching new ways to pay
More than 80 percent of organizations that have been impacted by a data breach have introduced a new security framework and 79 percent have reduced employee access to customer data, according to new benchmark data, “2018 Global Payments Insight Survey: Bill Pay Services,” from ACI Worldwide and Ovum.

More about

Don't miss