A selection of this week’s more interesting vulnerability disclosures and cyber security news. I certainly have some ‘wow’ items for you this week. The first just does not bear thinking about as to the potential impact this breach could have – it really is an horrorfic ‘wow’: We know that BEC fraud schemes hope to take pot luck at a busy employee’s lapse of proceedure, but when they really have you in their eyes, the grip can be just ‘wow’.

In the previous posts of this series, we discussed how you can secure your infrastructure at scale by applying security policies as code to continuously monitor your environment with the Config Validator policy library and Forseti. In this article, we’ll discuss how you can reuse the exact same policies and Terraform Validator to preventively check your infrastructure deployments, and block bad resources from being deployed in Google Cloud Platform (GCP).

According to the recent research on cyber security, a significant amount of security breaches happens due to human error. In this article, we took a closer look at cyber security protocols that can help you eliminate the human error and keep your organization safe. The recent research on cyber security illustrates that a great number of security breaches take place because of human error.

Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare.

What is Dridex malware? Dridex is a strain of banking malware that leverages macros in Microsoft Office to infect systems. Once a computer has been infected, Dridex attackers can steal banking credentials and other personal information on the system to gain access to the financial records of a user.

CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems infected by the REvil (Sodinokibi) ransomware.

The shopping season is upon us, and like it or not there are lots of individuals who would love to replace your happiness with their sadness. Thus, at this festive time of the year, it is imperative to give some thought and prep time to you and your family’s shopping habits and the security that surrounds those habits. If you’re like most people, you will NOT be using cash for all your holiday purchases.

A couple of weeks ago, I attended the P9 Founder Summit in Malta organized by Point Nine Capital. One of the workshops was about remote work. Soon after, I led a webinar for the #p9family and I thought I would share our experience at Bearer thus far.

The Sarbanes-Oxley Act of 2002 (SOX) is a law that implements regulations on publicly traded companies and accounting firms. SOX was created to improve the accuracy and reliability of corporate disclosures in financial statements and to protect investors from fraudulent accounting practices.

Summary The Great Cannon is a distributed denial of service tool (“DDoS”) that operates by injecting malicious Javascript into pages served from behind the Great Firewall. These scripts, potentially served to millions of users across the internet, hijack the users’ connections to make multiple requests against the targeted site. These requests consume all the resources of the targeted site, making it unavailable.