Welcome to the Community Weekly Highlights!
This is a weekly series to highlight the best articles and stories happening all over the web.
What was your favorite story? What topics would you like to see? Sound off in the comments!
Before you make your cybersecurity resolutions for 2018, curl up with some egg nog, sit by a fire, nestle yourself in the comforting sounds of loved ones' voices in the next room, and spend some time reflecting on all the cybersecurity resolutions you failed to fulfill in 2017, 2016, and 2015.
Some of the points that stand-out:
Failure, not surprisingly, gets a bad rap. Yet, learning from failure is often the quickest path to growth. Take young children learning to walk for example: children will fail many times before getting it right, but at what point do we tell kids to stop? We don’t. We teach them instead to learn and adjust rather than chastise them for falling. In other words, until we know something doesn’t work, we can’t make corrections. This is true in life, business and phishing defense.
Learning from mistakes is vital to a strong anti-phishing program. A program must strategically allow for failure before a threat actor attacks. By exposing users to a learning environment where it is safe to fail, companies empower users to strengthen its security infrastructure.
Google patched five Critical bugs and 33 High severity flaws as part of the Android Security Bulletin for January 2018.
The most severe vulnerability in Android runtime, tracked as CVE-2017-13176, could be exploited by a remote attacker to bypass user interaction requirements in order to gain access to additional permissions. A Critical remote code execution flaw was fixed in System. The company also addressed one High-risk denial of service vulnerability and two High severity elevation of privilege vulnerabilities.
First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017.
According to the company's investigation, which is still ongoing, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names.
When news broke of the security flaw affecting Intel chips, the tech world was more than a little surprised. And things just got more surprising as more details of Meltdown and Spectre emerged.
Perhaps most surprising is the fact that Google -- via Project Zero -- was aware of the problem in June of 2017. The company even went as far as informing Intel, AMD and ARM about the issue. But for Google customers, the good news is that the early detection of the security flaw means that Google Cloud, G Suite and Chrome users are fairly safe.
What story from the last week the most important for you? We love hearing your feedback!
So, does Webroot protect us from Meltdown and Spectre?
I asked this question as well in another post and never had a response. Other providers are blocking and detecting the CVE's. It's a simple yes and no I would think. Echoing the question, does Webroot SecureAnywhere protect us from Meltdown and Spectre?
But you need software to access the hardware flaw. Webroot should be able to detect that access and block it in my opinion. Other providers are able to block that access and provide detection as well. Symantec is one of them. I’m not by any means bashing you or Webroot here either. I love your product but this is an issue I feel that could make or break some deals/customer relations. Just because we can patch it doesn’t mean it still can’t be exploited somehow. A process must start like malware injection to exploit the hardware flaw. That should be detectable now that it is in the wild. So let’s make a signature to block it?
I know this is an Intel / AMD thing, but you can’t say buy all new hardware now. How about patch it and provide “IPS” to help mitigate the risk the best possible way.