DHS warns of "Dragonfly" attack campaign on industrial control systems

Security Digest Information security news and advice from TechTarget's network |October 25, 2017 FEATURED STORY DHS's Dragonfly ICS campaign alert isn't enough, experts say by Michael Heller, Senior Reporter The Department of Homeland Security released an alert confirming the Dragonfly ICS cyberattack campaign, but experts said more action is needed to protect critical infrastructure. (SearchSecurity.com) Advertisement NEWS   Advanced Protection Program locks down Google accounts Google's Advanced Protection Program greatly increases the security of user accounts, but the usability trade-offs may not be worth it for average users. (SearchSecurity.com)   Google Play bug bounty hunts RCE vulnerabilities A Google Play bug bounty program, run by Google and HackerOne, asks testers to hunt for remote code execution vulnerabilities in some of the top Android apps. (SearchSecurity.com)   Latest Kaspersky controversy brings new questions, few answers The Kaspersky controversy continued this week as the antivirus company responded to several explosive news stories about its relationship with the Russian government. (SearchSecurity.com)   ROCA RSA flaw unveils secret keys on wide range of devices Researchers disclosed the ROCA RSA vulnerability as a dangerous flaw in the cryptographic code of Infineon chips that could undermine encryption key security for a number of devices. (SearchSecurity.com)   Microsoft mum on 2013 database breach of bug tracking system News roundup: Former employees reveal a 2013 database breach exposed Microsoft's bug tracking system, DHS sets new rules for federal agencies on web, email security, and more. (SearchSecurity.com)   Risk & Repeat: DEFCON tackles voting machine security In this week's Risk & Repeat podcast, SearchSecurity editors discuss DEFCON's efforts to improve voting machine security in the wake of hacking threats during the 2016 election. (SearchSecurity.com) EXPERT ADVICE   How automated web vulnerability scanners can introduce risks While automation is a key ingredient for security, it can't always be trusted. This especially holds true when running web vulnerability scanners, as Kevin Beaver explains. (SearchSecurity.com)   How app libraries share user data, even without permission A new study shows how app libraries can share data among apps, even without permission. Michael Cobb explains how library collusion works and what users can do about it. (SearchSecurity.com)   Why cloud reconnaissance is crucial to a secure cloud environment Storing data in the cloud isn't a sure-fire ransomware defense method. Expert Rob Shapland examines how the cloud helps and hurts when it comes to ransomware attacks. (SearchCloudSecurity.com)   HP keylogger: How did it get there and how can it be removed? A keylogging flaw found its way into dozens of Hewlett Packard laptops. Nick Lewis explains how the HP keylogger works and what can be done about it. (SearchSecurity.com) About This E-Newsletter This e-newsletter is published by the TechTarget network. To unsubscribe from Security Digest, click here. Please note, this will not affect any other subscriptions you have signed up for. TechTarget Security Media Group, 275 Grove Street, Newton, MA 02466. Contact: webmaster@techtarget.com Copyright 2017 TechTarget. All rights reserved.