And here we are, the last week of 2017! Congratulations for making it through and thank you for sticking with us. I really enjoy pulling together these weekly recaps, and I hope you enjoy them and find them informative.
This week has been a quiet week as people seem to be in constant limbo as to whether they should be working or vacationing. But I searched tirelessly for you – because that’s just the kind of person I am.
Enjoy, and hope to see you again in 2018.
Vendor Analyst Briefings
Our very own Kate Brew started off a discussion on Twitter a few days ago on how many vendors don’t know how to brief analysts.
Anton Chuvakin of Gartner chimed in with a detailed listing of do’s and don’t’s, followed closely by Adrian Sanabria sharing his experiences. Not wanting to be left out, I also added my 2cents. Thus completing the trilogy.
- Important: How to Impress / Annoy an Analyst During a Vendor Briefing? Best / Worst Tips Here! | Anton Chuvakin, Gartner
- What is your product and what does it do? | Adrian Sanabria, Savage Security
- Analyst Vendor Briefings | Javvad Malik, J4vv4D
Dressed for success
Ed Amoroso offers some personal advice (especially for Millennials) on proper dress selection for men and women in the modern technology-based work environment that focuses on showing respect for others.
- Dress for Tech Success | Edward Amoroso, LinkedIn
Credential Stuffing
With quite literally billions of leaked credentials available online, it is highly likely that some of these will be credentials for your customers — or worse — from your employees or organisation. These details can then be used by nefarious people to then systematically attempt to log into your service/business, in an attempt to takeover these accounts. This article will provide you with an overview of why and how these attacks take place, as well as provide you with some fingerprints and identifiers to help you monitor your environment for these types of attacks.
- Credential Stuffing: How breached credentials are put to bad use. | Breachinsider.com
Cryptocurrency mining malware
Digimine spreads via Facebook messenger using a Google Chrome browser extension.
This isn’t the first, and certainly won’t be the last example of cryptomining malware – something we may see increase in 2018. I should have added it to my list of predictions!
Rating Citizens
The Chinese government plans to launch its Social Credit System in 2020. The aim? To judge the trustworthiness – or otherwise – of its 1.3 billion residents
Predictors of success
Not really infosec news, but I hearted it nonetheless. Two rounds of deep analysis of employee performance data at Google show that the top predictors of success are being a good communicator in a team where you feel emotionally safe
- The surprising thing Google learned about its employees — and what it means for today’s students | Washington Post
How to Generate FiveThirtyEight Graphs in Python
If you read data science articles, you may have already stumbled upon FiveThirtyEight's content. Naturally, you were impressed by their awesome visualizations. Here you can find out how.
- How to Generate FiveThirtyEight Graphs in Python | Dataquest.io
Cryptocurrency boss kidnapped
This story quickly dispels any doubt that digital information any less valuable than cold, hard, cash.
Also, it’s worth remembering that threat models vary greatly depending on where you are and what you do. Kidnapping is unfortunately a real threat in many countries.