WannaCry and NotPetya aftermath means payouts and panic. Here are the top security headlines for the week of August 7, 2017: Big money, no whammies! It seems like the hackers behind WannaCry have cashed out their bitcoin into Monero, a harder to track cryptocurrency. Mo money means mo malware. The success – can we call it that? – of WannaCry and NotPetya means ransomware is not going away any time soon, because… well, people and businesses pay the ransom. What’s that definition of insanity? Oh yeah, doing the same thing and expecting a different result… Tripwire research indicates that two-thirds of security pros don’t think their organization has made the necessary improvements since this summer’s ransomware attacks.   Your route

Building an effective SIEM requires ingesting log messages and parsing them into useful information. While it might be easy to stream, push and pull logs from every system, device and application in your environment, that doesn’t necessarily improve your security detection capabilities. What you do with your logs – correlation, alerting and automated response – are the strength of a SIEM. Real-time security starts with understanding, parsing and developing actionable information and events from your log messages. With the launch of a new site, (ISC)² was presented an opportunity to refine our security monitoring services. Linked below is an example of how we improved visibility on attacks against our web properties via web application firewall logs. We hope this brief

Name: Rob Turner Title: Senior Cyber Network Defense AnalystEmployer: DXC Technology (formerly Hewlett-Packard Enterprise)Title: Computer Technology Program CoordinatorEmployer: Ball State UniversityLocation: Indiana, U.S.A.Education: BS in Computer Technology, Graduate Certificate in Information System Security Management, MS in Information and Communication SciencesYears in IT: 10Years in Cybersecurity: 7Cybersecurity certifications: CISSP-ISSAP, CISSP, CCNA-Security, CEH, CHFI, ECSA   How did you decide upon a career in cybersecurity? Cybersecurity had always been an aspect of my career as a systems analyst/administrator. The more proactive I became at securing systems and networks, the more research and interest I developed in the field of IT security – until the point where it became a primary responsibility. Why did you get your CISSP®? The CISSP was sought in

ATMs, HBO, democracy … what can’t be hacked? Here are the top security headlines for the week of July 31, 2017: IOActive hacked at ATM at Black Hat. I guess drinks are on them? Espionage was just a red herring. Apparently hackers in North Korea are looking for cash, not secrets. DefCon attendees shredded voting machines – some still being used in U.S. elections. Don’t worry, it’s for research. “If all your friends were downloading torrents, then would you too?” It seems like everyone is doing it, but even downloading just the BitTorrent clients (the software needed to run them) can make your device and data vulnerable to infection. Inspired by DefCon, Naked Security took a deep dive into Dark