#HappyFriday
This is a weekly series to highlight the best articles and stories happening all over the web.
What was your favorite story? What topics would you like to see? Sound off in the comments!
17 Things We Should Have Learned in 2017, but Probably Didn't
Before you make your cybersecurity resolutions for 2018, curl up with some egg nog, sit by a fire, nestle yourself in the comforting sounds of loved ones' voices in the next room, and spend some time reflecting on all the cybersecurity resolutions you failed to fulfill in 2017, 2016, and 2015.
Some of the points that stand-out:
- How we respond to incidents is just as important as how we prevent them.
- You need to deploy patches faster...no, really.
Check out all 17 points to better protect your organization.
To Mitigate Phishing Risk, Let Employees 'Fail Forward'
Failure, not surprisingly, gets a bad rap. Yet, learning from failure is often the quickest path to growth. Take young children learning to walk for example: children will fail many times before getting it right, but at what point do we tell kids to stop? We don’t. We teach them instead to learn and adjust rather than chastise them for falling. In other words, until we know something doesn’t work, we can’t make corrections. This is true in life, business and phishing defense.
Learning from mistakes is vital to a strong anti-phishing program. A program must strategically allow for failure before a threat actor attacks. By exposing users to a learning environment where it is safe to fail, companies empower users to strengthen its security infrastructure.
Read the full article.
Android Security Bulletin for January 2018, tech giant fixes multiple Critical flaws
Google patched five Critical bugs and 33 High severity flaws as part of the Android Security Bulletin for January 2018.
The most severe vulnerability in Android runtime, tracked as CVE-2017-13176, could be exploited by a remote attacker to bypass user interaction requirements in order to gain access to additional permissions. A Critical remote code execution flaw was fixed in System. The company also addressed one High-risk denial of service vulnerability and two High severity elevation of privilege vulnerabilities.
Get the details.
Forever 21 Confirms Security Breach Exposed Customer Credit Card Details
First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017.
According to the company's investigation, which is still ongoing, the malware was designed to search for and likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes and, in some cases, cardholder names.
Learn more.
Google knew about Spectre and Meltdown processor bugs last year
When news broke of the security flaw affecting Intel chips, the tech world was more than a little surprised. And things just got more surprising as more details of Meltdown and Spectre emerged.
Perhaps most surprising is the fact that Google -- via Project Zero -- was aware of the problem in June of 2017. The company even went as far as informing Intel, AMD and ARM about the issue. But for Google customers, the good news is that the early detection of the security flaw means that Google Cloud, G Suite and Chrome users are fairly safe.
Get all the details about the Intel flaw.
What story from the last week the most important for you? We love hearing your feedback!