CorreLog December Newsletter 2017

InfoSec Industry News

  • US Computer Emergency Readiness Team (CERT): The US-CERT Cyber Security Bulletin lists new vulnerabilities each week as recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). The vulnerabilities are listed by severity and are based on the CVE vulnerability-naming standard. This week's US-CERT alerts can be found here. | National Vulnerability Database summary found here.
  • Breach Level Index for the First Half of 2017: Gemalto, a leading global provider of digital security solutions, collected extensive publicly available information about data breaches around the world, finding over a million data records breached in the first half of 2017. The report looks at the data in terms of the number of breaches, number of data records lost or stolen, and data breaches by the source of the breach, type of breach, industry, and country or region. | Read more from Gemalto here.
  • 1.6 Million Customers affected by PayPal's TIO Network Breach: The recently acquired payments processor, TIO Networks, compromised personally identifiable information of roughly 1.6 million customers. Information stolen included social security numbers, bank account information, usernames and passwords, and other online data. It is unclear if PayPal was aware of potential security issues prior to the acquisition of the company. | Read more from SCMagazine here.
  • FBI, Europol, Microsoft, and ESET Team Up to Take Down One of the World's Largest Malware Operations: Avalanche, the long-running malware operation that has used more than 460 different botnets and infected more than 1.1 million computers a month, has been dismantled in a year-long operation by global law enforcement and cyber security vendors. The Andromeda network spread Gamarue, otherwise known as Wauchos, malware. One individual was arrested in Belarus; authorities did not provide details on the suspect. | Read more from Dark Reading here.
  • Senate Bill that Would require Jail Time for Data Breach Cover Ups: The Data Security and Breach Notification Act would require jail time for corporate executives who do not notify consumers of a breach within 30 days. The bill also requires the FDC create strict standards businesses will have to follow to protect personal and financial data. The bill was introduced due to the recent breaches of Uber and Equifax. | Read more from SCMagazine here.
  • Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million: Slovenia-based bitcoin mining company, NiceHash, has temporarily stopped its operations while it investigates a security breach and determines how many bitcoins were stolen. The company announced on social media that there was a security breach involving the website. Potentially 4,736.42 bitcoins, $62 million, were stolen. The breach occurred prior to bitcoin's cryptocurrency debut on two major U.S. exchanges. | Read more from Dark Reading here.
  • Stanford University server exposes data of 10,000 staffers: Business student, Adam Allock, found that thousands of financial aid records and employee information was visible to those within the business school. His findings revealed that the school had been awarding tuition discounts to non-needy applicants in hopes of attracting international students, women, and those with a finance background. The chief digital officer of Stanford's Graduate School of Business has resigned after the university failed to disclose this information. | Read more from NBC here.

InfoSec Industry Events

  • January 8: FloCon 2018 | Tuscon, AZ | Event Link
  • January 20: BSides New York | New York, NY | Event Link
  • January 29-30: SANS Cyber Threat Intelligence Summit 2018 | Bethesda, MD, USA | Event Link
  • February 13: Cyber Security Summit Silicon Valley 2018 | San Jose, CA | Event Link
  • February 19-20: SANS Cloud Security Summit | SSan Diego, CA | Event Link
  • February 23-24: BSides NoVa 2018 |Herndon, VA 20170, USA | Event Link

CorreLog News

CorreLog, Inc. Sponsors SHARE Sacramento Convention from March 11-18: Twice each year, SHARE gathers leading subject matter experts, vendors, and business visionaries in enterprise IT for a week of education and innovation. We anticipate Sacramento will be their best event yet, and hope you’ll join us in the expo at the Sacramento Convention Center. Charles Mills, CorreLog Director of Advanced Projects, will host a technical breakout session titled “Digital Certificates – How they Really Work (3-part series)” with speaking time and location details TBA.

  • When: March 11-16, 2018
  • Where: Sacramento, California
  • Venue: Sacramento Convention Center
  • CorreLog Booth: TBD
  • More Info: Event Website

CorreLog, Inc Sponsors InfoSec World 2018 in Lake Buena Vista, Florida: CorreLog is once again proud to sponsor InfoSec World 2018 in Lake Buena Vista, Florida, March 19-21. We hope to see you at MIS|TI’s industry-leading expo, which for more than 20 years has been the “business of security” conference for many security professionals worldwide. CorreLog will be in attendance at booth #318 with live demonstrations of zDefender™ for z/OS, dbDefender™ for Db2, zDefender™ Visualizer, and other CorreLog products that facilitate the real-time monitoring benefits of SIEM on z/OS.

  • When: March 19-21, 2018
  • Where: Lake Buena Vista, Florida
  • Venue: Disney’s Contemporary Resort
  • CorreLog Booth: #318
  • More Info: Event Website

CorreLog Product News

CorreLog, Inc. Announces New Release of zDefender™ for z/OS Version 5.7.4

  • The new release of zDefender™ incorporates new features and enhancements to the existing 5.7.x release including several new screens, new performance boosts, and increased event capacity.
  • The new 5.7.4 version comes with a name change from CorreLog SIEM Agent for z/OS to CorreLog zDefender™ for z/OS. As well as, a deeper scanning ability for mainframe privilege user access, additional SMF record tracking, performance enhancements, and more.
  • Click here for more information on the new release.

CorreLog Issues Mainframe Data Security Guidelines for FISMA Compliance

  • CorreLog releases four-page executive summary along with thought-leading whitepaper simplifying NIST guidelines for FISMA compliance relative to z/OS, outlining best practices for a complete, cross-platform data security and compliance strategy.
  • Click here for more information about CorreLog’s FISMA whitepaper.
  • Click here to visit CorreLog’s FISMA compliance web page.
  • Click here to download the whitepaper.

About CorreLog

Since 2007, CorreLog, Inc. has been committed to delivering software solutions for Security and Compliance auditing professionals who need more advanced network/system security and improved adherence to PCI DSS, HIPAA, SOX, FISMA, GDPR, ISO 27001, IRS Pub. 1075, NERC, and other industry standards for protecting data. Our solutions are designed to be complementary to clients' existing IT investments.

CorreLog specializes in providing the most comprehensive Security & Compliance software at the industry's lowest Total Cost of Ownership. Our solutions help secure data across both mainframe and distributed operating systems, and provide alerts with notifications in real-time to security and network operations resources. CorreLog has worked with companies across Fortune 500 to SMB class who all benefit from our ease of installation and highly interoperable approach to building software that is simple to use and master out of the box. Our customers are up and running with monitoring and alerts within just a few hours, versus weeks or even months with competing enterprise vendor solutions, Our software agent monitoring technology spans from Windows, Linus, UNIX, Mac, SAP, and databases all the way up to the largest mainframes with running IBM® z/OS®, Linux on z Systems, IBM® Db2, IBM® IMS™, and IBM® z/VM.

CorreLog has installed software and framework components used successfully by hundreds of commercial and government organizations worldwide. Our core solutions provide visibility on privilege-user activity, data integrity, FIM and application activity that may hold evidence of cyber threat, and in real time, we notify security personnel with alerts in accordance with compliance standards. For more information on CorreLog, please visit CorreLog.com.

December 2017 Edition

Join Us at these 2018 Events

  • SHARE 2018, Sacramento | Link
  • InfoSec World 2018, Orlando (Disney) | Link
  • IDUG 2018 NA, Philadelphia | Link

Latest Resources


IBM Systems Magazine Webinar featuring live pen testing with Phil 'Soldier of Fortran' Young:

Learn more about z/OS insecurities in this CorreLog-sponsored IBM Systems Magazine webinar titled: "Pen Testing to Reveal the Truth about Mainframe Security."  Click here to watch.


MAINFRAME SECURITY WHITEPAPERS:

“Impact from the New GDPR: Countdown begins...”
Click here to download.

“Real-time Mainframe SIEM 101: Mainframe Cyber Threat is Real"
Click here to download.


DATASHEETS:

zDefender™ for z/OS ver. 5.7.3 - Enhanced auditing for privilege escalation detection.
Click here to download  datasheet.


VIDEOS:

View a demo from CorreLog’s YouTube channel.


CorreLog Resource Library

SC Magazine Awards Five-star, ‘Best Buy’ Rating to CorreLog SIEM Solution, Citing Ease of Use, Extensive Feature Offerings, and Affordability

CorreLog SIEM Correlation Server v. 5.7.1 rated five-out-of-five stars and “Best Buy” by SC Magazine across all categories, including ease of use, performance, and value for money. Read more

CorreLog, Inc. enters Database Activity Monitoring (DAM) market with cost-effective, highly functional mainframe security product, dbDefender™ DAM Agent for IBM® Db2®

CorreLog extends its SIEM Agent for z/OS product to include monitoring Db2 activity with standalone product dbDefenderTM DAM Agent for Db2, providing Database Activity Monitoring (DAM) to strengthen Db2 security, auditing and compliance. Read more