InfoSec Industry News

October 2018 Edition

  • The Big Hack: How China Used a Tiny Chip to Infiltrate the U.S.: Chinese spies attacked almost 30 U.S. companies, including Amazon and Apple, by compromising America's technology supply chain, according to extensive interview with government and corporate sources. Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China where government-affiliated groups are alleged to have infiltrated its supply chain to attach tiny chips, some merely the size of a pencil tip, to motherboards which ended up in servers deployed in the U.S. | Read more from Bloomberg here. | CorreLog offers a security solution for SAP. Click here for more info.

  • US Computer Emergency Readiness Team (CERT): The US-CERT Cyber-Security Bulletin lists new vulnerabilities each week as recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). The vulnerabilities are listed by severity and are based on the CVE vulnerability-naming standard. This week's US-CERT alerts can be found here. | National Vulnerability Database summary found here
  • Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash:The attackers remotely compromised payment "switch application servers" within the targeted banks to facilitate fraudulent transactions. Investigators found the hacking scheme is being used by a North Korean APT hacking group known as Hidden Cobra, believed to be backed by the North Korean government. | Read more from The Hacker News here.
  • SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users: U.S. online fashion retailer SHEIN has admitted that the company has suffered a significant data breach after unknown hackers stole the personally identifiable information of almost 6.5 million customers. SHIEN has not released how the breach might have happened. | Read more here.
  • Bitcoin Core Software Patches a Critical DDoS Attack Vulnerability: The Bitcoin Core development team has released an important update to patch a major DDoS vulnerability in its underlying software that could have been fatal to the Bitcoin Network. The vulnerability could potentially be exploited by anyone capable of mining BTC to crash Bitcoin Core nodes running software versions 0.14.0 to 0.16.2. | Read more from Security Affairs here.
  • Facebook Had Its Worst Hack Ever - And it Could Get Worse: At least 50 million Facebook users were subject to an attack, discovered on September 16. Facebook is unsure who the hackers were or what they were looking for. The attackers figured out how to exploit three separate vulnerabilities in Facebook's code and could have possibly logged into users' accounts. | Read more from CNN here 
  • Port of San Diego Suffers Cyber-Attack After Attack in Barcelona: Two major international ports fell victim to cyber-attacks, putting the shipping industry on alert. The first attack took place in Barcelona and the second in San Diego. The two port authorities have not revealed any details about the nature of the cyber-attacks. | Read more from ZDNet here.

CorreLog Sponsored Webinar

Find out what's next for the GDPR in the U.S.


zDefender™ on Splunkbase

  • Did you know CorreLog now has zDefender™ available for Splunk?
  • Click here for more info.


Mainframe Security Gap Video

Watch our video explaining the mainframe security gap and how CorreLog reduces risks.



Webinars On-Demand


"PEN Testing z/OS" with Phil Young

Learn more about z/OS Pen Testing with esteemed mainframe security researcher Philip Young, detailing how each attack is detectable up-to-the-second in your distributed SIEM. Watch here. 


Latest Resources


MAINFRAME SECURITY WHITEPAPERS:

“Impact from the New GDPR: Countdown begins...”
Click here to download.

“Real-time Mainframe SIEM 101: Mainframe Cyber Threat is Real"
Click here to download.


InfoSec Industry Events

  • November 1-3: InfoWarCon 18 | The National Conference Center, Leesburg, VA | Event Link
  • November 2: Paubox SECURE | San Francisco, CA | Event Link
  • November 9-11: Pacific Hackers Conference | Hacker Dojo, Santa Clara, CA | Event Link
  • November 12-13: Pen Test Hackfest Summit | One Bethesda Metro Center, Bethesda, MD | Event Link
  • November 14-15: Infosecurity North America | Javits Convention Center, New York City, NY | Event Link

CorreLog Product News

BMC Announces Definitive Agreement to Acquire CorreLog, Inc.

  • CorreLog's offerings, combined with BMC's innovative solutions in systems, data, and cost management, provide end-to-end solutions to ensure the availability, performance, and security of mission critical applications and data residing on today's modern mainframe.
  • The combination of CorreLog's security offerings with BMC's mainframe solutions will provide customers with real-time visibility into security events from the mainframe environment, delivered directly into SIEM/SOC systems.
  • Click here to read more.

CorreLog, Inc. Attains Gold-Certified Partner Status in the Microsoft Partner Ecosystem

  • CorreLog has achieved the highest level of recognition from Microsoft's Partner program, demonstrating expertise with Microsoft technologies and meeting marketplace and customer needs.
  • Microsoft Gold-Certified Partners are Microsoft’s most highly accredited, independent technical support providers.
  • Click here to read more.

About CorreLog

Since 2007, CorreLog, Inc. has been committed to delivering software solutions for Security and Compliance professionals who need more advanced network/system security and improved adherence to PCI DSS, HIPAA, SOX, FISMA, the GDPR, ISO 27001, IRS Pub. 1075, NERC, and other industry standards for protecting data. Our solutions are designed to be complementary to clients' existing IT investments.

CorreLog specializes in providing the most comprehensive Security & Compliance software at the industry's lowest Total Cost of Ownership. Our solutions help secure data across both mainframe and distributed operating systems and provide alerts with notifications in real-time to security and network operations resources. CorreLog has worked with companies across Fortune 500 to SMB class who all benefit from our ease of installation and highly interoperable approach to building software that is simple to use and master out of the box. Our customers are up and running with monitoring and alerts within just a few hours, versus weeks or even months with competing enterprise vendor solutions, Our software agent monitoring technology spans from Windows, Linus, UNIX, Mac, SAP, and databases all the way up to the largest mainframes with running IBM® z/OS®, Linux on z Systems, IBM® Db2, IBM® IMS™, and IBM® z/VM.

CorreLog has installed software and framework components used successfully by hundreds of commercial and government organizations worldwide. Our core solutions provide visibility on privilege-user activity, data integrity, FIM and application activity that may hold evidence of cyber threat, and in real time, we notify security personnel with alerts in accordance with compliance standards. For more information on CorreLog, please visit CorreLog.com.