InfoSec Industry News

September 2018 Edition

  • Microsoft Issues Software Updates for 17 Critical Vulnerabilities: The security updates patch vulnerabilities in Microsoft Windows, Edge, Internet Explorer, MS Office, ChakraCore, NET Framework, and more. Four of the security vulnerabilities patched have been listed as "publicly known" and more likely exploited in the wild at the time of release. | Read more from The Hacker News here.

  • US Computer Emergency Readiness Team (CERT): The US-CERT Cyber-Security Bulletin lists new vulnerabilities each week as recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). The vulnerabilities are listed by severity and are based on the CVE vulnerability-naming standard. This week's US-CERT alerts can be found here. | National Vulnerability Database summary found here
  • British Airways Breach Caused by the Same Group that Hit Ticketmaster: A cyber-criminal operation known as Magecart is believed to have been behind the recent British Airways card breach. In a report by RisqIQ, clues were found linking the Magecart Ticketmaster operation to the British Airways breach. The breach compromised 380,000 payment cards and customers' personal details. British Airways has assured its customers that the hackers did not get their passport numbers or travel details. | Read more from ZDNet here.
  • How the Equifax Hack Happened and What Still Needs to be Done: Last September, Equifax disclosed that hackers stole the personal information of 147.7 million Americans from its servers. It's still unclear who was behind the hack. Security experts also aren't aware how the stolen data has been used. Equifax argues that it's going through a complete shift to make sure a breach like 2017's never happens again. An Equifax spokesperson said the company has spent $200 million on cybersecurity over the last year. For affected consumers and many in Congress, those improvements haven't yet hit the mark. | Read more from CNet here.
  • New 'Fallout' EK Brings Return of Old Ransomware: A new malware, Fallout Exploit Kit, is bringing back a previously known ransomware called GandCrab to the Middle East. As protection against this new malware, administrators are urged to keep systems fully patched and up-to-date, and to stress proper online behavior to employees and system users. Read more from The Dark Reading here.
  • Five Key Security Tips to Avoid an IoT Hack: How can companies better protect themselves from cyber criminals? Malicious IoT hacking incidents are a norm today. That is not surprising, considering that by 2020, the IoT is expected to reach a staggering amount of 20.4 billion device. Homes and enterprises using legacy security measures are in danger because of the ever-growing IoT. | Read more from Help Net Security here.

CorreLog Sponsored Webinar

Find out what's next for the GDPR in the U.S.


Be sure to catch us in the BMC booth at the Splunk .conf18 conference this year, booth number #M57.


zDefender™ on Splunkbase

  • Did you know CorreLog now has zDefender™ available for Splunk?
  • Click here for more info.


Mainframe Security Gap Video

Watch our video explaining the mainframe security gap and how CorreLog reduces risks.



Webinars On-Demand


"PEN Testing z/OS" with Phil Young

Learn more about z/OS Pen Testing with esteemed mainframe security researcher Philip Young, detailing how each attack is detectable up-to-the-second in your distributed SIEM. Watch here. 


Latest Resources


MAINFRAME SECURITY WHITEPAPERS:

“Impact from the New GDPR: Countdown begins...”
Click here to download.

“Real-time Mainframe SIEM 101: Mainframe Cyber Threat is Real"
Click here to download.


InfoSec Industry Events

  • September 26: CorreLog Sponsored IBM Systems Magazine Webinar | "The GDPR Aftermath: How Lack of Real-time Alerts Can Cost Millions" | Event Link
  • October 1: ISC2 Secure Summit Toronto | Metro Toronto Convention Center, Toronto, Canada | Event Link
  • October 1-4: Splunk .conf18 | Walt Disney World Swan and Dolphin Resort, Orlando, FL | Event Link | Be sure to catch us in the BMC booth number #M57.
  • October 4: Data Connectors St. Louis | Sheraton Clayton Plaza Hotel | St. Louis, MO | Event Link
  • October 8-9: National Cyber Symposium | The Broadmoor Hotel | Colorado Springs, CO | Event Link
  • October 17-18: Cyber Security Atlanta | Georgia World Congress Center, Atlanta, GA | Event Link

CorreLog News

CorreLog, Inc. to Sponsor IBM Systems Webinar on the GDPR and How Real-time Mainframe Alerts in Your SOC from z/OS can Eliminate the 197-day Average Time to Detect a Breach

IBM Systems Magazine/CorreLog Webinar Details

  • What: IBM Systems Magazine / CorreLog webcast – “The GDPR Aftermath: How Lack of Real-time Alerts Can Cost Unforeseen Millions”
  • When: Wednesday, September 26 | 12:00 p.m. CDT, 1:00 p.m. EDT
  • Speakers: Peter Mills, CorreLog VP of development and customer support and Tony Perri, CorreLog marketing chief
  • Speakers' Bio: Click here
  • Register: Click here

CorreLog Products News

CorreLog, Inc. Partners with BMC, Adding the Mainframe Event Logging Capability of CorreLog zDefender™ to Extend the Real-time Security Visibility into BMC Customers' SIEM Solutions and SOCS

  • CorreLog zDefender will deliver real-time security event messages from RACF®, CA ACF2™, Top Secret®, Db2, and other IBM® z/OS® sub-systems into BMC clients’ existing Security Information and Event Management or SIEM systems and IT SOCs.
  • BMC clients will have a 360-degree view into their mainframe security compliance with a complete picture of privileged user activity, including all successful logins, session keyboard commands, specific data viewed and accessed, and more
  • Click here to read more.

CorreLog, Inc. Attains Gold-Certified Partner Status in the Microsoft Partner Ecosystem

  • CorreLog has achieved the highest level of recognition from Microsoft's Partner program, demonstrating expertise with Microsoft technologies and meeting marketplace and customer needs.
  • Microsoft Gold-Certified Partners are Microsoft’s most highly accredited, independent technical support providers.
  • Click here to read more.

About CorreLog

Since 2007, CorreLog, Inc. has been committed to delivering software solutions for Security and Compliance professionals who need more advanced network/system security and improved adherence to PCI DSS, HIPAA, SOX, FISMA, the GDPR, ISO 27001, IRS Pub. 1075, NERC, and other industry standards for protecting data. Our solutions are designed to be complementary to clients' existing IT investments.

CorreLog specializes in providing the most comprehensive Security & Compliance software at the industry's lowest Total Cost of Ownership. Our solutions help secure data across both mainframe and distributed operating systems and provide alerts with notifications in real-time to security and network operations resources. CorreLog has worked with companies across Fortune 500 to SMB class who all benefit from our ease of installation and highly interoperable approach to building software that is simple to use and master out of the box. Our customers are up and running with monitoring and alerts within just a few hours, versus weeks or even months with competing enterprise vendor solutions, Our software agent monitoring technology spans from Windows, Linus, UNIX, Mac, SAP, and databases all the way up to the largest mainframes with running IBM® z/OS®, Linux on z Systems, IBM® Db2, IBM® IMS™, and IBM® z/VM.

CorreLog has installed software and framework components used successfully by hundreds of commercial and government organizations worldwide. Our core solutions provide visibility on privilege-user activity, data integrity, FIM and application activity that may hold evidence of cyber threat, and in real time, we notify security personnel with alerts in accordance with compliance standards. For more information on CorreLog, please visit CorreLog.com.