Cyber Security Institute

Tuesday, March 31, 2015

Newsalert - 2015 Mar 31

BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://www.cyberkendra.com/2015/03/bluehost-and-hostmonstor-hacked-by.html

10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way - it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://www.net-security.org/article.php?id=2250

Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://thetechportal.in/2015/03/30/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions/

Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://www.techzone360.com/topics/techzone/articles/2015/03/30/400614-financial-services-investing-data-security-risk-mitigation.htm

Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://www.scmagazineuk.com/russian-banks-combat-tyupkin-atm-malware-gang/article/406061/

Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://www.pandct.com/media/shownews.asp?ID=43167

Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://www.istockanalyst.com/business/news/7249004/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations

Monday, March 30, 2015

Newsalert - 2015 Mar 30

BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://www.cyberkendra.com/2015/03/bluehost-and-hostmonstor-hacked-by.html

10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way - it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://www.net-security.org/article.php?id=2250

Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://thetechportal.in/2015/03/30/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions/

Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://www.techzone360.com/topics/techzone/articles/2015/03/30/400614-financial-services-investing-data-security-risk-mitigation.htm

Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://www.scmagazineuk.com/russian-banks-combat-tyupkin-atm-malware-gang/article/406061/

Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://www.pandct.com/media/shownews.asp?ID=43167

Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://www.istockanalyst.com/business/news/7249004/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations

Sunday, March 29, 2015

Newsalert - 2015 Mar 29

BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://www.cyberkendra.com/2015/03/bluehost-and-hostmonstor-hacked-by.html

10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way - it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://www.net-security.org/article.php?id=2250

Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://thetechportal.in/2015/03/30/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions/

Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://www.techzone360.com/topics/techzone/articles/2015/03/30/400614-financial-services-investing-data-security-risk-mitigation.htm

Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://www.scmagazineuk.com/russian-banks-combat-tyupkin-atm-malware-gang/article/406061/

Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://www.pandct.com/media/shownews.asp?ID=43167

Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://www.istockanalyst.com/business/news/7249004/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations

Thursday, March 26, 2015

Newsalert - 2015 Mar 26

70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept
Websense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year’s e-Crime Congress. Nearly all respondents (98 %) believe that the law should address serious data breaches that expose consumers’ data loss through punishments such as fines (65%), mandatory disclosure (68%), and compensation for consumers’ affected (55%). Sixteen percent even advocate arrest and jail sentence for the CEO or board members.
Respondents feel that companies that are not taking action against data loss and theft have it as an agenda item, but it’s not yet a high enough priority (45%). Furthermore, 70% say the CEO should hold ultimate responsibility should a breach arise. And the pressure is mounting, as 93% of all respondents believe the advent of the Internet of Things will make companies even more vulnerable to data theft.
Link: http://www.firstpost.com/business/70-cos-feel-ceos-responsible-data-breaches-5-blame-dept-2174439.html

Windows Server 2003 End-of-Life Survey Finds Nearly One in Three Companies Will Miss Deadline, Leaving Nearly 3 Million Servers Vulnerable to Breach
An estimated 2.7 million servers—potentially containing hundreds of millions of files—will be unprotected after July 14, 2015, the end-of-life deadline, according to the survey Bit9 + Carbon Black conducted in February 2015.. Key findings from the survey—of IT leaders at 500 medium and large enterprises in the U.S. and U.K. with at least 500 employees—include:
-      More than half of enterprises (57 percent) do not know when the end of life deadline is

Link: http://www.darkreading.com/vulnerabilities—-threats/windows-server-2003-end-of-life-survey-finds-nearly-one-in-three-companies-will-miss-deadline-leaving-nearly-3-million-servers-vulnerable-to-breach/d/d-id/1319612

Rise of threat intelligence is leading to too many sources, finds MWR, CPNI and CERT-UK
Threat intelligence is rapidly becoming an ever-higher business priority with a general awareness of the need to ‘do’ threat intelligence, but vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products.
According to MWR senior security researcher Dr David Chismon, there is a risk that in the hurry to keep up with the threat intelligence trend, organisations will end up paying large amounts of money for products that are interesting but of little value in terms of improving the security of their business. “Doing threat intelligence is important – but doing it right is critical,” he said.
In a report by MWR Infosecurity, supported by the Centre for the Protection of National Infrastructure (CPNI) and CERT-UK, the theme of threat intelligence is covered, including how to build a successful threat intelligence programme ,and crucially, how not to build one, as well as detailed advice on collecting, analysing, acting on and sharing the information obtained.
Link: http://www.itsecurityguru.org/2015/03/25/rise-of-threat-intelligence-is-leading-to-too-many-sources-finds-mwr-cpni-and-cert-uk/

On the Heels of the Successful Ramnit Botnet Takedown, AnubisNetworks Adds Powerful New Features to Cyberfeed Threat Intelligence Service / New Cyberfeed Release Delivers More Visibility Into Cyber Threat Vectors and Improved Enrichment and Correlation f
AnubisNetworks, a subsidiary of Security Ratings company BitSight Technologies, announced today significant enhancements to Cyberfeed, a subscription-based threat intelligence service that allows advanced security organizations such as SOCs, MSSPs and CERTs to obtain real-time event feeds on security threats.
Produced from vast global and proprietary sensors networks, Cyberfeed delivers contextualized threat intelligence by correlating data from different security feeds, for example, verifying if an organization’s IP reputation decrease is related to compromised systems or a persistent campaign. These feeds are enriched with data such as geolocalization information or malware profile, thus enabling organizations to act faster and proactively mitigate cyber risks.
New Enhancements to Cyberfeed
• Intelligence Breadth
• Data Depth
Link: http://www.finanznachrichten.de/nachrichten-2015-03/33222776-on-the-heels-of-the-successful-ramnit-botnet-takedown-anubisnetworks-adds-powerful-new-features-to-cyberfeed-threat-intelligence-service-new-cyber-256.htm

New York Fed Creates Cybersecurity Team
Bloomberg Business on Tuesday reported that the Federal Reserve Bank of New York has created a new team dedicated towards cybersecurity threats.
The team will be led by Roy Thetford, the bank’s former information security officer. He will be working with an examination team to establish a new risk-based cybersecurity assessment framework.
Link: http://www.benzinga.com/news/15/03/5355778/new-york-fed-creates-cybersecurity-team

UK attacks on crypto keys and digital certificates endemic
All 499 UK security professionals polled in a global survey say their organisations have responded to multiple attacks on keys and certificates in the past two years.
The 2015 Cost of Failed Trust Report, commissioned by security firm Venafi, claims to be the only research of its kind to examine the internet system of trust.
The potential risk facing UK firms from attacks on keys and certificates is expected to reach at least £33m in the next two years, according to the report, based on interviews with more than 2,300 IT security professionals around the world.
Link: http://www.computerweekly.com/news/4500243119/UK-attacks-on-crypto-keys-and-digital-certificates-endemic?asrc=EM_ERU_41107776&utm_medium=EM&utm_source=ERU&utm_campaign=20150326_ERU%20Transmission%20for%2003/26/2015%20(UserUniverse:%201433145)_myka-reports@techtarget.com&src=5373575

Despite Demands of Ongoing Transformation, CIOs and IT Professionals Remain Focused on Security and Privacy in 2015
MENLO PARK, Calif., March 25, 2015 /PRNewswire/—As organizations continue to undergo major changes and technology upgrades, CIOs and IT professionals are under growing pressure to manage these transformations successfully while simultaneously addressing increased cybersecurity threats, according to a new survey by global consulting firm Protiviti (http://www.protiviti.com).
“Gone are the days where information security and data privacy vulnerabilities are viewed as just technical issues. Today, these challenges include critical business policy, governance, compliance and communications that must be addressed across the enterprise, placing even more responsibilities on the shoulders of executive management,” said Kurt Underwood, a managing director with Protiviti and global leader of the firm’s IT consulting practice. “Our survey findings show that organizations going through major transformations see the need to elevate more of their attention and budgets toward mitigating and combating security risks as they seek to enhance and protect the value of their businesses with technology.”
Link: http://www.reuters.com/article/2015/03/25/proviti-it-idUSnPn5H4q25+90+PRN20150325

Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide
Dark Reading
This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs.
… discovered a critical vulnerability in ANTlabs’ InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS).Link: http://www.darkreading.com/attacks-breaches/cylance-researchers-discover-critical-vulnerability-affecting-hotel-chains-worldwide/d/d-id/1319644

Virginia first state to enact digital identity law
Legislation in Virginia will create uniform standards for strengthening and authenticating digital identities. The Commonwealth of Virginia is taking the lead on this issue, as the first in the nation attempting to codify their way out of weak passwords, data breaches and identity theft. The bill has been approved by the General Assembly and was signed into law by Gov. Terry McAuliffe.
Link: http://www.secureidnews.com/news-item/virginia-first-state-to-enact-digital-identity-law/

New anti-malware weapon launched as NZ cyber security takes giant leap forward
The Red Alert system is the result of several years’ work by NICT scientists and engineers, supported through commissioned research projects, including by Unitec staff and students on computational intelligence for cyber security.
Designed to help protect any network that is connected and subscribed to it, Red Alert will issue an alert as soon as a hack takes place - it will detect intrusions, notify the victim and then provide a report which includes the type of attack, the part of the network infected and a list of experts who can help them resolve the issue.
Link: http://www.computerworld.co.nz/article/571389/new-anti-malware-weapon-launched-nz-cyber-security-takes-giant-leap-forward/

New router malware injects ads and porn into websites
A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router’s DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.
The malware finds its way into routers by exploiting the fact that many people don’t change their router’s default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn’t specify what routers are affected, but keeping your router’s firmware up to date and changing the default login credentials are good ways to keep secure.
Link: http://www.techspot.com/news/60169-new-router-malware-injects-ads-porn-websites.html

The top SA banking malware is…
They are: SWISYN, which makes up 37% of detections, followed by DORKBOT (27%) and ZEUS/ZBOT (23%).
Link: http://www.fin24.com/Tech/News/The-top-SA-banking-malware-is-20150325

Wednesday, March 25, 2015

Newsalert - 2015 Mar 25

F5 Threat Analysis: It’s a mad, mad, mad, mad ... bot
F5’s State of Application Delivery 2015 survey found that 92% of customers were confident to very confident they were ready and able to handle such attacks. Given that a majority protect all three attack surfaces “all the time”, this confidence is likely warranted…
But as complacency is as dangerous to security as complexity,
Madness is, according to its authors, a superior successor to notorious DDoS malware families “BlackEnergy”, “gbot”, “DirtJumper”, “Darkness Optima”, “iBot” and “w3Bot”.
...Madness displays a growing awareness of the richer attack surfaces at layer 7 (application). While supporting traditional network-based DoS capabilities, Madness also offers a number of application layer attacks with growing detection evasion options. Madness’ HTTP flood options can be categorized into low-level and high-level attacks. Low-level attacks allow the attacker to control all aspects of the HTTP request.
Link: http://www.sys-con.com/node/3315922

BackDoor.Yebot [supposedly there is an uptick in infections, but not confirmed]
Multi-purpose and multi-module backdoor Trojan written in С. It is spread by means of Trojan.Siggen6.31836. URL contains further info…
Link: http://vms.drweb.com/virus/?i=4357803&lng=en

The 7 Truths Of Actionable Intelligence
We’ve talked in the past about Rick Holland’s (Forrester Research) thoughts on how to make sure the intelligence you receive is actionable and thus useful to your mission. Rick has some great guidance that you should take to heart (we have at iSIGHT Partners) – below we look at the seven core areas he details, with our own editorial below each header.
Link: http://www.isightpartners.com/2015/03/the-7-truths-of-actionable-intelligence/

New Report Promises Threat Intelligence 101
Global information security consultancy, MWR InfoSecurity, has produced a comprehensive new guide designed to provide organizations of all sizes with vendor-neutral advice on how to effectively build and evaluate threat intelligence programs. The report, Threat Intelligence: Collecting, Analysing, Evaluating, was produced with support from the UK’s Centre for the Protection of National Infrastructure (CPNI) and CERT-UK.  The link to the report: https://www.mwrinfosecurity.com/articles/intelligent-threat-intelligence/
Link: http://www.infosecurity-magazine.com/news/new-report-promises-threat/

Google warns of fake digital certificates
Google has warned of unauthorised digital certificates issued for several of its domains that could be used to intercept data traffic to its services.
The fake certificates were issued by intermediate certificate authority CNNIC which is owned by MCS Holdings, said Google engineer Adam Langley.
Link: http://www.computerweekly.com/news/4500242932/Google-warns-of-fake-digital-certificates?asrc=EM_ERU_41061149&utm_medium=EM&utm_source=ERU&utm_campaign=20150325_ERU%20Transmission%20for%2003/25/2015%20(UserUniverse:%201429542)_myka-reports@techtarget.com&src=5373152

A Quarter of Businesses Have No Control over Network Privileges
A BeyondTrust survey, Privilege Gone Wild 2 shows that more than one out of four companies indicated they have no controls in place to manage privileged access. That’s even though nearly half of the survey respondents (47%) admit they have employees with access rights not necessary to their current role.
Workers that have excessive privilege rights can easily compromise company assets, via the ability to steal credentials and the ease of access to sensitive data. There’s a rise in crime carried out by malicious insiders, but unwitting employees can also become conduits for outside criminals who have targeted them through judicious, well-crafted social engineering tactics. Sometimes a grooming process takes place, where the employee is developed over a period of weeks or even months to become susceptible to cybercrime ploys.
Link: http://www.infosecurity-magazine.com/news/quarter-of-businesses-network/

‘.bank’ domains, which should be more secure, are coming this summer
The new, exclusive domains offer a higher level of security than .com addresses — a change designed to foil phishing attempts and cybercrime so customers know the website is legitimate, not one created by a hacker trying to steal information.
Firms can begin registering dot-bank domains in May, says Craig Schwartz, who runs the effort for .bank and .insurance domains as director of the fTLD Registry Services. The payments and financial services sectors were the targets of nearly 67% of all phishing attacks in the second quarter of 2014, according to the most recent report published by the Anti-Phishing Working Group. The .bank domains will include encryption measures and authenticate emails so customers can more easily discern if a message truly came from the bank.
Link:  http://www.marketwatch.com/story/bank-domains-which-should-be-more-secure-are-coming-this-summer-2015-03-25

Secunia Report Highlights Critical Importance of Non-Microsoft Patches
Vulnerability management vendor Secunia on Wednesday released its annual “Secunia Vulnerability Review.” Overall findings were that the number of new vulnerabilities reported in 2014 went up by 18 percent compared to 2013. Newly reported vulnerabilities totaled 15,435 in 3,870 applications from 500 publishers, Secunia said. Among those thousands of new vulnerabilities were 25 zero-day vulnerabilities, which are security flaws that are already being exploited in the wild when a vendor publishes a security advisory about them. That figure is up from 14 zero-days in 2013.
Link: http://rcpmag.com/articles/2015/03/25/secunia-importance-of-non-microsoft-patches.aspx

Favicons used to update world’s ‘most dangerous’ malware
Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network.
The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence.
He says Vawtrak uses the Tor2Web proxy to receive updates from its criminal developers.
Kroustek says the latest Vawtrak sample uses steganography to conceal update files within favicons, the small images used to add colour to website bookmarks and browser tabs, in a novel trick that helps conceal the malicious downloads.
Link: http://www.theregister.co.uk/2015/03/25/blank/

root9B Announces Development of First-ever Credential Risk Assessment and Remediation Solution
NEW YORK, March 25, 2015 /PRNewswire/—root9B, a leading provider of advanced cybersecurity services and tailored active defense capabilities, announced today the development of Orkos, a revolutionary product to identify critical credential theft risks in organizational networks. root9B is a root9B Technologies company (OTCMKTS: RTNB).
Orkos, root9B’s credential assessment capability, combines comprehensive data collection, advanced logic, and cutting-edge visualization to identify the critical links attackers will exploit in a major breach. It identifies not only immediate risks, but higher-order effects, showing the total risk of credential theft. Orkos also supports remediation through simulation of network changes that would prevent an attacker from compromising additional systems with stolen credentials. Orkos was designed to find and mitigate the types of dangers vividly illustrated by the recent Target and Sands breaches.
Link: http://www.otcmarkets.com/stock/RTNB/news?id=100303

Tuesday, March 24, 2015

Newsalert - 2015 Mar 24

Is Your Threat Intelligence Platform Just a Tool?
There are new tools coming on the market every day, but many are just that – a simple tool and not a true platform. A tool may solve immediate needs, but you must evaluate your needs across multiple stakeholders throughout your organization (i.e., SOC, IR, Threat Team, CIO, CISO, Board) and look to a single platform to bring everyone together. The platform must support the integration of all the stakeholders and data that is relevant to each in such a way that all interested parties can work together as a team. Customization of the platform is key, as each organization will have different processes, and the need for data customization across those processes for aggregation, analysis, and action.
A platform is a foundational capability. It should be extensible, conducive to enterprise collaboration and evolve as your organization’s strategies shift. We agree with ExactTarget (Salesforce) in their definition of a tool vs. a platform, and in addition to that put forth our spin on the features you want to look for in a Threat Intelligence Platform [list follows …]
Link: http://www.threatconnect.com/news/is-your-threat-intelligence-platform-just-a-tool/

Don’t Let 2015 be the (NEW) Year of the Breach…Embrace Cyber Threat Intelligence
According to our friends at Google, every year since 2011 has been coined “The Year of the Breach”. That’s an awful long time to be stuck being remembered as yet another year we let bad guys take our stuff.
Performing these exercises gives us a pretty clear picture of the attack surfaces we are presenting to an adversary to gain access to our data. But let’s not pat ourselves on the back too vigorously yet. Our adversary’s tactics drive how we prioritize defending each of these attack surfaces. How do we find out what those tactics are?
Security is hard folks, and it’s not for the faint of heart. Not a single concept on this blog is something that can be done quickly or haphazardly. We haven’t even touched the attack surfaces presented by the users of our network. We haven’t touched on a lot of topics really. What we have covered is a basic methodology that will go a long way towards making sure we do our part to ensure 2015 gets coined something other than “the Year of the Breach“.
Link: http://www.isightpartners.com/2015/03/dont-let-2015-be-the-new-year-of-the-breach-embrace-cyber-threat-intelligence/

When DDoS Isn’t All About Massive Disruption
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
Corero also found a large number of short-burst DDoS attacks lasting anywhere from 5- to 30 minutes. Some 96% of DDoS attacks against its service provider and enterprise customers’ networks lasted less than 30 minutes, and 73%, less than five minutes.
Link: http://www.darkreading.com/perimeter/when-ddos-isnt-all-about-massive-disruption/d/d-id/1319581

New Neverquest campaign is targeting Canadian banks
Neverquest (aka Vawtrak) is a classic Trojan-banker with a variety of different advanced functions to attack online banking customers. The malware often gets installed through downloaders that are dropped using drive-by attacks.
The current webinject reveals that the primary goal, at least of this campaign, is financial institutions in Canada. We have more than 15 unique targets in Canada. The webinject is very much in the style of the ZeuS template and with the goal to alter the content of several specified target websites.
Link: https://www.csis.dk/en/csis/blog/4628/

CFOs increase spending on cyber-security
Sixty-three per cent of finance executives in a broader survey said their top response to the increased threat of data breaches was spending more on cyber-security and fraud prevention. In that survey, part of the AICPA’s quarterly Business & Industry Economic Outlook, 29% said they had not made any changes, 13% said they were accelerating the development of new mobile or electronic payment options that could offer more security, and 5% listed an unspecified other response.
Most CFOs in an annual survey by accounting and consulting firm BDO said the main response to cyber-security concerns was the implementation of new software security tools (90%) and the creation of a formal response plan for security breaches (72%).
Link: http://www.cgma.org/Magazine/News/Pages/cyber-security-spending-201512001.aspx?TestCookiesEnabled=redirect

What is keeping CIOs awake in 2015?
Kathy Gibson at the IDC CIO Summit, Sandton – We’ve heard about the four pillars of the 3rd Platform – big data, mobility, social and cloud computing – for some time; but now CIOs are looking to transform their organisations in line with these strategies.
• Security is a hot button issue for CIOs – and by 2016 it will be a top three business priority for 70% of CEOs.
• It is imperative to elevate security to senior executive responsibility, including CXOs in cross-functional governance.
• CIOs are urged to assess overall security architecture and transition from internal fixed cost assets to variable-cost PaaS. And they need to ensure that a security review – including cost – is a prerequisite for any new solution whether or not IT is involved.
• Mobile adds to the complexity of security, and in mobile-first regions the customer privacy agenda is highlighted.
Link: http://it-online.co.za/2015/03/24/what-is-keeping-cios-awake-in-2015/

Shipping analysts warn of cyberattacks at sea
Hackers could interfere with the control of a ship, disable navigation systems, cut off communications or steal confidential data, according to Allianz Global Corporate & Specialty SE’s 2015 Safety and Shipping Review.
The report warned shipping firms to prepare for the likelihood of cyberattacks as hackers around the world become more sophisticated.
Link: http://thehill.com/policy/cybersecurity/236723-shipping-analysts-warn-of-cyberattacks-at-sea

Fleishman launches global cybersecurity and privacy practice
ST. LOUIS: FleishmanHillard has launched a global practice focused on helping clients with data security and privacy challenges.
The group’s mission is to provide clients with a one-stop shop to address data-specific challenges in areas including data breach preparedness and response; employee awareness and engagement; privacy protection communications and advocacy; and public affairs regulatory and legislative counsel.
The practice is also supported by cybersecurity and investigations firms, cyber law firms, and cyber insurance underwriters with which Fleishman has a relationship. For instance, one year ago, Fleishman and risk-management firm Kroll formed a strategic alliance focused on cybersecurity and data-breach-risk mitigation.
Link: http://www.prweek.com/article/1339661/fleishman-launches-global-cybersecurity-privacy-practice

UK government announces £5m anti-malware funding
The UK government has announced a £5m investment to help researchers create new cyber security solutions as part of ongoing efforts to bolster the nation’s defences.
The funding was announced at the World Cyber Security Technology Research Summit in Northern Ireland and will be provided by the Engineering and Physical Sciences Research Council (EPSRC) and Innovate UK.
The research will focus specifically on ways to tackle malware threats, detect intrusions and prevent data theft on laptops, smartphones and cloud storage services.
Link: http://www.v3.co.uk/v3-uk/news/2401139/uk-government-announces-gbp5m-anti-malware-funding

When It Comes to Threat Detection and Incident Response, Context Matters
CSOs should now be using security analytics tools for threat detection and incident response. These security analytics tools offer the analyst unprecedented access to data they have always logged and kept, but rarely used.
This also allows security professionals to explore data sets previously deemed too large and complex for everyday use like full packet captures of all network data. Now we are seeing the emergence of tool sets that can not only deal with the incredible amount of information coming in daily, but can also be used to review older data. Security analytics tools don’t actually eliminate the need for a Security Incident and Event Management (SIEM) system. They still have their place in most organisations…
Link: http://www.cso.com.au/article/571117/when-it-comes-threat-detection-incident-response-context-matters/

Monday, March 23, 2015

Newsalert - 2015 Mar 23

Data company [IDT911] to open European HQ in Galway
A company that offers data protection services is to create 60 jobs with the opening of its European headquarters in Galway.
The company provides identity management, fraud monitoring and cyber security services to 17.5 million private customers in the US and Canada as well as to more than 750,000 businesses.
Link: http://www.rte.ie/news/2015/0323/689013-jobs-galway/

Is the UK gaining on the US in its spate of major cyber security breaches?
The data breach landscape in the UK has changed beyond all recognition over the last few years. More than four in ten Britons (42%) have been affected in some way by a breach, and their levels of concern are growing.
Experian has recently completed a new paper, Data Breach Readiness 2.0: The ‘Customer First’ Data Breach Response, which assessed the rapidly changing landscape of data breach in the UK. Not only did we survey businesses and consumers we also spoke, at some length, with industry authorities from leading lawyers, insurers, digital forensic experts, customer support specialists and crisis communications experts to assess the true extent of preparedness among UK organisations should a data breach occur.
Costs are higher also: The average US data breach costs £132 per record compared with £104 in the UK; and lastly lost business costs are higher in the US, reaching £2.2 million on average, compared with less than £1 million in the UK.
Link: http://www.information-age.com/industry/uk-industry/123459208/uk-gaining-us-its-spate-major-cyber-security-breaches

PoSeidon malware targeting retailers, say researchers
A family of improved malware is targeting retailers’ point of sale (PoS) systems, taking up where Zeus and BlackPoS left off, say Cisco researchers.
Dubbed PoSeidon, the malware is designed to scrape PoS devices’ memory for credit card information and exfiltrate that data to servers. The data can be used to create cloned credit cards, and is typically sold on criminal markets. The demand for such data has driven the growth in the number of data breaches involving PoS malware.
Link: http://www.computerweekly.com/news/2240242818/PoSeidon-malware-targeting-retailers-say-researchers

Bridging the Cyber-Security Skills Gap Using the Right Technology
According to the 2015 Global Cybersecurity Status Report from industry association, ISACA, a huge 90% and 87% of US- and UK-based IT and security professionals respectively testified to there being an international shortage of skilled cyber-security professionals, with direct impact on these organizations’ ability to prepare and fend off sophisticated attack as a result.
The technology is moving in the right direction, we just need to make sure it will focus on helping the humans fight the bots and the malicious humans on the other side, not burry them in additional labor.
Link: http://www.cytegic.com/Blog/?p=160

CEOs have false perception of the extent of their cyber risk insurance cover, new report finds
The report on the role of insurance in managing and mitigating cyber risk (32-page / 2.78MB PDF) highlighted a discrepancy between the cover that chief executives believe their companies have for cyber risk and the reality of the insurance protection their businesses have purchased.
"Business leaders who are aware of insurance solutions for cyber tend to overestimate the extent to which they are covered," the report said. "Surveys show that 52% of CEOs believe that they have cover, whereas in fact less than 10% do. This picture is likely a result of the complexity of insurance policies with respect to cyber, with cyber sometimes included, sometimes excluded, and sometimes covered as part of an add-on policy."
According to the report, just 2% of large businesses in the UK have "explicit cyber cover" and approximately half of the businesses the government liaised with for the report said they were not aware "that cyber risks can even be insured".
Link: http://www.out-law.com/en/articles/2015/march/ceos-have-false-perception-of-the-extent-of-their-cyber-risk-insurance-cover-new-report-finds/

Adobe Flash Player Sees Additional Update, Patches Vulnerabilities Found at Pwn2Own Contest
The latest beta version of Adobe Flash Player is now available. It is version number 17.0.0.134, and is the latest free version of the player. This version of Adobe Flash Player comes with many new incremental updates and performance enhancements that increase the quality of the player. Most of the fixes are technical in nature, but many users will see some performance enhancements if they spend a lot of time using Adobe Flash Player.
Link: http://airherald.com/adobe-flash-player-sees-additional-update-patches-vulnerabilities-found-at-pwn2own-contest/23470/

Communication Security Establishment's cyberwarfare toolbox revealed
The CSE toolbox includes the ability to redirect someone to a fake website, create unrest by pretending to be another government or hacker, and siphon classified information out of computer networks, according to experts who viewed the documents.
Link: http://www.cbc.ca/news/canada/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.3002978?cmp=rss

An introduction to threat intelligence services in the enterprise
Learning about relevant threats as soon as possible gives organizations the best chance to proactively block security holes and take other actions to prevent data loss or system failures.
Threat intelligence services are relative newcomers to the security industry, so there are still a lot of differences in the types of services each offering delivers.
Link: http://searchsecurity.techtarget.com/feature/An-introduction-to-threat-intelligence-services-in-the-enterprise

Airbus Wins UK Cyber Center Research Deal
LONDON — The creation of a UK virtual cyber operations center aimed at defeating battlefield attacks took a step forward with the award of a small study contract to Airbus UK by Ministry of Defence researchers.
Airbus Group's technology innovation arm in the UK announced Monday it secured a £1.4 million (US $2.1 million) deal late last year from the MoD's Defence Science and Technology Laboratory (Dstl) to study the development of a 3-D virtual world to enable analysts, military experts and others to collaborate and share situational awareness to detect and counter cyber attacks on information and weapon systems.
Link: http://www.defensenews.com/story/defense/policy-budget/cyber/2015/03/23/airbus-dstl-cyber-center-award/70326802/

Sunday, March 22, 2015

Newsalert - 2015 Mar 22

Apple is cracking down on antivirus apps
Apple has begun a campaign to remove antivirus apps from its App Store, 9to5Mac reports.
One of the first casualties of Apple’s crackdown was VirusBarrier iOS. A blog post published by the app’s developer explained that “several companies” were affected by Apple’s decision.
There’s no official announcement from Apple about its change in policies — it just started banning apps. What it’s cracking down on are any apps that claim to scan iPhone for viruses, promising to fix any viruses that it finds. It seems that Apple doesn’t want iPhone owners to believe that there are viruses on their phone just because an App Store app claims to be able to scan it and get rid of them.
Link: http://www.businessinsider.com/apple-antivirus-app-store-crack-down-intego-virusbarrier-2015-3

Organisations still not prepared to address the ‘enemy within’
Speaking to IT Security Guru, Clearswift senior vice president of products Guy Bunker said that in a sense, “everything is getting worse” as from the perspective of the organisation, the coupling of technologies with the open network are responsible for two-third of the threats within the extended enterprise.
The survey found that only 14 per cent of respondents believe that until their organisation has a serious internal data breach, it will never be taken as seriously as the threat of external hackers, while 72 per cent of companies believe internal security threats are still not treated with the same level of importance as external threats by the board.
Link: http://www.itproportal.com/2015/03/22/organisations-not-prepared-address-enemy-within/

LATEST DRIDEX CAMPAIGN EVADES DETECTION WITH AUTOCLOSE FUNCTION
Pushers of the Dridex banking malware have gone old-school for some time now, moving the malware through phishing messages executed by macros in Microsoft Office documents.
While macros are disabled by default since the release of Office 2007, the malware includes somewhat convincing social engineering that urges the user to enable macros—with directions included—in order to view an important invoice, bill or other sensitive document.
Pushers of the Dridex banking malware have gone old-school for some time now, moving the malware through phishing messages executed by macros in Microsoft Office documents.
The cat and mouse game between attackers and defenders took another turn recently when researchers at Proofpoint discovered that a recent spate of phishing messages contained macros-based attacks that did not execute until the malicious document was closed.
The technique, which involves the inclusion of an AutoClose method, which helps the malware sample evade detection.
Link: https://threatpost.com/latest-dridex-campaign-evades-detection-with-autoclose-function/111743

NJRat Trojan Returns To Life, Warns PhishMe
A remote access trojan, last seen a year ago, is making a reappearance warns security researcher
Tokazowski said that he had examined recent messages and the malware within, and discovered that the executable element had been compiled with .NET 4.0.
The warning came from security specialist PhishMe, which found evidence that the malware is making a comeback.
Link: http://www.techweekeurope.co.uk/security/cyberwar/njrat-trojan-returns-164887

 

 

Friday, March 20, 2015

Newsalert- March 19, 2015

Signature antivirus’ dirty little secret

[1st] …  organized criminals have entered the fray, and now customize malware for specific targets (such as Point-of-Sale malware), today’s threat do not wildly spread and touch as many victims quickly. This means it takes much longer for new malware to hit the threshold where AV companies might notice and analyze it.

Second, and more importantly, today’s malware has become much more evasive.

In summary, signature-based AV can’t keep up and fails to catch the latest malware on a regular basis. Behavioral or heuristics-based malware detection helps, but basic implementations found in host-based solutions are only partially effective. If you really want to protect your organization from today’s highly-evasion, constantly morphing threats, I highly recommend you add an advanced malware detection or next-generation sandbox solution to your existing layers of defense.

Link: http://www.net-security.org/article.php?id=2239&p=3

COMPUTERS CAN NOW PREDICT VIOLENT OUTBREAKS AROUND THE WORLD

Statistical and computer models that predict behavior might sound like science fiction, but several groups are doing similar research. In doing so they are identifying possible causes of conflict, raising hopes of prevention, and potentially providing guidance on safety and stability for development work.

Ulfelder is also working on a proposal to continue crowdsourcing development of the models from the USAID competition, getting software developers among the general public to improve them further.

With the Early Warning Project close to full deployment, Ulfelder admits that it now faces another crucial test, shared by any attempt at prediction. It must convince potential users that its assessments are credible.

Link: http://news360.com/digestarticle/vQGvRiFC3UCGyH9OjPxRtA

 

Premera Hacked - 4 Key Takeaways From Another Healthcare Data Grab

According to Premera, the breach was discovered on January 29th, the same day that Anthem Blue Cross uncovered a breach affecting almost 79 million customers, although Premera representatives say that the hacks were separate and the breaches were discovered independently. Krebs on Security, however, summarizes some important similarities between the attacks. Investigations are ongoing, but both appeared to use lookalike domain names to deliver malware to unsuspecting employees.

Link: http://blog.fortinet.com/post/premera-hacked-4-key-takeaways-from-another-healthcare-data-grab

 

Cybersecurity in Financial Services — A CSC Point of View

Today’s organizations enable multi-country operations through centralized shared services and regional hubs and are dependent on partner ecosystems to provide cost effective, efficient and customer-focused business services. As a consequence, modern banking systems have evolved across legislative borders with increased interconnection and complexity. This evolution has led to complex regulatory requirements, greater exposure to internal and external cybersecurity threats, and intensified concerns around data security and privacy across virtual borders.

This paper highlights the cybersecurity challenges faced by the financial services industry due to the changing nature of threats and business, and provides a view on mitigation strategies in order to strengthen the security posture.

Our point of view is that financial services institutions should consider a risk-based approach to cybersecurity with actionable threat intelligence by collaborating internally and externally. The risk-based approach consists of two parts. Firstly, organizations need to identify risk at a point in time and then undertake periodic reviews to identify changes in the threat landscape, threat actors, the likelihood of threats and any associated impact.

Link: http://www.csc.com/cybersecurity/insights/119469-cybersecurity_in_financial_services_a_csc_point_of_view

 

Corporate Security Policies: Their Effect on Security, and the Real Reason to Have Them

Sarah Clarke and a few others were running a discussion on Twitter trying to hash out if security policies have any value. The discussion was started by a person critically stating that as far as he was concerned, they have no value at all.

As Twitter isn’t a good medium for summarizing the potential values that were identified, Sarah and I challenged each other to both blog about, with both a public awareness/educational purpose, but also to test how closely aligned our thoughts are on the subject.

Link: http://www.tripwire.com/state-of-security/security-awareness/corporate-security-policies-their-effect-security/

 

Highly Skilled Russian Hackers a Threat to Financial System - State Dep’t

WASHINGTON (Sputnik) — Highly skilled hackers coupled with organized crime groups make cybercrime a significant problem in Russia, according to a US State Department annual report on money laundering and financial crimes.

“Cybercrime remains a significant problem,” the report, published on Wednesday, said. “Russia’s highly skilled hackers and traditional organized crime structures have followed the global trend of increasingly combining forces, resulting in an increased threat to the financial sector.”

Link: http://sputniknews.com/russia/20150319/1019700285.html

 

How to tackle cyber crime before people even know they’re a victim

By accessing financial intelligence, police are able to identify individuals who are sending money to known high-risk countries for fraud. They then notify these people with their suspicions that they may be involved in fraud. In many cases the people don’t even know they may be victims or involved in online fraud.

This proactive approach was originally pioneered by Queensland Police Service. Another example is Project Sunbird, a collaborative project between the West Australian Police (WAPOL) and the West Australian Department of Commerce (Commerce) which first started in 2012.

There are five stages to Project Sunbird: identification; intervention;‘ interruption; intelligence; and investigation.

Initial results from Project Sunbird have been very positive. Between March 2013 and July 2014, 1,969 first letters were sent to individuals. Financial intelligence indicates that approximately two thirds (66%) stopped sending money, with a further 14% reducing the amount of money transferred (transactions are examined three months prior and three months subsequent to the month the letter is received). Of those who continue to send money and receive a second letter, 44% stopped sending money and a further 33% reduced the amount being sent.

Link: http://www.businessspectator.com.au/article/2015/3/19/technology/how-tackle-cyber-crime-people-even-know-theyre-victim

 

New Security Mindset: Focus On The Interior

Chief privacy officer Jason Straight shares his insights on why organizations are struggling to stop the breach wave—and manage the aftermath.

An attorney, Straight runs the cyber-risk solutions practice for UnitedLex as well as its internal risk management operation. “We need to get lawyers more involved in cyber-risk,” says Straight, who at next month’s Interop conference in Las Vegas will give a presentation on insider threats as well as participate as a panelist debating the weakest links in security.

Link: http://www.darkreading.com/operations/new-security-mindset-focus-on-the-interior/d/d-id/1319529

 

OpenSSL fixes serious denial-of-service bug, 11 other flaws

OpenSSL released versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf Thursday to address 12 flaws, but not all OpenSSL versions were affected by all 12 flaws.

Link: http://www.computerworld.com/article/2899482/openssl-fixes-serious-denial-of-service-bug-11-other-flaws.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-03-19&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4

 

Cyber attackers leaving warning ‘messages’: NSA chief

Attackers hacking into American computer networks appear to be leaving “cyber fingerprints” to send a message that critical systems are vulnerable, the top US cyber-warrior said Thursday.

Admiral Michael Rogers, director of the National Security Agency and head of the Pentagon’s US Cyber Command, made the comments to a US Senate panel as he warned about the growing sophistication of cyber threats.

“The cyber intruders of today, in many cases, not only want to disrupt our actions, but they seek to establish a persistent presence on our networks,” he told the panel.

Link: http://phys.org/news/2015-03-cyber-messages-nsa-chief.html

 

ASIC lays out guidelines on cyber attacks

The Australian Securities and Investments Commission (ASIC) issued a new report Thursday designed to help regulated financial firms improve their ability to “prepare, respond, adapt and recover from a cyber attack”; a capability that it refers to as ‘cyber resilience’.

“This report outlines some ‘health check prompts’ to help businesses review their cyber resilience—including flagging relevant legal and compliance requirements, particularly on risk management and disclosure,” he added. “We encourage businesses, particularly where their exposure to a cyber attack may have a significant impact on financial consumers and investors or market integrity, to consider using the United States’ NIST Cybersecurity Framework to manage their cyber risks or stocktake their risk management practices.”

Link: http://www.investmentexecutive.com/-/asic-lays-out-guidelines-on-cyber-attacks?redirect=%2Fnews%2Ffrom-the-regulators

 

LAC Publishes First Report in Japan on APTs and on Relationships Linking Multiple Different Cyber-Attacks

<3857.T>

TOKYO, March 19, 2015 /PRNewswire/—LAC Co., Ltd. (Tokyo Stock Exchange/JASDAQ: 3857), a leading company in cyber security services in Japan, published its English version of Research Report on Advanced Persistent Threats in Japan on March 19. This report presents the results of analyses performed by Cyber Grid Japan based on information that was obtained by LAC’s Cyber Emergency Center through its responses to emergencies and its investigations into data breaches. It is the first technical report published in Japan on the results of research and analysis into some 80 Advanced Persistent Threats (APTs), which are highly skilled cyber-attacks targeting specific companies and organizations, that occurred in Japan.

Download Report: http://www.lac.co.jp/security/report/2015/03/19_cgview_01.html

Link: http://www.reuters.com/article/2015/03/19/lac-co-report-idUSnPn6GG4bq+98+PRN20150319

 

Operation Woolen Goldfish hackers spear phishing European firms

Trend Micro researchers reported uncovering the campaign in an Operation Woolen-Goldfish: When Kittens Go Phishing white paper, warning the attacks are likely a follow-up to the “Rocket Kitten” campaign discovered in December 2014.

Rocket Kitten was an attack campaign that targeted victims with basic spear phishing messages designed to entice them to open malicious Office files loaded with a rare “Ghole” malware.

Trend Micro said the follow-up Woolen Goldfish campaign is far more sophisticated.

Link: http://www.v3.co.uk/v3-uk/news/2400523/operation-woolen-goldfish-hackers-spear-phishing-european-firms

 

ThreatStream Announces New Advisory Board with Leading Experts from Cisco, Cloudera and ...

PR Newswire (press release)

REDWOOD CITY, Calif., March 19, 2015 /PRNewswire/—ThreatStream®, the leading provider of an enterprise-class threat intelligence platform, ...

Link: http://www.prnewswire.com/news-releases/threatstream-announces-new-advisory-board-with-leading-experts-from-cisco-cloudera-and-osg-consulting-300052882.html

Thursday, March 19, 2015

Newsalert - March 18, 2015

[From the desk of Paul Davis - his opinions and no-one else’s]
Middle of the week, a quiet news day but make sure you’re ready for the OpenSSL patching activities that will need to be launched today.

So onto the news:

Case study: When a hacker destroys your business

Former Distribute.IT co-founder Carl Woerndle shares his experience of the cyber attack that destroyed this business. It’s been almost four years since business owners Carl Woerndle and his brother Alex were caught up in a cyber attack so damaging it destroyed their once prospering technology business, Distribute.IT.

Carl Woerndle has given a warts and all account of how he and other staff at his former company dealt with the crisis and the fallout of the malicious hack in a new cyber security guide, in conjunction with the CIO Executive Council.

Link: http://www.cso.com.au/article/569410/case-study-when-hacker-destroys-your-business/

Regulators seek more authority in data breach bill

Federal regulators told lawmakers March 18 they want to see tougher provisions on rulemaking authority and protection of personal information added to data breach notification legislation before it becomes law.

The bill, which was recently released as a discussion draft, would set a national standard for companies to report data breach notifications within 30 days of the discovery of a hack, if there is a risk of financial harm or fraud to consumers. The draft defines personal information as Social Security numbers, as well as account credentials stored by covered commercial companies. The bill would preempt the patchwork of 47 state laws covering data breach notification, but would not intrude on the areas of health care and financial institution data covered by existing law.

Link: http://fcw.com/articles/2015/03/18/regulators-data-bill.aspx

The days of mass attacks are over; now it’s all about big data

Security execs at CeBit spoke about how the threat landscape has changed and warned against the temptation to hack back. “It’s a big data game these days, it’s not about mass attacks,” said Vincent Steckler, CEO of Avast, describing how hacking has changed in the past few years. “Consumers are no longer targeted on a mass scale,” Steckler said.

Instead, hackers identify what they’re after at a company—typically corporate secrets or other data—and they go for it, said Natalya Kaspersky, CEO of InfoWatch and the co-founder and former CEO of Kaspersky Lab.

Link: http://www.fierceitsecurity.com/story/days-mass-attacks-are-over-now-its-all-about-big-data/2015-03-18


APPLE PATCHES WEBKIT VULNERABILITIES IN SAFARI

Apple on Tuesday pushed out new versions of its Safari browser that address 17 security vulnerabilities in the WebKit engine.

“A user interface inconsistency existed in Safari that allowed an attacker to misrepresent the URL,” Apple said. “This issue was addressed through improved user interface consistency checks.”

Link: https://threatpost.com/apple-patches-webkit-vulnerabilities-in-safari/111699

Feedback, questions? Our mailing address is: .(JavaScript must be enabled to view this email address)


If someone forwarded this email to you and you want to be added in,
please click this:  Subscribe to this list

Monday, March 16, 2015

Newsalert - March 15 2015

Modulo Named as a Visionary in Inaugural Gartner 2015 Magic Quadrant for IT Risk Management

Insurance News Net

“This year marks Modulo’s 30th birthday as an independent security risk ... Today, thousands of customers globally rely on our GRC automation ...

Link: http://insurancenewsnet.com/oarticle/2015/03/13/modulo-named-as-a-visionary-in-inaugural-gartner-2015-magic-quadrant-for-it-risk-a-605359.html

Area banker to highlight cyber security

Jack Hartings was recently elected to a one-year term as chairman of the Independent Community Bankers of America and looks to advocate legislation mandating other industries to share in improving cybersecurity. A Coldwater bank president wants to use his new post as chairman of a national banking association to push for improved cybersecurity and de regulation.

Link: http://www.dailystandard.com/archive/2015-03-14/stories/26292/area-banker-to-highlight-cyber-security

Influential National Association of Insurance Commissioners (NAIC) moves on Cyber

It is essential for insurers and insurance producers to join Financial Services Information Sharing and Analysis Center (FSISAC) to share information and stay informed about cyber and physical threat intelligence analysis and sharing.

Link: https://ctovision.com/2015/03/influential-national-association-of-insurance-commissioners-naic-moves-on-cyber/

Survey: 54% of Patients Would Switch Providers After Data Breach

54 percent of patients say they would be “very” or “moderately likely” to change providers after a security data breach impacting their personal health information, according to a recent survey conducted by Software Advice. In light of recent high-profile security breaches at medical organizations such as Anthem, Software Advice surveyed patients on their fears of a breach, and explored how software solutions can minimize data security risks.  The survey also assessed how likely patients would be to change providers as a result of various security-breach scenarios…

Link: http://hitconsultant.net/2015/03/13/patients-would-switch-providers-data-breach/

BlackBerry And IBM Introduce The SecuTABLET Targeted For Government and Enterprise

This new tablet, called the SecuTABLET, is basically a Samsung Galaxy Tab S 10.5 and utilizes IBM’s wrapping technology to prevent data leaks from applications such as Facebook that could cause security issues through such possible threats such as malware or viruses. Even if the tablet were to become infected, it would be capable of keeping sensitive data secure and prevent a security leak. This technology will work in a seamless tandem with other solutions by Secusmart and it is also seeking approval by the German government for secure communication and data security.

Link: http://www.androidheadlines.com/2015/03/blackberry-and-ibm-introduce-the-secutablet-targeted-for-government-and-enterprise.html

A cyber war staged in central London

In 2014, the competition took place in an underground bunker of the Churchill War Rooms, with prizes worth £100,000 going toward educational and career advancement opportunities. The competition, known as the Masterclass and developed by a group of cyber experts led by BT, is now in its fifth year and aims to plug the skills shortage currently affecting both governments and UK businesses. The competition essentially invites participants to put their skills to the test and experience a dramatized version of events faced by regular cybercrime fighting professionals. It also allows sponsors of the competition such as BT, Lockheed Martin, and Airbus, to hover on the sidelines and cherry pick the next cybercrime busting whizz kids.

Link: http://arstechnica.com/security/2015/03/a-cyber-war-staged-in-central-london/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

U.S. warns IS may soon launch cyber attacks on American companies, government

The head of the U.S. Senate Intelligence Committee has said that the Islamic State (IS) may soon launch cyber-attacks on U.S. infrastructure, companies and government.

Link: http://www.sify.com/news/us-warns-is-may-soon-launch-cyber-attacks-on-american-companies-government-news-international-pdoqaphcdifje.html

Jamieoliver.com still compromised, now drops digitally signed malware

Malwarebytes Unpacked

Popular Chef Jamie Oliver is still serving… malware through his website. This is the second case within a month so foodies should be careful before ...

Link: https://blog.malwarebytes.org/exploits-2/2015/03/jamieoliver-com-still-compromised-now-drops-digitally-signed-malware/

Hackers developing file-infecting Virlock ransomware with resurrection powers

“We recently came across one malware family, detected as PE_VIRLOCK, that not only locks the computer screen but infects files - a first for ransomware,” read the advisory. This instructs Virlock to check infected machines for specific file types, … Virlock is believed to be a work in progress, and the researchers expect fresh variants to appear in the near future.

Link: http://www.v3.co.uk/v3-uk/news/2399602/hackers-developing-file-infecting-virlock-ransomware-with-resurrection-powers

Russia Hacking Your News

If you follow today’s news and social media news feeds, then you are probably aware of what kind of danger inaccurate news-story covering poses, and how tricky it can be when it influences public opinion. Nowadays, it is a common journalists’ mistake to jump the gun and share some unverified news with the entire world via Twitter Inc (NYSE:TWTR), Facebook Inc (NASDAQ:FB) and what have you.

Russian propagandists are particularly focused on being creative with how to break in the modern news delivery system. And to be honest, they are already quite creative. It is especially easy to fall for Russian propaganda when its spread in the form of unverifiable but convincingly looking data such as survey polls or some local events that are difficult to disprove.

Link: http://www.valuewalk.com/2015/03/russia-hacking-your-news/

Justice Department proposal for computer search warrants raises hackles

WASHINGTON — A Justice Department proposal that could make it easier to locate and hack into computers that are part of criminal investigations is raising constitutional concerns from privacy groups and Google, who fear the plan could have broad implications.

The Justice Department wants the rules changed so judges in a district where “activities related to a crime” have occurred could approve warrants to search computers outside their districts. The government says that flexibility is needed for cases in which the government can’t figure out the location of a computer and needs a warrant to access it remotely, and for investigations involving botnets — networks of computers infected with a virus that spill across judicial districts.

Link: http://triblive.com/usworld/nation/7969441-74/proposal-computer-privacy#axzz3UUx1bBJQ

 

Friday, March 13, 2015

Newsalert - March 12, 2015

From the desk of Paul Davis - his opinions and no-one else’s]
Make sure you’re keeping on top of patching Adobe.  New patch released

For now for the news:

Data retention: Netherlands court strikes down law as breach of privacy

Under the Dutch law telephone companies were required to store information about all fixed and mobile phone calls for a year. Internet providers had to store information on their clients’ internet use for six months.

The written judgment by Judge GP van Ham conceded that scrapping the data storage “could have far-reaching consequences for investigating and prosecuting crimes” but added that this could not justify the privacy breaches the law entailed.

The judge did not set a deadline for disposing of the data.

Link: http://www.theguardian.com/technology/2015/mar/12/data-retention-netherlands-court-strikes-down-law-as-breach-of-privacy

BT enhances security portfolio with Darktrace’s cyber threat detection capabilities

BT today announced that it is integrating technology from Darktrace, one of the world’s fastest growing cyber threat defence companies, to deliver next-generation cyber threat detection and intelligence services to the global market.

Darktrace’s Enterprise Immune System technology, which is capable of detecting sophisticated cyber threats from within enterprise networks, will be added to BT’s security portfolio. The service will be available as both part of an integrated cyber security offering, as well as a point solution within BT’s Assure portfolio of managed security services.

Link: http://www.btplc.com/news/articles/showarticle.cfm?articleid={6d66f1bb-fa9f-4c25-a149-609502423a8e}

Public Sector Increasingly Targeted by Powerful DDoS Attacks

The Q4 2014 DDoS Trends Report (gated) reveals that the public sector is increasingly being targeted by distributed denial of service (DDoS) attacks, most likely due to politically motivated attacks by hacktivists targeting government networks in reaction to highly publicized events like the protests in Hong Kong and Ferguson, Missouri.

We expect 2015 to yield even more instances as these types of events gain significant public attention and DDoS-as-a service grows in availability and popularity.”

Using threat intelligence to identify and block potentially malicious activity and the automatic implementation of mitigating controls in real time – before the perimeter is ever compromised – can greatly reduce the overall attack surface of an organization.

Link: http://www.infosecisland.com/blogview/24371-Public-Sector-Increasingly-Targeted-by-Powerful-DDoS-Attacks.html

This Might Be The Next Coveted Leadership Position Of 2015

The most transformational job in the corporate world right now isn’t glamorous, certainly isn’t easy, and at times is even a little thankless. It’s a job where little can go right and a lot can go catastrophically wrong. If that isn’t enough, it’s probably the hottest seat in corporate America today.

The job I am talking about is that of the chief information security officer (CISO). And, if I were rising through the ranks of an enterprise IT department, CISO is the job I would seek out to make my mark.

Link: http://www.fastcompany.com/3043376/how-to-earn-respect-from-the-hottest-seat-in-leadership-today

Why IAM is topping security investments in 2015

Most high-profile information security breaches in the past year have featured some form of credential theft to enable abuse of privileged accounts, and therefore it is not surprising that identity and access management (IAM) is set to move to the fore in 2015.

IAM is to be the top security initiative by UK and European firms in 2015, according to the latest annual TechTarget/Computer Weekly IT Spending Priorities survey, replacing network security in the top spot of European countries in 2014 and mobile endpoint security for UK companies.

According to Forrester Research, investment in IAM has grown from just 7% of the total IT spend in 2012 to 10% in 2014. The TechTarget/Computer Weekly data shows this trend is set to continue.

Although no longer in top spot for Europe, network-based security has moved down only one position and therefore remains a high priority for 32% of respondents.

Unsurprisingly, data loss prevention (31%) and cloud security (28%) remain among the top priorities for European companies in the light of increased cyber attacks aimed at stealing intellectual property and the growing adoption of cloud technologies to cut costs and improve efficiency.

Link: http://www.computerweekly.com/news/2240242097/Why-IAM-is-topping-security-investments-in-2015?asrc=EM_EDA_40613056&utm_medium=EM&utm_source=EDA&utm_campaign=20150312_UK%20businesses%20report%20increase%20in%20female%20IT%20pros%20over%20past%20five%20years_

The Battle Has Moved to the Endpoints and Beyond

The threat of web-based malware has caused a shift in investment into more perimeter-based security systems that focus more on detection and response rather than prevention in 2015—explains Ericka Chickowski, reporting on recent Ponemon findings in Dark Reading.

The survey, based on the responses of over 700 IT and IT security practitioners, shows that an astounding 95% of organizations reported that they are moving from prevention to a detect-and-respond-based approach to security. It also found that 80% of the respondents consider web-borne malware as their most frequent attack vector and 68% of organizations represented consider endpoint security as a higher priority in 2015.

Link: http://www.infosecisland.com/blogview/24372-The-Battle-Has-Moved-to-the-Endpoints-and-Beyond.html

Legal Solutions Provider Epiq Systems Expands Data Breach Solutions

NEW YORK, March 12, 2015 (GLOBE NEWSWIRE)—Epiq Systems, Inc. (Nasdaq:EPIQ), a leading global provider of integrated technology solutions for the legal profession, today appointed Brookes Taney as vice president to lead its expanded data breach solutions group.

The data breach solutions group now offers clients a single point of contact to access Epiq’s cross-department expertise in eDiscovery and settlement administration services, including information governance consulting, forensics, electronic discovery, breach notification, breach remediation and call center deployment.

Link: http://www.globenewswire.com/news-release/2015/03/12/714704/10124245/en/Legal-Solutions-Provider-Epiq-Systems-Expands-Data-Breach-Solutions.html

Determining Whether a HIPAA Data Breach Occurred

Covered entities need to be able to determine if a HIPAA data breach has taken place following the potential exposure of sensitive data. The implementation of the HIPAA Omnibus Rule slightly changed this process, in that there were new determining factors for assessing exactly what constitutes a data breach.

It is also important to note that there are three exceptions to the data breach definition, according to HHS. A HIPAA data breach is not always the outcome of a healthcare facility’s security measures being infiltrated. However, it is essential that covered entities are able to determine if this type of breach occurred and know how to take next step.

Link: http://healthitsecurity.com/2015/03/12/determining-whether-a-hipaa-data-breach-occurred/

Report: 71 percent of orgs were successfully attacked in 2014

Altogether, 71 percent of respondents said that their organization’s global network was compromised by a successful cyber attack in 2014 – a number that jumped up from 62 percent in the year prior – and 22 percent said that their organization experienced six or more successful attacks, according to the report.

Report: 71 percent of orgs were successfully attacked in 2014

The number of successful cyber attacks against organizations is increasing, according to the “2015 Cyberthreat Defense Report” from CyberEdge Group, which surveyed 814 IT security decision makers and practitioners from organizations – in 19 industries – across North America and Europe.

Altogether, 71 percent of respondents said that their organization’s global network was compromised by a successful cyber attack in 2014 – a number that jumped up from 62 percent in the year prior – and 22 percent said that their organization experienced six or more successful attacks, according to the report.

Another reason for the rise is that attackers are refining their tactics – for example, they perform reconnaissance to carry out targeted spear phishing attacks involving malware, Piper said. In the report, respondents cited phishing attacks, malware and zero-day attacks as the top threats that are causing concern.

Link: http://www.scmagazine.com/report-71-percent-of-orgs-were-successfully-attacked-in-2014/article/403267/

US industrial control systems attacked 245 times in 12 months

… the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has revealed. The figure was included in a report by the ICS-CERT, which operates within the National Cybersecurity and Integration Center, itself a part of the Department of Homeland Security.The group said that 55 percent of investigated incidents showed signs that advanced persistent threats had been used to breach systems. The energy sector accounted for the most incidents at 79, but perhaps the more alarming figure is that 65 incidents concerned cyber infiltration of the manufacturers of ICS hardware.

Link: http://www.v3.co.uk/v3-uk/news/2399334/us-industrial-control-systems-attacked-245-times-in-12-months

Swimlane launches automated security operations management platform

Tempe, AZ, March 12—Phoenix Data Security has announced the launch of Swimlane, a new security operations management platform and company focused on empowering enterprises and government agencies with data-driven automation and orchestration for incident response and improved security operations.

Swimlane centralizes an organization’s security alerts, alarms and incidents to automate resolution and deliver a better ROI on current and future security investments. Using software-defined security (SDSec) methods and security orchestration, Swimlane reduces manual effort by automatically responding to alerts, gathering related threat intelligence and automating the implementation of security controls, all which aides in protecting the organization from future attacks.

Link: http://www.gsnmagazine.com/node/44150?c=security_services

Patch Flash now: Google Project Zero, Intel and pals school Adobe on security 101

Hot on the heels of Microsoft’s Patch Tuesday release, Adobe has published security fixes for its Flash Player browser plugin.

The March 12 update for the internet’s screen door addresses 11 CVE-listed vulnerabilities. Adobe is listing the patch as a top deployment priority for Windows, OS X and Linux systems.

Link: http://www.theregister.co.uk/2015/03/12/adobe_kicks_out_flash_security_fix/
Feedback, questions? Our mailing address is: .(JavaScript must be enabled to view this email address)


If someone forwarded this email to you and you want to be added in,
please click this:  Subscribe to this list

Thursday, March 12, 2015

Newsalert - March 11, 2015

[From the desk of Paul Davis - his opinions and no-one else’s]
If you dealing with the challenges of PCI, look out for the invites to get “early” access to the latest Verizon report.  Provides some great insight and support for compliance.

For now for the news:

Eighty pct of global merchants fall short on card data security compliance: report

(Reuters) - Four out of five global retailers and other merchants failed interim tests to determine whether they are in compliance with payment card data security standards, putting them at increased risk of cyberattacks, according to a new report by Verizon Communications Inc.

The report, which gathered data in 30 countries by assessing more than 5,000 merchants including retailers, financial institutions and hospitality firms among others, found only 20 percent of those tested to be fully compliant less than a year after installing security safeguards. [Link to report: vz.to/PCIR15X ]

From 2013-2014, overall compliance went up by 18 percentage points for 11 out of the 12 payment data security standards.

Link: http://www.reuters.com/article/2015/03/11/cybersecurity-usa-idUSL4N0WC4TV20150311

Kaspersky reveals CAPTCHA-tricking Podec Trojan (11 Mar 2015 01:58 GMT)

… security software company said on March 10 that the malware, Trojan-SMS.Android … premium-rate services, said the security software company. According to Kaspersky, Podec … or its deletion. Additionally, the Trojan employs obfuscation and an …

Link: http://www.zdnet.com/article/kaspersky-reveals-captcha-tricking-podec-trojan/#ftag=RSSbaffb68

PayPal buys Israel cyber security firm for £40 million

PayPal’s purchase of the Beersheva-based company, which protects against malware and predicts future hacking techniques, is part of the company’s plan to expand its existing operations in Israel.

Link: http://www.thejc.com/news/world-news/131425/paypal-buys-israel-cyber-security-firm-%C2%A340-million

Four critical questions to ask yourself When looking for a Cyber Threat Intelligence Partner

When looking for a cyber threat intelligence solution you need to understand that you aren’t buying technology so much as engaging with a long-term partner that extends the size of your team and strengthens your defenses - or at least that should be the case.

Link: http://www.isightpartners.com/2015/03/four-critical-questions-to-ask-yourself-when-looking-for-a-cyber-threat-intelligence-partner/

Isle of Man steps up efforts to court cryptocurrency startups

The Isle of Man (IoM) government says it’s making good legislative headway on the regulation of cryptocurrencies, as it seeks to position itself as a prime location for firms dealing in digital money.

The Isle of Man has made a concerted effort over the past year to attract cryptocurrency startups and drive up the contribution e-business makes to its economy from 20% now to at least 23% by 2020.

Link: http://www.computerweekly.com/news/2240242032/Isle-of-Man-steps-up-efforts-to-court-cryptocurrency-startups?asrc=EM_EDA_40567090&utm_medium=EM&utm_source=EDA&utm_campaign=20150311_Apple%20and%20Microsoft%20patch%20Freak%20vulnerability_

Businesses taking PCI compliance more seriously: Verizon

The number of organisations that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent, according to the latest Verizon PCI compliance report.

The report indicated that the level of full compliance was due to an improvement of compliance across the board, with over 60 percent of companies assessed during 2014 compliant with any of the 12 PCI DSS requirements. As a result, PCI DSS compliance went up by an average of 18 percent for 11 out of 12 requirements.

Link: http://www.zdnet.com/article/businesses-taking-pci-compliance-more-seriously-verizon/#ftag=RSSbaffb68

Fast-changing security threats overwhelm IT managers - survey

The study of just over 1,000 security professionals in the United States, Britain and Canada paints a picture of mounting pressures on organisations due to a shortage of necessary specialist skills, tight budgets and poor employee education.The study found 54 percent of respondents believed security staffing levels inside their organisations needed to double in size and another 24 percent said they needed to quadruple, in order to cope with the range of cybersecurity issues they face.

The poll was conducted in December and January by a third-party firm on behalf of Trustwave and drew on responses from more than 600 U.S. security professionals and another 200 each in Canada and Britain.

Link: http://uk.reuters.com/article/2015/03/11/uk-cybersecurity-survey-idUKKBN0M727A20150311

Targeting law firms

While cybercrime has plagued U.S.-based law firms quietly for close to a decade, the frequency of attempts and attacks has been increasing substantially. Numbers aren’t available, since unlike hacking at financial institutions, law firms have no legal obligations to disclose cybercrimes to the public.

But experts say that these crimes have increased, particularly at firms whose practices involve government contracts or mergers and acquisitions, especially when non-U.S. companies or countries are involved.

At least 80 percent of the biggest 100 law firms have had some sort of breach, Peter Tyrrell, the chief operating officer of Digital Guardian, a data security software company, said in a telephone interview.

Link: http://thedailyrecord.com/2015/03/11/targeting-law-firms/#ixzz3U7lh5WkL

Self-deleting malware targets home routers to gather information

Attackers could be using VICEPASS for reconnaissance, or for future cross-site request forgery attacks. Researchers with Trend Micro have analyzed ...

Link: http://www.scmagazine.com/malware-that-connects-to-home-routers-deletes-itself-without-a-trace/article/403050/

EiQ Networks Launches SecureVue STIG Profiler to Protect Against Cyber Attacks

BOSTON, March 11, 2015 /PRNewswire/—EiQ Networks, a pioneer in continuous security intelligence, risk and compliance solutions, launched SecureVue STIG Profiler, a free software solution that plays a critical role in STIG compliance monitoring.  The Defense Information Systems Agency (DISA) issues Security Technical Implementation Guides (STIG) that detail the specific configurations settings that must be implemented for various networked devices and applications.  Department of Defense agencies and contractors supporting DoD are required to implement the configurations standards outlined in the STIGs in an effort to better secure networks and prevent cyber attacks.  A system can have multiple STIGs that apply to it based upon the operating system and applications installed. One of the more time consuming aspects with the implementation of the STIGs is knowing what STIGs apply to any given system.  Up until today this has been a very manual and time consuming process. The SecureVue STIG Profiler automates this part of the STIG process and in turn, provides detailed information regarding what STIGs apply to a system based upon the software installed. 

Link: http://www.reuters.com/article/2015/03/11/ma-eiq-securevuestig-idUSnPnXkkpH+51+PRN20150311

Hexis Cyber Solutions Launches Latest Version of HawkEye AP for Insider Threat Detection and Advanced Big Data Analytics

HANOVER, Md., March 10, 2015 (GLOBE NEWSWIRE)—Hexis Cyber Solutions, Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced the latest version of HawkEye AP, its highly scalable, log management solution that provides sophisticated analytics on high volumes of event data. With a new intuitive graphical user interface and an advanced analytics toolbox, HawkEye AP gives users a wide range of new capabilities to model and analyze data according to their specific needs. Included with this release is a new out-of-the-box model covering Insider Threat Detection.

Link: http://www.virtual-strategy.com/2015/03/10/hexis-cyber-solutions-launches-latest-version-hawkeye-ap-insider-threat-detection-and-adv#axzz3U7otOW7W
Feedback, questions? Our mailing address is: .(JavaScript must be enabled to view this email address)


If someone forwarded this email to you and you want to be added in,
please click this:  Subscribe to this list