Cyber Security Institute

News

Friday, December 09, 2016

IT Security Industry News - 2016/12/08

MORE... (0) Comments

Sunday, August 28, 2016

IR News Security - 2016-08-28

Table of Contents

  • Automate, integrate, collaborate: Devops lessons for security
  • Dragos Raises $1.2M in DataTribe-Led Seed Funding Round for Cyber Threat Operations Center; Robert Lee Comments
  • Cyber Pain Points: Failure to get buy-in for Incident Response Plan (IRP) in the top 10!
  • Cybereason Named a Top 'Disruptive Innovator' by Juniper Research
  • Confronting Cybersecurity Challenges Through US-Singapore Partnership – Analysis
  • The New EU Cybersecurity Directive: What Impact on Digital Service Providers?
  • CISO Hunting Tags: What threat hunting should mean to you
  • 4 Tips to Give You Greater Network Visibility and Prepare You to Survive a Breach
  • What’s next for threat intelligence?
  • RiskSense Selected Best Cyber Risk Management Software of the Year
  • InCommon Enters Proof of Concept for Federated Incident Response
  • AI will help virtualised data containers manage their own security, access control
  • Japanese government plans cyber attack institute



Automate, integrate, collaborate: Devops lessons for security
Enterprise security pros are often seen as heavy-handed gatekeepers obsessed with reducing risk.
They'd rather be viewed as enablers who help the organization complete tasks and gain access to needed data. 
To make that transformation, security teams must become faster, more efficient, and more adaptable to change.
That sounds a lot like devops. 
As more companies embrace devops principles to help developers and operations teams work together to improve software development and maintenance, those organizations also increasingly seek to embed security into their processes.
Continuous automated testing improves application security.
Increased visibility in operations improves network security. 
When data collection and analysis is automated, developers, security teams, and operations can work together.
The benefits go beyond application security.
Song describes an organization that saw sales drop dramatically after pushing out a feature update to their ecommerce application.
Was the problem with the update or the application itself.
It turned out that the SSL certificate had expired.
With all the players in one place, it was easier to identify and fix the problem.
There is a "fusion of different operations and teams working together," she says. 
Security doesn't operate in a silo, Song says.
Removing barriers between teams gives security operations information about what is happening faster.
Faster alerts means security operations are looking at the problem earlier in the cycle, and better information on hand helps the team figure out a solution.
Link: http://www.cio.com/article/3110267/security/automate-integrate-collaborate-devops-lessons-for-security.html?token=%23tk.CIONLE_nlt_cio_insider_2016-08-24&idg_eid=e87b17913ba9d312d52f2efa84a73904&utm_s



Dragos Raises $1.2M in DataTribe-Led Seed Funding Round for Cyber Threat Operations Center; Robert Lee Comments 
Dragos will use the funds to establish a threat operations facility that will work to provide cyber threat detection services for industrial control systems and supervisory control and data acquisition platforms as well as develop technologies intended for ICS networks, the company said Wednesday.
Link: http://blog.executivebiz.com/2016/08/dragos-raises-1-2m-in-datatribe-led-seed-funding-round-for-cyber-threat-operations-center-robert-lee-comments/



Cyber Pain Points: Failure to get buy-in for Incident Response Plan (IRP) in the top 10! 
Here’s the list of all 10 Pain Points:
-  Lack of a cross-functional “incident commander” to coordinate response across the organization
-  Incident response plans lack cross-organizational considerations and buy-in
-  Limited data classification guidance to help determine severity and guide incident response activities
-  Ill-defined processes (aka “pre-thought use cases”) for responding to high impact incidents
-  Lack of defined checklists or step-by-step procedures, including contact lists for response
-  Lack of consideration of the business impact when determining courses of action for response
-  Ill-defined or mixed use of event and incident taxonomy between responders
-  Lack of defined thresholds between events and incidents to aid in decision making
-  Limited or lack of pre-determined (aka “pre-canned”) external communication statements
-  Lack of training and exercise of “memory muscle” for the most likely or high risk incidents
Link: http://www.lexology.com/library/detail.aspx?g=6e634387-8729-436e-9c38-1a619856714d



Cybereason Named a Top 'Disruptive Innovator' by Juniper Research 
Cybereason today announced that the company and its Military-Grade, Real-Time Detection and Response Platform, has been named by Juniper Research as one of the Top Three ‘Disruptive Innovators to Watch in 2016.' Cybereason is the only cybersecurity company to make the watch list.
Link: http://www.benzinga.com/pressreleases/16/08/p8387819/cybereason-named-a-top-disruptive-innovator-by-juniper-research



Confronting Cybersecurity Challenges Through US-Singapore Partnership – Analysis
As a key deliverable to PM Lee’s visit, Singapore’s Cyber Security Agency (CSA) and the US Department of Homeland Security (DHS) co-signed on 2 August a Memorandum of Understanding (MOU) on the Cooperation in the Area of Cybersecurity, which lays a foundation for cooperation on cyber-related issues. 
This agreement covers cooperation in key areas that include regular Computer Emergency Response Teams (CERT) to CERT information exchanges and sharing of best practices, coordination of cyber incident response, conducting new bilateral initiatives on critical infrastructure protection, and continued cooperation on cybercrime, cyber defense, and on regional capacity building. 
Singapore’s CSA has entered into four other bilateral cyber MOUs signed with France, United Kingdom, India and the Netherlands.
The agreement with the US is the fifth and an important milestone for both countries.
It is the first cyber agreement between an ASEAN nation and the US.
While Singapore benefits from accessing knowledge about cyber threats and mitigation responses from the US, Washington will equally gain deeper insights into the cyber threats experienced by Singapore and potentially the South East Asia region. 
Both Singapore and the US are becoming more digitally dependent, with Singapore having aspirations to be the world’s first Smart Nation.
The creative use of information and communications technology (ICT) and Internet of Things (IOT) will undoubtedly bring about significant advances in the way we live, work and play through predictive and automated decision-making based on detailed collected data on individuals. 
From 16-18 August 2016, Singapore’s CSA, Ministry of Foreign Affairs and the US Department of State’s Third Country Training Programme hosted an ASEAN Cybersecurity workshop, the first of its kind.
This Singapore and US lead diplomatic effort brought together ASEAN cyber officials from both policy and technical offices to discuss developing and implementing national cybersecurity strategies, cyber incident response, multi-stakeholder engagement, private-public partnerships and building a culture of cybersecurity. 
Singapore is in a unique position to take the necessary technological leadership role in enhancing its national cybersecurity posture while supporting the region.
The shared insights and experience by both Singapore and the US can be of considerable benefit to the ASEAN countries and to the larger global community as all nations continue to seek ways to improve their cybersecurity postures.
Link: http://www.eurasiareview.com/24082016-confronting-cybersecurity-challenges-through-us-singapore-partnership-analysis/



The New EU Cybersecurity Directive: What Impact on Digital Service Providers? 
Considerable disagreement surrounded the inclusion of digital service providers within the draft NIS Directive, bringing opposition from the European Parliament, various Member States, and entities falling under the definition of "digital service provider." These opponents viewed cyberattacks on digital service providers as insufficiently significant and therefore argued against additional regulation, which would potentially negatively affect innovation.
While the final NIS Directive does extend to digital service providers, it subjects them to a lighter regulatory touch than essential service operators.[1] 
DSP services cover the three following categories (NIS Directive (Annex III)): "online marketplace," "online search engine," and "cloud computing services": 
"Online marketplace" covers "a digital service that allows consumers and/or traders to conclude online sales or services contracts with traders either on the online marketplace’s website or on a trader’s website that uses computing services provided by the online marketplace." 
"Online search engine" covers "a digital service that allows users to perform searches of all websites or websites in a particular language on the basis of a query on any subject in the form of a keyword, phrase or other input, and returns links in which information related to the requested content can be found." 
"Cloud computing service" means "a digital service that enables access to a scalable and elastic pool of shareable computing resources." 
Security Requirements.
The NIS Directive aims at implementation of "state of the art" measures.
It requires the following from DSPs: 
dentify and take appropriate technical and organizational measures to manage the risks facing the security of the network and information systems used in offering services within the EU. 
Take measures to prevent and minimize the impact of incidents affecting the security of their network and information systems on services offered within the EU, with a view toward ensuring service continuity. 
Incident Notification Requirements.
DSPs must promptly notify the competent authority or "Computer Security Incident Response Team" ("CSIRT")designated by the EU Member State of any incident having a substantial impact on the provision of a service offered within the EU.
Notifications must include information to enable the competent authority or CSIRT to determine the significance of any cross-border impact.
However, the notification should not expose the notifying party to increased liability. 
Regarding implementation of the NIS Directive, EU Member States are required to adopt the Directive’s strategy for regulatory measures for cybersecurity within the EU, to create a computer security incident response team for EU nations to address cross-border security incidents, and to establish a unified strategic cooperation group to encourage Member States to exchange information. 
National Strategy for the Security of Network and Information Systems.
EU Member States must adopt a national strategy defining the objectives, as well as appropriate policy and regulatory measures, in order to achieve a high level of security. 
Post-Notification Procedure.
After consulting the DSP concerned, the notified competent authority or CSIRT (and, where appropriate, the authorities or CSIRTs of other EU Member States concerned) may inform the public about individual incidents or require the DSP to do so, if it determines that public awareness is necessary to prevent an incident or respond to an ongoing incident, or where disclosure of the incident is otherwise in the public interest. 
The NIS Directive’s potential reach over entities established outside of the EU also calls for companies to evaluate whether their activities may bring them within the scope of the Directive.
As penalties for noncompliance are yet to be determined by each Member State, this is even greater reason for companies to ensure that they do not fall foul of the NIS Directive.
Link: http://www.lexology.com/library/detail.aspx?g=ed581119-9a2a-4881-a581-b40e6ecd710f



CISO Hunting Tags: What threat hunting should mean to you
The better your network security and the better engineered the security program.
The absolute best your incident response and threat team should likely reflect.
As your security team increases in skill and demonstrable capability in keeping the network closed.
The more likely that the threats found inside are going to have superlative capability.
Thus, your teams that are the shock absorber for incident response (CIRT and threat hunting) are going to need superlative skill.
Thus, we are looking at highly mature and more importantly well-funded programs.
At some point I’ll write a post talking about right sizing and right funding a security program from a realist point of view. 
Having a good log collection and netflow analysis capability allows you to hunt for threats.
Many people focus on the current network traffic and looking for real time anomalies.
A world class program will keep netflow logged for a window of a year. 
Hunting takes on a sense of stalking, following indicators of possible compromise to particular hosts.
Things like beacons, web pages, slow machines, and other elements might get your notice. 
Whether randomly pulling boxes from production for examination, or given a tip-off from the network surveillance.
Hunting on a host usually starts in the file system and memory system.
There are ways to dump the memory of a host and then evaluate it for possible previously undetected malware.
SANS and others teach memory forensics courses that serve the threat hunting team well in the skills development area.
In my experience I have pulled boxes out of production I thought were exploited only to at a forensic level refute that hypothesis.
In other cases I pulled boxes from production that had no sign of issues and had twenty or more variants of malware infesting them.2005 Robin Hood
reliability and validity are not the same thing.
The dichotomy of discovery based on the nearly random nature of some of the processes make the analogy of hunting work.
You can stalk, you hunt from a blind, or you can take whatever walks into your path.
It is all about looking for things that you didn’t know exist.
Your team needs to be active persistent defensive agents on the network.
The time intensive and mission impacts of interdicting a host all result in managerial reluctance.
That reluctance is well founded because a host may have exploitation’s that will result in downtime. 
I often get asked two questions.
What is the role of honeypots/nets in threat hunting and why do we do this.
Discussing the first question a honeypot is literally a sophisticated intrusion detection system.
From a realist point of view you can think of the honeynet as a sensor, or trip line that gives you warning. 
You only have so many resources, and you only have so much time.
I shepherd my security teams closely to make sure nobody is burning out, and try and maintain a good work/life balance when leading teams.
Threat hunting in the short term creates more work for the teams in general.
Over the long term it decreases the CIRT teams time on response tasks and informs the security team of better protection measures.
If you as a CISO enforce the security feedback loops and configuration controls that will be illuminated by hunting on your network. 
Threat feeds carry lots of indicators of compromise that can be used to defend your network.
Those feeds can be days behind the actual adversary.
The various threat feeds are not necessarily customized to your business, infrastructure, or political standing.
They are in fact part of the information security portion of the CISO portfolio not the threat hunting portion.
The threat hunting group is looking for that last finite number of threats that make it through your world class information security perimeter.
Since this is identifying the worst of the worst and likely the most entrenched adversary.
The whole reason you do this is to finally say you have reduced the surprise factor of network security management to a known level.
Link: http://selil.com/archives/6813



4 Tips to Give You Greater Network Visibility and Prepare You to Survive a Breach
No. 1: Ensure that you have logs, and that they are protected.
No. 2: Keep your database of systems and applications up-to-date. 
No. 3: Have a method to capture network traffic and to send alerts. 
No. 4: Make a plan for responding to a data breach and write it down.
Link: http://www.biztechmagazine.com/article/2016/08/4-tips-give-you-greater-network-visibility-and-prepare-you-survive-breach



What’s next for threat intelligence? 
Nearly every security vendor wants to get in on the action and the majority of security operations groups are either being told by their management to get on board with it, or they’ve attended various security conferences and realised they need to add threat intelligence into their security program. 
At some stage, every CISO or SOC manager will be asked by management, concerned about the latest hack: What do you know about it.
How does it affect us.
What are we doing about it? 
A solid threat intelligence strategy provides you with a means of being proactive and ensuring that you’re on top of your cyber security, so that you’re in a position to answer these questions before they are even asked. 
On a network, there are only three things security operators need to deal with; noise, nuisance and threats. 
You need to filter out the noise (blocking it at the perimeter or detecting it and automatically remediating), focus on threats (the real gotchas that can negatively impact shareholder value) and determine if a nuisance is actually noise or a threat and deal with it accordingly. 
An effective threat intelligence platform helps organise the threats and provide the information you need to isolate what really matters. 
Once you are using threat intelligence to improve communications and focus your resources, you can start diving into risk management. 
A threat intelligence platform lets you take a more strategic view of the business critical assets you need to protect, the threats that are targeting these assets and the ways in which they are going about it, and the countermeasures you have in place.
Link: http://www.information-age.com/technology/security/123461937/whats-next-threat-intelligence



RiskSense Selected Best Cyber Risk Management Software of the Year 
SUNNYVALE, Calif. & ALBUQUERQUE, N.M.—(BUSINESS WIRE)—RiskSense® Inc., the pioneer and market leader in pro-active cyber risk management, today announced that the company’s cyber risk management platform was selected Best Cyber Risk Management Software of 2016 in the 8th Annual Security Products Magazine New Product of the Year Awards.
The RiskSense Platform was recognized for its innovations in intelligence-driven cyber risk analytics, which identify threats in near real-time based on business risk criticality across the entire attack surface of an organization, and prioritize closed-loop remediation efforts.
Link: http://www.businesswire.com/news/home/20160826005107/en/RiskSense-Selected-Cyber-Risk-Management-Software-Year



InCommon Enters Proof of Concept for Federated Incident Response 
With InCommon interconnected to the global federation community, participants now have the opportunity to take part in and support policies and standards being developed internationally.
One of the most promising collaborations in this area is the Security Incident Response Trust Framework for Federated Identity (Sirtfi).
Developed by a working group comprising international research, campus, and federation operator community members, this framework and related entity tags for IdPs and SPs serves as a first iteration of a global federated incident response approach. 
This proof of concept will include very scoped support for Sirtfi including:
-  Importing the Sirtfi entity attribute for those international IdPs and SPs that have chosen to adhere to the specification along with importing the REFEDS Security Contact metadata into InCommon metadata from eduGAIN.
-  Adding to the InCommon aggregate and exporting to eduGAIN the REFEDS security contact and the Sirtfi entity attribute on the entity descriptors of the following IdPs:
—    NCSA
—    LIGO
—    The University of Chicago
—  Adding the Sirtif tag to several LIGO SPs
Link: https://spaces.internet2.edu/display/InCCollaborate/2016/08/26/InCommon+Enters+Proof+of+Concept+for+Federated+Incident+Response



AI will help virtualised data containers manage their own security, access control
Although virtualised data 'enclaves' offer the best control over enterprise data now, CISOs will increasingly rely on artificial intelligence (AI) technologies to keep ahead of changing threat exposures as data becomes increasingly “self controlling”, one leading security strategist has predicted. 
Organisations that use virtualised enclaves to contain and segregate enterprise data in mobile devices “are getting the best return on their investment,” Citrix chief security strategist Kurt Roemer told CSO Australia. “By mobilising data in an enterprise container that's treated as a set of project-based enclaves on the mobile device, your enterprise data never leaves your control.
That lets you focus resources on sensitive data and not just on the security technologies and controls that are supposed to apply to everything.” 
AI tools will be essential in “considering the workflows that take into account the different relationships, networks, and boundary conditions that help provide the right level of risk in the organisation,” Roemer said. “When you do that, it often leads you to different conclusions than you get on the network you may have in place right now. 
Fully realising the potential of AI technologies will require a more mature perspective of the technology, he added, noting that most organisations still think of AI primarily as a tool for automating security log analysis. 
Those insights would become more evident as AI tools allowed security monitoring policies to extend to parts of the enterprise that might never normally be visible in the same context.
For example, AI might not only be used to look for anomaly conditions and alert administrators, but to monitor paths of communication between application components and automatically reroute that traffic if an issue is detected. 
These decisions will be adaptable based on the circumstances of access – for example, the location or device used by the person requesting access – and enforced at a highly granular level. “An AI based system will be able to look at intelligence systems, contracts, and business relationships, then decide whether a system should still be accessible and whether someone has the right to share that data or not,” Roemer said, noting that the 'all-access pass' – conventional user ID-and-password gateways – had to evolve. “Access needs to be continually evaluated and contextual,” he explained, “and ultimately data is going to need to be really self-controlling.
All of us change our situations throughout the day and your access needs to be constantly evolving to meet the unique risks of each of those situations.
Eliminating the all-access path is about making the access very specific to the risk that is presented.”
Link: http://www.cso.com.au/article/605831/ai-will-help-virtualised-data-containers-manage-their-own-security-access-control/



Japanese government plans cyber attack institute
The government of Japan will create an institute to train employees to counter cyber attacks.
The institute, which will be operational early next year, will focus on preventing cyber attacks on electrical systems and other infrastructure. 
The training institute, which will operate as part of Japan’s Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyber attacks.
A government source said that the primary aims will be preventing a large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stopping leaks of sensitive power plant designs.
Link: https://thestack.com/security/2016/08/24/japanese-government-plans-cyber-attack-institute/

IT Security News - 2016-08-28

Table of Contents

  • France and Germany urge reform to access encrypted messages
  • The 3 Biggest Mistakes In Cybersecurity
  • What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams
  • Best Practices For Data Center's Physical Security
  • 19% of shoppers would abandon a retailer that’s been hacked
  • Lost and stolen devices account for 1 in 4 breaches in the financial services sector
  • Cybercrime in India up 300% in 3 years: Study
  • Onapsis : Releases SAP Security In-Depth Publication for SAP HANA
  • BeyondTrust Survey Uncovers Growing Disparity Managing Privileged Access
  • How do you measure success when it comes to stopping Phishing attacks?
  • How to secure your remote workers
  • New approach needed to IT, says NIST's top cyber scientist
  • Security Leadership & The Art Of Decision Making
  • FCC proposes 5G cybersecurity requirements, asks for industry advice
  • Traffic, jammed: New report says DDoS attacks are up 211 percent
  • New breed of IT professional
  • ​APAC unprepared for security breaches: FireEye's Mandiant
  • SA’s new cybercrimes law explained
  • Get the Security Budget You Need and Spend It Wisely
  • Data breaches: Different regions, very different impacts
  • Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity
  • Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
  • Got big data? The Cloud Security Alliance offers up 100 best practices
  • Privacy Shield data-transfer agreement now covers 200 companies
  • Security must be top of the manufacturing agenda
  • Security Conferences Abound: Which Should You Attend?
  • Fueling secure technology adoption in banks through a robust cyber security framework[India]
  • The Hidden Dangers Of 'Bring Your Own Body'
  • Vulnerability Spotlight: Multiple DOS Vulnerabilities Within Kaspersky Internet Security Suite
  • Cyberthreats Targeting the Factory Floor
  • Don’t Get Stranded without a Data Security Action Plan



France and Germany urge reform to access encrypted messages
French Interior Minister Bernard Cazeneuve met with his German counterpart, Thomas de Maiziere, on 23 August to discuss anti-terrorism proposals.
Following the meeting, Cazeneuve told the press in Paris that France and Germany will put forward a European initiative to tackle the problem of messaging encryption used by Islamist extremists, to be discussed at the EU summit taking place on 16 September. 
In particular, Cazeneuve said that messaging service operators such as Telegram, which has so far been reluctant to cooperate with the authorities, should be compelled to provide access to encrypted content to terrorism investigations.
The French minister urged the European Commission to pass new legislation targeting encrypted messaging services provided by both EU and non-EU companies, creating the right legal framework to strengthen national security.
Link: http://www.telecompaper.com/news/france-and-germany-urge-reform-to-access-encrypted-messages—1159017?utm_source=headlines_-_english&utm_medium=email&utm_campaign=24-08-2016&utm_content=textlink



The 3 Biggest Mistakes In Cybersecurity 
Everyone, from the small business owner, to senior executives in businesses of every shape and size are confronting a seemingly insurmountable problem: Constant and rising cyber security breaches.
It seems no matter what we do, there is always someone that was hacked, a new vulnerability exploited, and millions of dollars lost.
1) They think cyber security is a technology problem.
2) They follow a cyber security check list once-and-done.
3) They don't have a cyber security awareness training program in place.
Neither structure nor strategy will help if you ignore the most important element in cyber security: People.
In 2016 ISACA published the top three cybersecurity threats facing organizations in that year.
They were, in order: 52% Social Engineering; 40% Insider Threats; 39% Advanced Persistent Threats.
Link: http://www.information-management.com/news/security/the-3-biggest-mistakes-in-cybersecurity-10029583-1.html



What IT Pros Need To Know About Hiring Cyber-Security Hunt Teams 
If your organization doesn't run its own threat analysis center, it may be worth hiring a hunt team to watch your back.
Here's what you need to know. 
At the RSA Conference in 2015, Joshua Stevens, enterprise security architect for HP Security, gave a presentation on hunt team skill sets and on the ways analytics and visualization tools can be used to help identify cyber threats. 
The qualifications cited in the presentation suggest hunt team members should have advanced intrusion detection and malware analysis skills, data science and programming skills, and a creative, analytical mindset. 
If you try to assemble an in-house hunt team, your own personnel may have to work harder to benefit from external incidents.
A vendor handling many clients, however, can apply what it learned from one client to protect its other customers.
Link: http://www.informationweek.com/strategic-cio/security-and-risk-strategy/what-it-pros-need-to-know-about-hiring-cyber-security-hunt-teams/d/d-id/1326602



Best Practices For Data Center's Physical Security
There are several criteria that you need to look into and no wonder what we'll be discussing here is be expensive, time-consuming and resource-intensive. 
- Constructed for ensuring physical protection
construct the exterior (walls, windows, and doors) of materials that provide ballistic protection.
In addition, it must also provide protection on physical grounds, which means that it should have all the physical equipment in place such as barriers to keep invaders from sneaking inside. 
- 24x7 backup powe
- Cages, cabinets and vaults
should be strong and rigid, ensuring the safety of the equipments residing inside. 
- Electronic access-control systems (ACSs) 
- Provisioning process
another practice to provide entry to the facility involves a process that requires providing structured and documented provisioning by the individual requesting to get inside the data center. 
- Fire detection and fire suppression systems
The structures must be hard-wired with alarms backed with fire suppression systems, assuring fire safety. 
- Educate the entire team: Your staff must be educated about security.
Link: http://www.hostreview.com/blog/160823-best-practices-for-data-centers-physical-security



19% of shoppers would abandon a retailer that’s been hacked 
The 2016 KPMG Consumer Loss Barometer report surveyed 448 consumers in the U.S. and found that 19% would abandon a retailer entirely over a hack.
Another 33% said that fears their personal information would be exposed would keep them from shopping at the breached retailer for more than three months. 
The study also looked at 100 cybersecurity executives and found that 55% said they haven't spent money on cybersecurity in the past yearand 42% said their company didn't have a leader in charge of information security. 
The survey results, posted Tuesday online, found that retail and automotive industries were laggards in appointing leaders to assess cyberthreats and opportunities.
The financial services and tech industries were leaders.
Link: http://www.computerworld.com/article/3111447/cybercrime-hacking/19-shoppers-would-abandon-a-retailer-thats-been-hacked.html



Lost and stolen devices account for 1 in 4 breaches in the financial services sector 
Bitglass is a vendor in the cloud access security broker (CASB) space.
What that means is that Bitglass is focused on ensuring organizations utilize strong security tools and processes to keep their data safe.
It's a busy space and one in which being seen as a thought leader is important; hence, Bitglass and its competitors invest lots of effort in creating content that is broadly useful to the industry. 
the report found that leaks within the financial services industry almost doubled between 2014 and 2015, with that increase looking set to continue through 2016.
All of the U.S.'s largest banks have suffered recent leaks, and in the first half of this year alone, five of the top 20 banks in the U.S. disclosed breaches. 
Key findings from the report include:
-  1 in 4 breaches in the financial services sector over the last several years were due to lost or stolen devices; 1 in 5 were the result of hacking.
-  14% of leaks can be attributed to unintended disclosures and 13% to malicious insiders.
-  Five of the nation's 20 largest banks have already suffered data breaches in the first half of 2016.
-  In 2015, 87 breaches were reported in the financial services sector, up from 45 in 2014.
-  In the first half of 2016, 37 banks have already disclosed breaches.
-  Over 60 organizations suffered recurring breaches in the last decade, including most major banks.
-  JP Morgan Chase, the nation's largest bank, has suffered recurring breaches since 2007.
The largest breach event, the result of a cyberattack, was widely publicized in 2014 and affected an estimated 76 million U.S. households.
-  Of the three major credit bureaus, the 2015 Experian leak was the largest, affecting 15 million individuals.
Link: http://www.computerworld.com/article/3109974/security/lost-and-stolen-devices-account-for-1-in-4-breaches-in-the-financial-services-sector.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-08-2



Cybercrime in India up 300% in 3 years: Study 
The study revealed that in the past, the attacks have been mostly initiated from countries like the US, Turkey, China, Brazil, Pakistan, Algeria, Turkey, Europe, and the UAE, adding with growing adoption of internet and smartphones India has emerged as one of the primary targets among cyber criminals.
Attackers can gain control of vital systems such as nuclear plants, railways, transportation or hospitals that can subsequently lead to dire consequences such as power failures, water pollution or floods, disruption of transportation systems and loss of life, noted the study.
In the US alone, there has been an increase of nearly 50 per cent in reported cyber incidents against its critical infrastructure from 2012 to 2015, it said.
The Indian Computer Emergency Response Team has also reported a surge in the number of incidents handled by it with close to 50,000 security incidents in 2015, noted the study titled 'Protecting interconnected systems in the cyber era,'.
Link: http://www.moneycontrol.com/news/current-affairs/cybercrimeindia3003-years-study_7343781.html



Onapsis : Releases SAP Security In-Depth Publication for SAP HANA 
Onapsis, the global experts in business-critical application security, today released SAP HANA System Security Review Part 2.
This publication analyzes SAP HANA Internal Communication Channels, details associated risk, and identifies how to properly audit an SAP HANA system.
As the 13th edition in the SAP Security In-Depth series, SAP HANA System Security Review Part 2 describes how to update the SAP HANA platform, noting new improvements in each Support Package.
Link: http://www.4-traders.com/news/Onapsis-Releases-SAP-Security-In-Depth-Publication-for-SAP-HANA—22946404/



BeyondTrust Survey Uncovers Growing Disparity Managing Privileged Access 
PHOENIX—(BUSINESS WIRE)—BeyondTrust, the leading cyber security company dedicated to preventing privilege misuse and stopping unauthorized access, today unveiled the results of its definitive Privilege Benchmarking Study based on a worldwide survey of IT professionals.
The study demonstrates a widening gulf between organizations that adhere to best practices for privileged access management. 
Top-tier companies were much more likely to have a centralized password management policy – 92 percent of them do, in contrast with just 25 percent of bottom-tier organizations.

Password cycling is also much more common among top-tier businesses; 76 percent of top-tiers frequently have passwords changed, whereas only 14 percent of bottom-tiers do.

Credential management formed another point of distinction, with nearly three-quarters (73 percent) identifying themselves as efficient in this area, compared to 36 percent of the bottom-tier companies.
More than two-thirds of top-tier companies (71 percent) can monitor privileged user sessions, and 88 percent can restrict access with a measure of granularity.

Among bottom-tiers, fewer than half (49 percent) can monitor sessions, and only 37 percent have granular capabilities to restrict access.
Among top-tier organizations, fully 9 out of 10 grant privileges to apps rather than users.
Among bottom-tier companies, this falls to 46 percent.

While it’s vital to evaluate the risks posed by individual apps and systems, only 6 percent of bottom-tier companies have tools that provide this capability – and, shockingly, 52 percent “just know” what the risks are.
Meanwhile, more than half of top-tier companies (57 percent) can make these assessments.

Top-tier companies are also more likely to actually conduct vulnerability assessments; 91 percent do, compared to just 20 percent of bottom-tier organizations.
Link: http://tucson.com/business/beyondtrust-survey-uncovers-growing-disparity-managing-privileged-access/article_f3ad8500-cba2-5169-b47e-cde165ebca04.html



How do you measure success when it comes to stopping Phishing attacks?
Some measured success based on clicks.
As such, if the employees avoid 80-percent of the Phishing emails delivered during an assessment, they see that as a win.
From there, the assessment moves to focusing on the 20-percent that did click links. 
No two Phishing attacks (simulated or real) are alike.
If an employee avoids an obvious scam based on delivery notifications, but later falls for a scam related to financial documents, that's a problem.
Yet, some organizations stop testing those who are successful during a given round of assessment.
This has the potential to create defensive gridlock. 
The general feeling among defenders was that an anti-Phishing "win" was a 10 to 20-percent click rate, meaning that 80 to 90-percent of the Phishing emails that went to the organization (testing or otherwise) were unsuccessful attempts.
In this case, clicks were inclusive of both links and attachments. 
Many also agreed that a layered defensive posture, as well as continuous assessment and training will help lower the impact of Phishing, but it wouldn't prevent it entirely.
Instead, better compromise detection, and improved response times should be part of any anti-Phishing program. 
"The average failure rate (of the client) of a Phishing/spear-Phishing campaign is usually between 60 to 80-percent - a pretty astronomical number.
However, if we carry those metrics through six months down the road after further security awareness training and tuning of technologies (spam filters, etc.); I've seen this number drop by as much as 30-percent," Blow said.
Link: http://www.csoonline.com/article/3110975/techology-business/how-do-you-measure-success-when-it-comes-to-stopping-phishing-attacks.html#tk.rss_dataprotection



How to secure your remote workers
Public wifi is insecure by nature—it requires no authentication to connect to the network, allowing cybercriminals to easily intercept the connection and distribute malware.
Hackers can also spoof public wifis by creating fake access points and mimicking the names of legitimate connections.
If you’re in a coffee shop and the shop’s wifi name is COFFEE_SHOP-WIFI, they might call theirs COFFEE_SHOP_FREE_WIFI.
Users would have no idea they had connected to the wrong one, since they’d be able to browse the Internet with no apparent interference.
Those connecting to rogue access points can have all of their traffic harvested in plain text, including passwords and other sensitive company data. 
With the onus on remote workers to keep their machines updated, there’s a lot of room for error.
Out-of-date software, plugins, and browsers, plus unpatched and unprotected systems leave remote employees even more vulnerable to attack. 
Remote workers with unpatched systems are especially vulnerable to malvertising campaigns and their associated exploit kits, an estimated 70 percent of which drop ransomware payloads these days.
According to a recent survey by Osterman Research, nearly 40 percent of businesses have been victims of a ransomware attack in the last year—and unprotected endpoints are part of the problem. “Part of the reason [that there are so many attacks] is that we have people that are using their own devices, they’re using corporate devices, and also privacy regulations in the U.S. aren’t as strict as in other countries,” says Mike Osterman, President of Osterman Research. “So there’s a lot of information that’s not as protected as it needs to be, a lot of endpoints that aren’t as protected.” 
Here are eight ways that businesses can better secure their remote workers. 
- Switch to cloud-based storage. 
- Encrypt devices, when possible. 
- Create secure connections to the company network. 
- Roll out automatic updates. 
- Use an encrypted email program. 
- Implement good password hygiene. 
- Increase user awareness. 
- Deploy an endpoint security program.
Link: https://blog.malwarebytes.com/101/2016/08/how-to-secure-your-remote-workers/



New approach needed to IT, says NIST's top cyber scientist 
No amount of security software, firewalls or anomaly detection systems can protect an IT infrastructure that's fundamentally insecure and a new approach to computer architecture is required to deal with the looming cybersecurity crisis, the National Institute of Standards and Technology's top computer security scientist told the president's commission on long-term cybersecurity. 
The "only way" to address the looming cybersecurity crisis is "to build more trustworthy secure components and systems," Ron Ross told the Commission on Enhancing National Cybersecurity during a Tuesday meeting in Minneapolis. 
Security, he observed, "does not happen by accident."  Things like safety and reliability needs to be engineered in from the beginning, he argued, comparing the process to the "disciplined and structured approach" used to design structurally sound bridges and safe aircraft. 
This new approach "will require a significant investment of resources and the involvement of essential partnership including government, industry, and the academic community," said Ross, comparing it to the moonshot of the 1960's.
Link: http://fedscoop.com/ron-ross-cybersecurity-comission-august-2016



Security Leadership & The Art Of Decision Making
What a classically-trained guitarist with a Master's Degree in counseling brings to the table as head of cybersecurity and privacy at one of the world's major healthcare organizations. 
Bishop Fox’s Vincent Liu sat down recently with GE Healthcare Cybersecurity and Privacy General Manager Richard Seiersen in a wide-ranging chat about security decision making, how useful threat intelligence is, critical infrastructure, the Internet of Things, and his new book on measuring cybersecurity risk.
We excerpt highlights below.
You can read the full text here. 
Vincent Liu: How has decision making played a part in your role as a security leader? 
Richard Seiersen:  Most prominently, it’s led me to the realization that we have more data than we think and need less than we think when managing risk.
In fact, you can manage risk with nearly zero empirical data.
In my new book “How to Measure Anything in Cybersecurity Risk,” we call this “sparse data analytics.” I also like to refer to it as “small data.” Sparse analytics are the foundation of our security analytics maturity model. 
VL: If you’re starting out as a leader, and you want to be more “decision” or “measurement” oriented, what would be a few first steps down this road? 
RS: Remove the junk that prevents you from answering key questions.
I prefer to circumvent highs, mediums, or lows of any sort, what we call in the book “useless decompositions.” Instead, I try to keep decisions to on-and-off choices.
When you have too much variation, risk can be amplified.
Most readers have probably heard of threat actor capability.
This can be decomposed into things like nation-state, organized crime, etc.
We label these “useless decomposition” when used out of context. 
VL: How useful is threat intelligence, then? 
RS: We have to ask—and not to be mystical here—what threat intelligence means.
If you’re telling me it is an early warning system that lets me know a bad guy is trying to steal my shorts, that’s fine.
It allows me to prepare myself and fortify my defenses (e.g., wear a belt) at a relatively sustainable cost.
What I fear is that most threat intelligence data is probably very expensive, and oftentimes redundant noise. 
VL: Where would you focus your energy then? 
RS: For my money, I would focus on how I design, develop, and deploy products that persist and transmit or manage treasure.
Concentrate on the treasure; the bad guys have their eyes on it, and you should have your eyes directed there, too.
This starts in design, and not enough of us who make products focus enough on design.
Of course, if you are dealing with the integration of legacy “critical infrastructure”-based technology, you don’t always have the tabula rasa of design from scratch.
Link: http://www.darkreading.com/analytics/security-leadership-and-the-art-of-decision-making-/a/d-id/1326716



FCC proposes 5G cybersecurity requirements, asks for industry advice 
The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific “performance requirements” for developers of example internet-connected devices. 
“Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices.
This will place a premium on collaboration among all stakeholders," said FCC Chairman Tom Wheeler during a National Press Club event on June 20. "We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks." 
In addition to a structured security strategy, the FCC’s 5G application process will require organizations to share their ongoing participation in threat intelligence and other data sharing programs — such initiatives include the likes of the Cyber Threat Alliance. 
A quick review of the FCC’s proposed 5G cybersecurity plan shows a six category split, organized by a companies' security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations.
Link: http://fedscoop.com/fcc-proposes-5g-cybersecurity-requirements-asks-for-industry-advice



Traffic, jammed: New report says DDoS attacks are up 211 percent 
Distributed denial of service attacks are on the rise across the globe, as opportunistic Dark Web dealers increasingly sell hacking-as-a-service products, according to a new threat intelligence report compiled by Imperva, a California-based cybersecurity firm. 
The company measured threats faced by its customers during a roughly one-year time period, seeing a 211 percent year-over-year increase in attacks. 
The firm largely attributed this apparent growth to the establishment of several botnet operations — which serve as a platform to automate and increase attack volume — and malicious actors’ ability to access greater bandwidth to help generate and use such weapons.
Dark Web dealers are using these botnets, according to Imperva, to offer more effective cyber tools to would-be customers.
Link: http://fedscoop.com/ddos-attacks-up-211-percent-august-2016



New breed of IT professional 
T professionals are now integral to business decisions and have a much more visible role in protecting sensitive data.
They’re also increasingly expected to manage information privacy when key privacy positions aren’t filled or simply don’t exist. 
T professionals today must translate what they’re seeing in their threat-intelligence and risk-management efforts into business impact. 
IT professionals who think they can fight security and privacy battles alone have already lost the war. 
An open mind and flexible approach can go a long way in helping keep IT professionals relevant in today’s organization. 
An open mind and flexible approach can go a long way in helping keep IT professionals relevant in today’s organization.
Link: http://www.federaltimes.com/articles/new-breed-of-it-professional



​APAC unprepared for security breaches: FireEye's Mandiant 
In its latest report, Mandiant M-Trends Asia Pacific, the cyberforensics firm found that organisations across APAC allowed attackers to dwell in their environments for a median period of 520 days before discovering them—three times the global median of 146 days. 
Mandiant said APAC organisations cannot defend their networks from attackers because they frequently lack basic response processes and plans, threat intelligence, technology, and expertise. 
The report found that APAC was almost exclusively targeted by some attacker tools, with one suspected Chinese threat group, APT30, targeting highly sensitive political, economic, and military information for at least a decade. 
Mandiant said that during its investigations, it found that most organisations depended only on antivirus software to detect malicious persistence mechanisms. 
"Antivirus software is a signature-based technology that cannot detect every malicious event across an entire estate," the company said. 
"To significantly improve, organisations must bring together the technology, threat intelligence, and expertise necessary to quickly detect and respond to cyber attacks."
Link: http://www.zdnet.com/article/apac-unprepared-for-security-breaches-fireeyes-mandiant/



SA’s new cybercrimes law explained 
A new Cybersecurity Bill is coming into effect later this year which aims to stop cybercrime and improve security for South Africans.
SEAN DUFFY, Security Executive at Dimension Data Middle East & Africa, explains the basics of the bill. 
The Cybercrimes Bill affects everyone using a computer or the Internet, or anyone who owns an information infrastructure that could be declared critical.
Among others, the following individuals and organisations should take note: ordinary South African citizens or employees using the Internet, network service providers, providers of software and hardware tools, financial services providers (the Bill includes prohibited financial transactions), representatives from government departments, those involved with IT regulatory compliance, as well as information security experts. 
The Cybercrimes Bill consolidates South Africa’s cybercrime laws, which makes successful prosecution of criminals more likely.
Up until now, cyber offences were charged under various acts, among others the Prevention of Organised Crime Act, and the Electronic Communications and Transactions (ECT) Act of 2002.
The ECT Act seemed to govern most online crime, but only included three cybercrime offences. 
Penalties on conviction are quite severe.
Penalties include fines of R 1 – R 10 million and imprisonment of one to ten years, depending on the severity of the offence.
The nature of the crime determines the penalty. 
Incidents will happen, but it’s how an organisation responds that matters.
Government is working on establishing a legal mechanism for anyone to defend themselves against cybercrime.
However, organisations need to be more proactive in their security through the use of services such incident response plans, real-time threat management, vulnerability management and managed security services.
Link: http://www.gadget.co.za/sas-new-cybercrimes-law-explained/



Get the Security Budget You Need and Spend It Wisely 
It’s challenging for a CISO to get budget for cybersecurity.
Your board of directors really wants to spend that IT money on projects and solutions that will expand the business and bring in more revenue.
That’s what your shareholders value. 
As breaches become more commonplace, your colleagues and customers become desensitized to the potential impact of a breach, which can downgrade their sense of urgency to protect assets in advance.
New CISOs sometimes report being given no security budget at all. 
So how do you show that there is value in investing in cybersecurity and justify a proper security budget.
There isn’t an ROI in the way that most company accountants understand it.
Much of the time you have to rely on your experience and judgment, as well as the competing claims of security vendors — none of which helps you build a compelling case when you are being asked to assess the return on the investment and tell the board members why they should spend their money on your security budget. 
A team of researchers at the Robert H.
Smith Business School at the University of Maryland developed and refined an economics-based model to help businesses with this exact problem. 
The researchers produced an informative video to show the basics of the model and their research findings.
The video distills years of research into a four-step process to help you determine where your security budget is best spent.
The basic principles are similar to those proposed by many experienced security consultants — with some key refinements. 
First, classify your assets by value in terms of cost of a potential breach as well as vulnerability to a breach.
Then, estimate the degree to which the solution in question will reduce the likelihood of a breach.
Some simple statistics then show you how to maximize the return on your cybersecurity investment. 
Surprisingly, it’s not always best to set out to protect your most obvious assets.
Sometimes the costs of fully protecting the most vulnerable assets are impractically high.
From a business return standpoint, you may be better off protecting a larger number of less vulnerable assets. 
The researchers used their model against real-life scenarios and found that, for most use cases, your cybersecurity budget should not exceed 37 percent of the expected losses due to a security breach.
This is the point at which the costs usually (but not always) start to outweigh the expected benefits. 
The beauty of the Gordon-Loeb model is that it gives you a framework to derive costs versus benefits for different levels of investment.
They are clear that there are use cases where it does not apply, however: For example, in a case where the breach of an asset would lead to catastrophic loss. 
No model should be relied upon prescriptively, but going through the modeling exercise when you assess your security risk should at least help you review and refine your thinking.
Link: https://securityintelligence.com/get-the-security-budget-you-need-and-spend-it-wisely/



Data breaches: Different regions, very different impacts 
A Deloitte report on the business impact of a cyber attack recently showed that 89% of the impact of a breach comes from three factors: 

Value of lost contract revenue;
Devaluation of trade name; and
Lost value of customer relationships.
It is important to note that these factors look quite different from an EU perspective.
Most EU companies are not currently required to notify regulators or customers after a data breach, as opposed to the US, where 47 out of 50 states have mandatory notification laws.
As a result, several main impacts (which are felt heavily in the US) are either non-existent or less visible in the EU, including: 
- Cost
- Scrutiny
- Pressure
As a result of these differences, EU companies are less incentivised to improve cyber security.
The EU market for cyber insurance is consequently less mature than in the US – where products have been developed to transfer the costs of business disruption, customer notification, and identity theft protection. 
However, this situation will change over the next two years, as the EU General Data Protection Regulation (GDPR) and Network and the Information Security (NIS) directives come into force in mid-2018.
Both pieces of legislation will increase the number of companies and sectors that will have to report breaches to their national regulator – and possibly to customers – within 72 hours (GDPR) or without “undue delay” (NIS Directive) depending on the severity of the breach.
Link: http://www.computerweekly.com/opinion/Data-breaches-Different-regions-very-different-impacts



Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity 
On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. 
According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an attacker infiltrated the e-retailer’s website.
Nearly one year later, the e-retailer’s merchant bank notified it that fraudulent charges were appearing on customers’ credit card accounts.
The e-retailer then hired a cybersecurity firm to conduct a forensic investigation, and the malware was discovered and removed from the e-retailer’s website. 
Besides the obvious lesson of complying with state data breach notification laws where applicable, the other important lesson is that companies must carefully evaluate how they market the privacy and security of their e-commerce platforms.
Federal and state agencies, like the Federal Trade Commission (FTC) and state attorneys general, have increased their scrutiny of companies’ privacy and cybersecurity representations.
Regulators will also scrutinize companies’ actual cybersecurity practices.
The FTC has offered some practical advice to guide companies in this regard, some of which we have previously discussed here and here.
Bottom line: Companies should prioritize cybersecurity and treat it as an investment rather than a cost.
Link: http://www.lexology.com/library/detail.aspx?g=023110ea-5bc9-4023-9c1f-4cb67dd87aaa



Global Cost of Cybercrime Predicted to Hit $6 Trillion Annually By 2021, Study Says
A report out by Cybersecurity Ventures predicts global annual cybercrime costs will grow to $6 trillion by 2021. 
While a $6 trillion estimate might be a little high, “a trillion dollars plus is a real possibility,” says Larry Ponemon, chairman and founder of the Ponemon Institute.
Though this isn’t a number he saw coming down the pipeline. “If you asked me five or six years ago, I’d fall over,” he says.   
The predicted cybercrime cost takes into account all damages associated with cybercrime including: damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
It does not include the cost incurred for unreported crimes. 
The Cybersecurty Ventures report, which is a compilation of cybercrime statistics from the last year, also predicts that the world’s cyberattack surface will grow an order of magnitude larger between now and 2021.
Link: http://www.darkreading.com/attacks-breaches/global-cost-of-cybercrime-predicted-to-hit-%246-trillion-annually-by-2021-study-says/d/d-id/1326742



Got big data? The Cloud Security Alliance offers up 100 best practices 
For companies working with distributed programming frameworks such as Apache Hadoop, for example, the CSA recommends using Kerberos authentication or an equivalent to help establish trust. 
Companies that use nonrelational data stores such as NoSQL databases, meanwhile, are hampered by the fact that such products typically include few robust embedded security features, the report's authors say.
For that reason, they suggest using strong encryption methods such as the Advanced Encryption Standard (AES), RSA, or Secure Hash Algorithm 2 (SHA-256) for data at rest. 
Also included in the report are suggestions for real-time security and compliance monitoring, privacy-preserving analytics, data provenance, cryptographic techniques, and more.
The handbook is now available as a free download. 
Market researcher Gartner, meanwhile, predicts that the improper use of big data analytics will cause half of all business to experience ethics violations by 2018.
Link: http://www.computerworld.com/article/3113127/security/got-big-data-the-cloud-security-alliance-offers-up-100-best-practices.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-08-26&idg_eid=d5d83



Privacy Shield data-transfer agreement now covers 200 companies 
Companies must register with the International Trade Administration of the U.S.
Department of Commerce to be covered.
It's a self-certification process, so the ITA is only checking that the forms are filled in correctly, not that companies are necessarily complying with all 13,894 words of the rules.
The Privacy Shield rules are needed to ensure that EU citizens' personal information is afforded the same legal protection in the U.S. as required under EU law. 
There are now 200 companies standing behind Privacy Shield, the framework agreement allowing businesses to process the personal information of European Union citizens on servers in the U.S. 
Some 5,534 organizations signed up to Safe Harbor before the court ruling came, with the certification status still listed as "current" for 3,375 of them.
Link: http://www.computerworld.com/article/3112576/internet/privacy-shield-data-transfer-agreement-now-covers-200-companies.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-08-26&idg_eid=d5d8326c323



Security must be top of the manufacturing agenda 
In order for manufacturers to be fully prepared, embedding security within manufacturing technology at the point of origin and ensuring end-user environments are as secure as possible would be the most effective methods to ensure such vulnerabilities are significantly mitigated.
As these systems have been traditionally isolated from office network environments and the internet through air-gapping, it is evident that industrial hardware and software was not designed with security in mind, rather, it was intended to function within a closed environment. 
Within modern industries, however, we see an increased demand for real time data and remote access services.
Previously separate systems are now interconnected with other company networks, exposing the hardware, services and protocols to attackers.
The popularity of WirelessHART products show a significant shift among manufacturers to integrate and utilise networked technology to increase efficiencies within their businesses.
The benefits of this technology are undeniable, allowing manufacturers with legacy systems to swiftly and cheaply upgrade their existing systems to a level of productivity arguably comparable to fully digital environments. 
For a business to fully secure its industrial environment, the education of staff on security best practices must become an essential element of day-to-day activities.
A focussed approach to training and awareness enables staff to better understand the threats that affect their work environments – it is therefore essential for all personnel to fully understand the security risks relevant to their duties, thus minimising the risks associated with a successful cyber-attack.
Link: https://www.theengineer.co.uk/security-must-be-top-of-the-manufacturing-agenda/



Security Conferences Abound: Which Should You Attend? 
There is normally a hiatus in security conferences between September and February that allows those of us who have been drinking from the fire hose to stop and take a breath.
This breathing space permits us to implement, adjust, engage and otherwise ensure we are where we need to be with respect to securing our data, our clients’ data and our customers’ data.
The hiatus also gives us the opportunity to decide which security conferences will give us the biggest bang for our buck in terms of education and industry awareness in the coming year. 
ShmooCon 2017 is a three-day security conference taking place in Washington, D.C. in January 2017.
The format lends itself to those engaged in maintaining and breaking cybersecurity devices, network and appliances. 
The Cyber Threat Intelligence Summit is a two-day security conference hosted by the SANS Institute in Arlington, Virginia.
Four days of training seminars and classes will precede the conference in late January 2017. 
The RSA Conference is the largest of all the security conferences, to be held in San Francisco in mid-February 2017.
In the run up to the conference, we will see major vendors release a plethora of new studies and product announcements.
Then there’s a multitude of agnostic and vendor-driven training forums.
Many will find the enormous expo areas an excellent means by which to learn about solutions from vendors and receive some introductory training on these tools. 
The International Association of Privacy Professionals (IAPP) hosts a variety of global conferences focused on educating attendees on the broad topic of privacy. 
InterConnect is IBM’s premier annual conference for security, cloud and mobile.
The 2017 event is scheduled for mid-March in Las Vegas and will once again feature more than 2,000 sessions, ranging from deep-dive technical demonstrations to business content to hands-on labs and workshops. 
InfoSec World is a security conference and expo scheduled to take place in ChampionsGate, Florida, in April 2017.
The conference will feature security practitioners who speak from experience on the real-world challenges companies are facing today. 
The international Forum of Incident Response and Security Teams (FIRST) Conference will take place in San Juan, Puerto Rico, in June 2017.
Those involved in incident response at the national, local or enterprise level will benefit from attending. 
The Black Hat security conferences are held in Las Vegas each summer and elsewhere in the world (in Asia and Europe) at varying times.
According to the organizers, more than two-thirds of attendees are information security professionals with the CISSP distinction.
The conference is light on vendor displays and heavy on practical demonstrations of new exploits and discoveries, so it’s definitely a worthwhile event for security professionals and those IT workers on the ground. 
DEF CON takes place annually in Las Vegas, and the next conference will occur in late July 2017.
The organizers bill the conference as “the hacking conference,” and past attendees will certainly attest to the veracity of this claim. 
While the aforementioned security conferences are by no means all-inclusive, they are always on this writer’s calendar for consideration.
They should be on yours as well.
Link: https://securityintelligence.com/security-conferences-abound-which-should-you-attend/



Fueling secure technology adoption in banks through a robust cyber security framework[India] 
The threat landscape is evolving and in light of increased adoption of technology by banks as a part of the country’s move towards a cashless economy, Reserve Bank of India (RBI) has recently mandated the creation of a Cyber Security Framework to fortify the security postures at banks.
Banks are now mandated to formulate a Cyber Crisis Management Plan (CCMP) which will address the aspects of detection, response, recovery and containment. 
Security is becoming a part of boardroom agenda across organizations and as rightly recognized by RBI, security should not be an IT-only concern.
Reiterating the key role of the CISO in bridging business needs with IT needs, cybersecurity policies should be distinct from an organization’s broader IT policy specifically highlighting the risks from cyber threats and the measures for mitigation. 
The information centric model should include envisioning the information infrastructure, information intelligence, and information governance. 
Following the advisory by RBI, banks have undergone gap assessments as the initial step and would have submitted the analysis by July 31.
The roadmap to achieve an all-inclusive cybersecurity infrastructure is going to be perplexing where banks will face challenges pertaining to implementation, costs, investments, organizational arrangements and so on.
However, the goal once achieved, will be a huge leap towards a robust, secure banking ecosystem.
Link: http://cio.economictimes.indiatimes.com/tech-talk/fueling-secure-technology-adoption-in-banks-through-a-robust-cyber-security-framework/1748



The Hidden Dangers Of 'Bring Your Own Body'
1) Who, exactly, has ownership of this data?
2) How should the business manage this data? 
There may not be that much biometric data currently in the average enterprise, but its use is on the rise.
Both the private and public sectors probably (and legally) have some of your biometric data right now.
If you’ve ever worked for a government-affiliated organization and achieved any type of security clearance, it has your fingerprint data.
If you have a US driver’s license —even if you have no criminal record—there’s a good chance that the FBI is already analyzing your photo for a facial-recognition database.
The information that HR departments handle on a regular basis—Social Security numbers, home addresses, health insurance details, tax information, etc.—all pose threats to privacy and security that are practically incomparable to traditionally stolen data types such as credit card numbers. 
The key objective for the immediate future is to determine what’s within the realm of control, and how security can be strengthened for the locations where there is most likely to be sensitive items.
This relatively simple task today will be important for the future, regardless of how common biometric data becomes in business.
Link: http://www.darkreading.com/endpoint/the-hidden-dangers-of-bring-your-own-body/a/d-id/1326703



Vulnerability Spotlight: Multiple DOS Vulnerabilities Within Kaspersky Internet Security Suite 
Talos has discovered multiple vulnerabilities in Kaspersky’s Internet Security product which can be used by an attacker to cause a local denial of service attack or to leak memory from any machine running Kaspersky Internet Security software. 
The vulnerabilities affect Kaspersky Internet Security 16.0.0, KLIF driver version 10.0.0.1532, but may affect other versions of the software too.
Since anti-virus software runs with low level privileges on any system, vulnerabilities in these software are potentially very interesting for attackers.
Although these vulnerabilities are not particularly severe, administrators should be aware that security systems can be used by threat actors as part of an attack, and keep such systems fully patched. 
Vulnerabilities discovered by Piotr Bania and Marcin ‘Icewall’ Noga of Cisco Talos.
Link: https://blogs.cisco.com/security/talos/vulnerability-spotlight-multiple-dos-vulnerabilities-within-kaspersky-internet-security-suite



Cyberthreats Targeting the Factory Floor 
Cyberattacks targeting manufacturing companies are on the rise, according to a recent report from IBM X-Force Research’s 2016 Cyber Security Intelligence Index.
The report noted that the sector is the second most-attacked industry behind healthcare.
Automotive manufacturers were the top targets for criminals, accounting for almost 30% of all cyberattacks in 2015, while chemical companies were attackers’ second-favorite targets. 
Most manufacturing companies are behind the curve on security.
The Sikich report noted that only 33% of the manufacturers it surveyed were performing annual penetration testing within their IT groups.
When it comes to ICS networks even less is being done to secure them.
Because of lax security standards, manufacturers are leaving themselves exposed at every point of their networks. 
One of the biggest security challenges manufacturers face is dealing with the variety of different communication protocols used in ICS networks. 
Standard data plane protocols like Modbus and DNP3 are used by HMI/SCADA/DCS applications to communicate physical measurements and process parameters such as current temperature, current pressure, valve status, etc. 
Meanwhile, the control plane protocols — which are used to configure automation controllers, update their logic, make code changes, download firmware, etc. — are proprietary and vendor-specific.
Each vendor uses its own implementation of the IEC-61131 Standard for Programmable Controllers.
These implementations are rarely documented, making it very difficult to monitor critical activities. 
Contrary to popular belief, this is not extremely difficult.
Once inside the network, an attacker can easily download control logic to an industrial controller or change its configuration.
Since these actions are executed using proprietary vendor-specific protocols, there is no standard way to monitor these control plane activities.
As a result, changes made by an attacker can go unnoticed until damage starts to occur. 
Gaining visibility into ICS networks is the first step in being able to protect them from cyberthreats.
Discovering all assets, especially industrial controllers, is critical.
This includes maintaining a reliable inventory of configurations, logic, code and firmware versions for each controller.
Link: http://www.industryweek.com/information-technology/cyberthreats-targeting-factory-floor



Don’t Get Stranded without a Data Security Action Plan 
Navigating this increasingly complex maze of requirements from different states while simultaneously combatting data breaches is not an easy task.
That’s why it’s critical for healthcare providers to prepare a comprehensive data security action plan by following these five steps: 
1) Benchmark to identify vulnerabilities
2) Adopt a consistent security posture
3) Evaluate and manage third-party relationships
4) Gain a full understanding of all state and federal regulations
5) Implement a communications strategy to protect your reputation
Link: http://www.healthcare-informatics.com/article/cybersecurity/don-t-get-stranded-without-data-security-action-plan

Wednesday, July 27, 2016

IT Security News - 2016-07-27

Table of Contents

  • ​Australian firms face growing cyber litigation threat
  • As Biometric Scanning Use Grows, So Does Security Risk
  • Researchers Struggle to Determine True Cost of Data Breaches
  • Here are the key security features arriving with Windows 10 next week
  • Senate body approves controversial cyber-crime bill [ISLAMABAD]
  • Ransomware 2.0 is around the corner and it's a massive threat to the enterprise
  • Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs
  • The rise in cyber attacks shows we need to change the way we think about crime
  • Nonprofit cybersecurity key to serving community responsibly, experts say
  • Changing security situation, deeply convinced practicing the new security concept [auto translated - so text is challenging]
  • The Cost of a Data Breach in India: What You Need to Know
  • WinMagic survey finds 23% of businesses claim to stop a data breach a day
  • The Information Security Leader, Part 4: Three Persistent Challenges for CISOs
  • Debunking the common myths of Data Loss Prevention (DLP)
  • Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye
  • Enhancing cyber security by implementing a robust threat and vulnerability management program



​Australian firms face growing cyber litigation threat
Australian companies face ‘US levels’ of litigation if they fail to prepare for mandatory data breach reporting requirements which are likely to come into effect this year, a lawyer has warned. 
Speaking in Sydney, Adam Salter, a partner at law firm Jones Day’s cybersecurity, privacy and data protection practice, said companies not adequately prepared are at greater risk of being sued by their corporate customers.
Litigation would be initiated for breach of privacy obligations embedded in customer contracts and by consumer customers, he said. 
Salter based his view on the firm’s experience in other jurisdictions – such as the US and European Union – that have introduced mandatory data breach notification laws. 
Salter said Australian businesses should regularly review and strengthen their IT and data security systems, policies and procedures and prepare for how they would report a potential data breach to authorities and customers.
Link: http://www.cio.com.au/article/603956/australian-firms-face-growing-cyber-litigation-threat/



As Biometric Scanning Use Grows, So Does Security Risk 
The use of biometrics has exploded in recent years, with companies ranging from 24-Hour Fitness to NYU Langone Medical Center using this convenient technology to identify their customers. 
By 2019, biometrics are expected to be a 25-billion-dollar industry with more than 500 million biometric scanners in use around the world, according to Marc Goodman, an advisor to Interpol and the FBI.
Newest to the scene, Wells Fargo this fall will begin offering a smartphone app with biometric authentication for corporate customers — making all their financial information just an eye scan away. 
But there have already been cases of biometric hacking on a large scale.
An estimated 22 million people had their personal data stolen in a massive data breach at the Office of Personnel Management in December 2014, including RAND privacy expert and mother of two Rebecca Balebako.
She received a letter from OPM last year informing her that her personal information, including her ten fingerprints, were stolen in the breach. 
As biometric technology grows more personal and more widespread, so too do the risks to personal privacy.
Link: http://www.nbcnews.com/tech/tech-news/biometric-scanning-use-grows-so-do-security-risks-n593161



Researchers Struggle to Determine True Cost of Data Breaches 
Depending on the estimate, the average data breach can cost a company $7 million or $150 million.
Why are data breach costs so difficult to estimate? 
In May, tucked away in its quarterly filing to the Securities and Exchange Commission, retail giant Target updated its running total of the cost of its 2013 holiday season breach. 
While the retail giant may have outdone its peers with the bill for its breach, it is hardly alone.
U.K. mobile service provider TalkTalk attributed more than $80 million in losses to a breach that garnered information on 157,000 customers.
Following its breach in 2014, Home Depot tallied at least $161 million in costs from the loss of 40 million payment-card accounts and more than 50 million e-mail addresses, the company claimed in March. 
Yet, other companies have no idea how much damage their breaches have done.
In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.
More than a year later, the company cannot put a number to its damages. 
Yet, other companies have no idea how much damage their breaches have done.
In February 2015, for example, hackers stole more than 80 million records from health insurer Anthem.
More than a year later, the company cannot put a number to its damages. 
A more modest estimate, from the Ponemon Institute's “2016 Cost of Cybercrime” report, found that the average company could expect a $4 million loss per breach incident today.
U.S. companies have consistently higher losses, including an average breach cost of $7 million and an average per-capita breach cost of $221.
U.S. companies and organizations also encountered higher costs from the loss of customers, the report stated. 
Having a well-trained incident response team and extensively using encryption were the two strategies that most decreased the cost of data breaches, while the involvement of a third party in the data breach and a company’s use of an extensive cloud infrastructure were the two factors that most increased costs, according to the “2016 Cost of Cybercrime” report. 
The disagreement between approaches is par for the course in data-breach calculations.
In a paper comparing six data-breach cost calculators, two Colorado State University researchers found that each approach made different assumptions and arrived at different per-record costs for data breaches. (Three of the calculators were created in conjunction with the Ponemon Institute and three different sponsors.)
Link: http://www.eweek.com/security/researchers-struggle-to-determine-true-cost-of-data-breaches.html



Here are the key security features arriving with Windows 10 next week 
The new functionality aims to help IT departments protect their companies before and after a breach
Windows Information Protection aims to make it possible for organizations to compartmentalize business and personal data on the same device.
It comes alongside the general release of Windows Defender Advanced Threat Protection, a system that uses machine learning and Microsoft's cloud to better protect businesses after their security has been breached. 
Using Windows Information Protection, companies can encrypt their data on employee devices using keys that are controlled by IT. 
Companies can also set policies about which applications can be used to handle business data, so users can't live-tweet the content of a company's HR system, for example. 
For businesses to use Windows Information Protection, they'll need a Windows 10 Enterprise E3 subscription, which costs $7 per user per month. 
Windows Defender ATP requires a company be subscribed to the more expensive Windows 10 Enterprise E5 service, which is meant for companies looking for premium Windows 10 add-on features.
Link: http://www.computerworld.com/article/3100025/security/here-are-the-key-security-features-arriving-with-windows-10-next-week.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d83



Senate body approves controversial cyber-crime bill [ISLAMABAD] 
ISLAMABAD: A Senate panel on Tuesday approved the controversial Prevention of Electronics Crimes Bill 2015. 
The bill, which has already been approved by the National Assembly, will now be put up for discussion in the Senate, which must approve it before it can be signed into law by the president. 
Salient features of bill

Up to seven years imprisonment, Rs10 million fine or both for hate speech, or trying to create disputes and spread hatred on the basis of religion or sectarianism
Up to three years imprisonment and Rs0.5 million fine or both for cheating others through internet
Up to five year imprisonment, Rs5 million fine or both for transferring or copying of sensitive basic information
Up to seven years imprisonment and Rs0.5 million fine or both for uploading obscene photos of children
Up to Rs50 thousand fine for sending messages irritating to others or for marketing purposes.
If the crime is repeated, the punishment would be three months imprisonment and a fine of up to Rs1 million
Up to three year imprisonment and a fine of up to Rs0.5 million for creating a website for negative purposes
Up to one year imprisonment or a fine of up to Rs1 million for forcing an individual for immoral activity, or publishing an individual’s picture without consent, sending obscene messages or unnecessary cyber interference
Up to seven year imprisonment, a fine of Rs10 million or both for interfering in sensitive data information systems
Three month imprisonment or a Rs50 thousand fine or both for accessing unauthorised data
Three year imprisonment and a fine of up to Rs5 million for obtaining information about an individual’s identification, selling the information or retaining it with self
Up to three year imprisonment and a fine of up to Rs0.5 million for issuing a SIM card in an unauthorised manner
Up to three year imprisonment and fine of up to Rs1 million rupees for making changes in a wireless set or a cell phone
Up to three year imprisonment and a fine of up to Rs1 million for spreading misinformation about an individual
Up to three years imprisonment and fine of up to Rs1 million for misusing internet
Link: http://www.dawn.com/news/1273324/senate-body-approves-controversial-cyber-crime-bill



Ransomware 2.0 is around the corner and it's a massive threat to the enterprise 
"The landscape is simple.
Attackers can move at will.
They're shifting their tactics all the time.
Defenders have a number of processes they have to go through," said Jason Brvenik, principal engineer with Cisco's security business group, discussing the Cisco 2016 Midyear Cybersecurity Report. 
Cisco used data from its customers to create the report, since there are more than 16 billion web requests that go through the Cisco system daily, with nearly 20 billion threats blocked daily, and with more than 1.5 million unique malware samples daily, which works out to 17 new pieces of malware every second, Brvenik said. 
The next step in the evolution of malware will be ransomware 2.0, which Brvenik said "will start replicating on its own and demand higher ransoms.
You'll come in Monday morning and 30% of your machines and 50% of your servers will be encrypted.
That's really a nightmare scenario." 
Self-propagating ransomware will be the next step to create ransomware 2.0, and companies need to take steps to prepare and protect their company's network, Brvenik said. 
New modular strains of ransomware will be able to quickly switch tactics to maximize efficiency.
For example, future ransomware attacks will evade detection by being able to limit CPU usage and refrain from command-and-control actions.
These new ransomware strains will spread faster and self-replicate within organizations before coordinating ransom activities, according to the report. 
Brevik noted that the nature of the attack is also likely to change, focusing on service-oriented technologies and systems, with teams ready to attack and try to compromise systems.
Advertising is a viable model for attack. 
"We saw a 300% increase in the use of HTTPS with malware over the past four months.
Ad injection is the biggest contributor.
Adversaries are using HTTPS traffic to expand time to operate.
That's the attacker opportunity as it exists today," he said.
Link: http://www.techrepublic.com/article/ransomware-2-0-is-around-the-corner-and-its-a-massive-threat-to-the-enterprise/?ftag=TRE684d531&bhid=21487072891631060763005914609462



Security Current Launches eBook on Phishing and Malware in Ongoing Series for CISOs
TENAFLY, N.J., July 26, 2016 /PRNewswire/—Security Current, an information and collaboration community by CISOs for CISOs, today announced the release of its latest ebook, A CISOs Guide to Phishing and Malware by Joel Rosenblatt, which now is publicly available.
The ongoing Security Current ebook series, A CISO's Guide to… provides insights and guidance on key issues facing today's CISO from a CISO's perspective. 
In this ebook, Rosenblatt, director of information security for Columbia University, explores real-world examples of advanced targeted attacks via email and social media, demonstrating how these evolving threats are increasing an organization's business risks.
More specifically, he explores attack vectors such as email that are being exploited as never before.
Link: http://www.prnewswire.com/news-releases/security-current-launches-ebook-on-phishing-and-malware-in-ongoing-series-for-cisos-300303829.html



The rise in cyber attacks shows we need to change the way we think about crime 
You are now 20 times more likely to have your money stolen online by a criminal overseas than by a pickpocket or mugger in the street, according to recent figures from the Office for National Statistics.
The figures, revealed that almost 6m fraud and cyber crimes were committed in the past year in England and Wales alone – making it now the most common type of crime experienced by adults in the UK.
The average frontline police officer also needs to be able to think about the digital crime scene as well as, or instead of, the physical one.
Being able to respond and investigate criminal cyber activity should no longer be the domain of police specialists – because, as the evidence shows, victims are more likely to suffer a cyber criminal act than any other form of crime.
Beyond law enforcement, society must think about the role of the private sector and their duty of care.
Everyone online is sitting on an internet service provider's network, which effectively owns the digital land upon which we have set up our digital lives.
In the physical world, landlords renting a property have a duty of care to the safety of their tenants, so surely it makes sense for our digital landlords to be held to the same standards.
To respond effectively we need to look at the data gathered on the nature of these crimes – to understand how cyber crimes occur, and who is most at risk.
In the long run, this will make it easier for law enforcement to work out how to tackle these cases.
But this must be done in a sensible and measured way, as the situation is likely to appear to get worse before it gets better as people become more aware of what these crimes are and how to report them.
Similarly organisations, such as the ONS and the City of London Police, will get better at recording cyber crime – causing the figures to go up again.
For now though, these new figures make it clear that cyber crime must become a significant priority for the police and crime commissioners up and down the country.
Link: http://phys.org/news/2016-07-cyber-crime.html



Nonprofit cybersecurity key to serving community responsibly, experts say 
Regardless of size or resources, nonprofits must keep cybersecurity top of mind. 
Regardless of size or resources, nonprofits must keep cybersecurity top of mind. 
Puckett has made cybersecurity a top priority for the foundation.
One of a nonprofit’s biggest risk areas is “reputation,” she said, and a breach of any kind can seriously compromise the trust a community places in an organization. 
“Nonprofits rely extremely heavily on their I.T. vendors,” she said. “ I know why — because they don’t know what they don’t know — but nonprofits need to become informed with some of the basics so that they at least know the questions to ask.
If they don’t know those questions, they need to reach out to resources that are available all over.” 
One of those resources is the West Michigan Cyber Security Consortium (WMCSC), a free-to-join group of more than 250 local businesses and organizations sharing best practices for remaining secure.
WMCSC is working with Trivalent Group Inc., the Better Business Bureau and the Michigan Small Business Development Center to host the third annual Michigan Cyber Security Conference on Oct. 5. 
Puckett said her organization performs multiple security audits throughout the year.
One audit reviews the foundation’s internal controls, such as password requirements, lockout policies, firewalls, two-factor authentication, etc.
Another audit involves a penetration test, in which a third-party consultant attempts to hack into the network to look for any weaknesses the foundation could patch up. 
The single most important issue to address, however, is employee education, sources said.
Considering how effective most of the modern security systems are, an uninformed or careless employee is actually the most likely cause of infiltration, according to Puckett.
That’s why she sends out monthly security awareness letters, as well as occasional phishing tests to see if employees will fall for the common password-stealing scam.
Even going to the wrong website can have disastrous results. 
For Goodwill, protecting the information of “the people we serve” is top priority, Wallace said.
Through various programs, such as career and health care services, Goodwill has access to many of its participants’ personal information.
As such, the Health Insurance Portability and Accountability Act (HIPAA) plays a large part in the organization’s security policies.
As one “very small example,” Wallace said that neither job coaches nor any other employees are allowed in any way to interact on social media with program participants. 
“It doesn’t matter what size you are,” Wallace said. “It’s important for any nonprofit that has private information about individuals.
You owe it to the people you’re serving.”
Link: https://mibiz.com/news/nonprofit-business/item/23843-nonprofit-cybersecurity-key-to-serving-community-responsibly,-experts-say



Changing security situation, deeply convinced practicing the new security concept [auto translated - so text is challenging] 
As China's first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.
By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share. 

In recent years, emerging security events to promote the development of the network security market, the number of network security vendors continue to increase, the structural safety of the product are continuously enriched, market size and network security investment constantly increasing.
As China's first sales of over one billion yuan veteran security vendors in the security market, deeply convinced annual earnings growth of 30%.
By 2015, sales are deeply convinced of a breakthrough 1.6 billion in security virtualization and variety of products continued to maintain market share.
The changing face of the Internet and the escalating threat, as well as fierce competition in the market, deeply convinced of the safety concept to practice what is it.
Faced with ever-changing network security situation, the urgent need to change in response to changes in the security environment and IT attacks occurred.
Security is not safe or is it the product of a pile of security services, but an ability. 
First of all, the visual is security.
Know thyself only know yourself, see the security necessary capacity of enterprises.
Only through their own lack of understanding, to see to understand the security situation, in order to identify threats and targeted for construction safety. 
Second, companies need to continue the detection of risks, and respond quickly.
There is no perfect thing, there is no hundred percent security.
Faced advanced targeted attacks (APT), we can not completely prevent the control of an attacker in, effective approach is to control their behavior to avoid further attacks and destruction. 
inally, secure delivery should be easy to use.
First, because of the ability to secure corporate security managers have become increasingly demanding, they need only to understand the network but also to understand the application, it is necessary to understand the technology, but also need to know the laws and regulations in order to guarantee effective lines of business, operations process security; and second, because the security management becomes complex, the need for information assets, to track human behavior, security risk management, and timely elimination of security risks. 
To achieve safe optionally starting from the following three points: First, more visual elements.
The elements of user behavior, assets and other visual analysis, to find the point of risk, and in a timely manner for safe disposal.
The second point, bypassing behavior defense system visualization.
Mainly involving sensitive information, external links, abnormal traffic.
Third, in order to render the management perspective.
To make it easier to understand the risks and effective security management, security required from a management perspective will be visualized presentation. 
In continuous testing, the need for the event has occurred, unknown threats, as well as loopholes in the system for continuous detection by detecting the terminal, abnormal behavior of the server, to detect unknown threats and new threats, detect new vulnerabilities because the system updates frequently generated, and ultimately quickly issued a policy based on test results, narrow the scope of the threat, quickly fix vulnerabilities. 
In this regard, deep convinced technology from the server security, endpoint security, security cloud platform to form a continuous integral detection technology architecture that provides detection of unknown threats, cloud scanning, cloud testing and other testing services continued. 
Simple secure delivery of on-line needs easier deployment, simpler daily operation and maintenance.
Infrastructure Security delivery need to simplify the integration of security functions as possible, and in an integrated strategy deployed on the front line of safety testing, simplify policy deployment;
Link: http://news.securemymind.com/2016072624304.html



The Cost of a Data Breach in India: What You Need to Know 
IBM and Ponemon Institute recently released the “2016 Cost of Data Breach Study: India,” the annual benchmark study on the cost of data breach incidents for companies based in India. 
Below are the key takeaways from the report:

The average total cost of a breach was 9.73 crore INR.
This represents a 9.5 percent increase over 2015 costs.
In comparison, the global average total cost of a data breach increased by 5.4 percent.
The size of data breaches increased as well — the average size grew by 8.5 percent in 2016.
This is much more than the global average increase of 3.2 percent.
The impact of data breaches varied by industry.
Certain sectors, such as financial services, had higher data breach costs when compared with industries such as research and the public sector.
Forty-one percent of companies experienced a data breach as a result of a malicious or criminal attack, which was the most common root cause of a breach.
The cost of a data breach was directly related to the number of records comprised in the attack.
The greater the number of records lost, the higher the cost.
Data breaches that involved less than 10,000 records had an average cost of 5.96 crore INR, while breaches involving more than 50,000 records had an average cost of 16 crore INR.
The longer it takes to detect and contain a data breach, the more costly it becomes to resolve.
Link: https://securityintelligence.com/the-cost-of-a-data-breach-in-india-what-you-need-to-know/



WinMagic survey finds 23% of businesses claim to stop a data breach a day
LONDON, UK – July 26, 2016 – WinMagic Inc., the intelligent key management and data security company, has today released survey data in which IT managers say they thwart an attempted data breach at least once a month.
The survey of 250 IT Managers found that a staggering 23% stop a breach every day.
A data breach can be the result of an attack on the network, or an employee inadvertently sending or taking information out of the corporate network without adequate care. 
The survey also spoke with 1,000 employees, 41% of whom believe IT security is solely the IT department’s responsibility – A further 37% say they have a role to play in IT security too.
Even though so many employees seemingly abdicate themselves of responsibility for IT security, a fifth of IT managers want to be able to empower them to use personal devices to access work documents.
Interestingly only 36% felt such access should be restricted to approved employees. 
IT managers also rated employees as the second biggest risk behind hackers to security (24%).
Link: http://www.pressreleaserocket.net/winmagic-survey-finds-23-of-businesses-claim-to-stop-a-data-breach-a-day/474317/



The Information Security Leader, Part 4: Three Persistent Challenges for CISOs 
CISOs and their teams must embody two distinct roles: subject matter experts in the technical aspects of cybersecurity and trusted advisers in making recommendations about security-related risks.
CISOs and their teams need to become confident in addressing four fundamental questions about security-related risks to help guide executive-level discussions toward making better-informed business decisions about managing risks to an acceptable level, as opposed to providing the executives with updates of tactical metrics having to do with security’s activities, work progress and operational costs.
CISOs and their teams need to learn how to overcome three persistent challenges in identifying, assessing and communicating effectively about security-related risks.
A surprising percentage of information security professionals lack an accurate understanding of risk, in spite of the fact that risk is the very reason for the existence of the business function called information security. 
One of the biggest challenges for CISOs is that security professionals traditionally think of cybersecurity as intangible, which is yet another reason why engaging in executive-level discussions about the question “How secure are we?” makes very little sense.
If something is intangible, our instincts tell us it can’t be measured.
Not surprisingly, many people with predominantly technical and engineering-oriented backgrounds experience an inherent discomfort in not being able to quantify security-related risks with precision. 
Ironically, CISOs and their teams often use emotional and qualitative approaches to communicate risks with business decision-makers. 
Qualitative and semi-quantitative risk assessments have become extremely popular.
They’re manifested in five-by-five heat maps that are typically visualized in vibrant green, yellow and red.
Security leaders say they like them because the business decision-makers seem to get it and they often lead to better conversations about risk.
Link: https://securityintelligence.com/the-information-security-leader-part-4-three-persistent-challenges-for-cisos/



Debunking the common myths of Data Loss Prevention (DLP)
MYTH 1: DLP requires significant internal resources to manage and maintain
MYTH 2: DLP requires at least 18 months to deliver value
MYTH 3: DLP requires policy creation first
In summary, DLP represents one of the strongest lines of defence available for businesses looking to effectively protect themselves against the growing number of accidental and malicious threats out there.
However, lingering myths and misinformation about aspects such as ROI, resourcing and policy are holding it back unfairly.
It’s time the IT industry dispelled these myths once and for all, helping DLP to achieve it’s full potential as a cornerstone of modern data security.
Link: http://www.itproportal.com/2016/07/26/debunking-the-common-myths-of-data-loss-prevention-dlp/



Hands up, whose firewall rules are a mess? Yes? Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe. In fact, 65% of the 300 security professionals surveye 
Hands up, whose firewall rules are a mess.
Yes.
Well, the good news (if it can be considered good news) is that you’re not alone, because 65% of your peers are in the same boat according to a survey carried out last month at Infosecurity Europe.
In fact, 65% of the 300 security professionals surveyed said if their firewall rules were a teenager’s bedroom, their mom would be so angry she would ground them; and half of those said they would be grounded for life.
The same study also showed that 32% admitted they had inherited over half of the rules they manage from a predecessor – no wonder they are a mess.
And a quarter of security professionals confessed to being afraid to turn off legacy rules.
To add to the complexity, 72% of security professionals surveyed use two or more firewall vendors within their IT environments to try and manage rules for. 
If, like the majority of IT security professionals, you’re in danger of being grounded over your messy firewall rules, here are some tips from my colleague Tim Woods on how to start tidying up your firewall policies: 
Step 1: Remove technical mistakes
Step 2: Remove unused access
Step 3: Review, refine and organize access
Step 4: Continual policy monitoring
Link: https://www.firemon.com/messy-firewall-rules-get-security-professionals-grounded-life/



Enhancing cyber security by implementing a robust threat and vulnerability management program
Threat and vulnerability management is a process of identifying, analyzing, modeling, simulating the potential impact and risk thereby planning to remediate security threats and weaknesses.
The program could covered:
-  Asset inventory management
-  Vulnerability scanning
-  Vulnerability assessment and analysis
-  Vulnerability remediation and mitigation planning
-  Risk and threat modeling and impact analysis
-  Penetration testing
Threat and vulnerability management program managers need to deliver effective vulnerability management for traditional and emerging technologies in growing, perimeter-less IT environments including mobility, cloud and IoT.
To ensure a successful vulnerability management program, security leaders need to verify the effectiveness of their threat and vulnerability management efforts and align these with business context and objectives.
Assessing the impact of potential threats to evaluate their risk will become a primary tool in managing the large volume of vulnerabilities that enterprises need to detect and remediate on an ongoing basis in order to prevent the cyber advisories and data breaches.
Link: http://www.csoonline.com/article/3099988/vulnerabilities/enhancing-cyber-security-by-implementing-a-robust-threat-and-vulnerability-management-program.html

Tuesday, July 26, 2016

IR News Security - 2017-07-26

Table of Contents

  • DEFCON CYBER™ Joins FireEye Cyber Security Coalition
  • Digital Forensics – A Presentation In The Courts
  • California sets cybersecurity example for states to follow
  • California sets cybersecurity example for states to follow
  • Joint Task Force: Forensics and Anti-Forensics
  • Digital response teams need full access to data to prevent threats
  • Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
  • EVVO launches automated Security Operations Centre in Singapore
  • Former Splunk Security Executive Fred Wilmot Joins PacketSled as Chief Technology Officer
  • Spy Game: The Emerging Cybersecurity Realm of Threat Intelligence
  • AlienVault Unveils Latest Edition of Open Threat Exchange
  • ThreatQuotient Recognized on CRN’s 2016 Emerging Vendors List



DEFCON CYBER™ Joins FireEye Cyber Security Coalition 
MANASSAS, Va., July 25, 2016 /PRNewswire/—DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform. 
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition—an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25



Digital Forensics – A Presentation In The Courts 
In an exclusive interview with EITN at RSA Conference 2016, Singapore- Digital Forensics expert Stephen McCombie lists the 3 biggest challenges in Digital Forensics are as follows: 
1) Sheer amount of data
2) High complexity of data
3) Legalizing digital evidence
The biggest myth of Digital Forensics is that it is a technical process.
But the reality is it more about the PRESENTATION (of digital evidence) to the courts.
If the digital evidence is not admissible, useable and ‘case law tested‘, then what forensics is even about at all?
Link: http://www.enterpriseitnews.com.my/digital-forensics-a-presentation-in-the-courts/



California sets cybersecurity example for states to follow 
Once again, California has positioned itself as a leader in the effort to make U.S. business more cyber-secure.
California’s Attorney General Kamala Harris recently released the California Data Breach Report, which discusses the types of breaches that companies face in California and the frequency of those breaches.
Due to the personal privacy implications of a breach for any company’s customers, AG Harris argues in the report that state governments need to do much more to ensure that companies are providing reasonable security.
The report proposes that, in order to better protect company data and customers’ privacy, businesses operating both in California and across the country adopt the Center for Internet Security’s list of 20 controls for effective cybersecurity defense, the CIS 20. 
CSC 4: Continuous vulnerability assessment
It is critical for companies to regularly adapt to evolving threats and to continuously test their systems for cybersecurity weaknesses. 
CSC 6: Maintenance, monitoring, and analysis of audit logs
Similar to vulnerability assessment, analyzing audit logs to better understand the potential threats to a network is a full-time commitment. 
CSC 13: Data protection
CSC 13 recommends password protections and data encryption, popular ways to protect data in the cloud that your business may already utilize.
Most importantly, these protection mechanisms should include automated tools to periodically check if data is presented in clear text. 
CSC 19: Incident response and management  
Honest incident response and management is critical.
Without these, customers’ data is not truly safe, and CSC 19 offers a system for businesses to identify breaches, control the damage and move forward after the fact. 
For smaller businesses that lack the internal capacity to create a breach communication chain, partnering with an outside incident response team could be a huge benefit.
Having additional eyes to watch over the network could make the difference between responding to a breach right away and minimizing damage and letting an attack go unnoticed, burying your business with the high costs of taking care of the incident later.
Link: http://thehill.com/blogs/congress-blog/technology/289099-california-sets-cybersecurity-example-for-states-to-follow



California sets cybersecurity example for states to follow 
Once again, California has positioned itself as a leader in the effort to make U.S. business more cyber-secure.
California’s Attorney General Kamala Harris recently released the California Data Breach Report, which discusses the types of breaches that companies face in California and the frequency of those breaches.
Due to the personal privacy implications of a breach for any company’s customers, AG Harris argues in the report that state governments need to do much more to ensure that companies are providing reasonable security.
The report proposes that, in order to better protect company data and customers’ privacy, businesses operating both in California and across the country adopt the Center for Internet Security’s list of 20 controls for effective cybersecurity defense, the CIS 20. 
CSC 4: Continuous vulnerability assessment
It is critical for companies to regularly adapt to evolving threats and to continuously test their systems for cybersecurity weaknesses. 
CSC 6: Maintenance, monitoring, and analysis of audit logs
Similar to vulnerability assessment, analyzing audit logs to better understand the potential threats to a network is a full-time commitment. 
CSC 13: Data protection
CSC 13 recommends password protections and data encryption, popular ways to protect data in the cloud that your business may already utilize.
Most importantly, these protection mechanisms should include automated tools to periodically check if data is presented in clear text. 
CSC 19: Incident response and management  
Honest incident response and management is critical.
Without these, customers’ data is not truly safe, and CSC 19 offers a system for businesses to identify breaches, control the damage and move forward after the fact. 
For smaller businesses that lack the internal capacity to create a breach communication chain, partnering with an outside incident response team could be a huge benefit.
Having additional eyes to watch over the network could make the difference between responding to a breach right away and minimizing damage and letting an attack go unnoticed, burying your business with the high costs of taking care of the incident later.
Link: http://thehill.com/blogs/congress-blog/technology/289099-california-sets-cybersecurity-example-for-states-to-follow



Joint Task Force: Forensics and Anti-Forensics 
Looking at the field of digital forensics, we can go back to this old CSO article, entitled The Rise Of Antiforensics.
The article details information security professionals who have written software that “fools” (author’s words) industry standard computer/digital forensics tools and the article’s early tone seems to indicate a bias against antiforensics and it’s tools as they would be harmful to business and law enforcement.
The article itself comes around to a more nuanced view towards these tools; however, I want to explore a different nuance here: antiforensics has, in itself, an intrinsic value to a business organization’s information security program, just as forensics does. 
Incorporating digital forensics into your operations is, from a reasoning standpoint, fairly simple: in the event something happens – being able to identify a root cause.
Just as senior managers would be interested in why a marketing campaign was failing, not investing in digital forensic capabilities for your disaster recovery or incident response staff can not only properly identify root cause scenarios but can be built in to processes going forward to mitigate it from occurring again.
Some of this can be as simple as change management rules, system event logging and monitoring, while more specific software, tools or personnel can be brought in to augment in the event of an incident that requires it. 
There are two areas in which we should look for when we consider the term antiforensics –  prevention and destruction. 
In one hand, we have preservation of data used for root cause analysis and in the other, we have methods to destroy data.
At first glance, the two seem opposed and there is room for only one in organizational security policies.
Indeed, one might argue that according to the CIA Triangle model of Information Security (weighing the trade-offs to ensure the Confidentiality, Integrity and Availability of data),  only the preservation of data through encryption to mitigate forensic threats best fits the model, leaving data destruction out of the model at all. 
The CIA model runs of the premise that information needs to be accessible though.
In the event of where information must remain confidential with near-zero chance of data or information being accessible or recoverable from a piece of media.
However, some business cases might require data to be inaccessible.
Equipping your operations staff with the right tools and training is essential for making sure your organization is prepared for an event where data needs to be secured for retrieval later or destroyed beyond any recognition.
While information security professionals are entrusted to safeguard information, it’s equally important to have options to be able to act quickly in the event either solution is needed.
Link: https://dasseclabs.wordpress.com/2016/07/25/joint-task-force-forensics-and-anti-forensics/



Digital response teams need full access to data to prevent threats
In order to handle digital threats, experts are saying that governments or companies must be able to establish their respective incident response teams with clear frameworks, as well as the ability to have access to absolutely every kind of data in a system. 
As Indonesia, a country where breaches are rampant, prepares to establish its own National Cybersecurity Agency (BCN) in August, observers have given recommendations about how prevention teams would be able to fully deal with particular matters. 
Clear frameworks in this case hinge on the aspects of proper governance, an outline to what threats are present and have occurred before and the technical methods of solving them.
Observers note that such coordinated guidelines can make a difference in the way companies and governments train their response teams and yield more effective results. 
“Incident response teams need hunters, pure and simple.
They can be centralized or even partly outsourced — it doesn’t matter.
The crucial aspect of it is to develop a clear framework on prevention so that these hunters can easily learn what the problems and solutions are.
It will be easier for these hunters to also pass what they learned down to newer ones,” he added. 
Indonesia itself currently has an internet incident response team (ID SIRTII) that had recently been integrated into the National Cybersecurity Agency. 
According to data from Microsoft Indonesia, cybersecurity attacks and breaches, especially in the banking sector, have cost the country up to Rp 33.29 billion (US$2.54 million), as Indonesia holds a 50 percent infection rate for malware viruses, the highest in Southeast Asia. 
About 22 percent of all crimes conducted in Indonesia in 2014 were cybercrimes, though the figure decreased to 18.26 percent in 2015.
Between 2012 and 2015, the police arrested 571 individuals in connection with cybercrimes, with the vast majority — 529 of them — foreign nationals operating in Indonesia.
Link: http://www.thejakartapost.com/news/2016/07/25/digital-response-teams-need-full-access-data-prevent-threats.html



Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat 
FREMONT, CA—(Marketwired - Jul 25, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices. 
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities. 
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. 
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. 
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm



EVVO launches automated Security Operations Centre in Singapore
EVVO Cybersecurity, a Singapore cybersecurity vendor and cloud solutions provider, has launched a Security Operations Centre (SOC) to extend cybersecurity services to SMEs.
The SOC is also the first in Singapore to leverage automation software. 
The new SOC will leverage automation software for level one tasks for security analysts such as assigning automated, playbook-based workflows to incidents for immediate and scalable response.
This will also enable EVVO Cybersecurity to increase productivity and accuracy enabling them to track and improve processes over time. 
The SOC will function as EVVO Cybersecurity’s threat defence and mitigation facility, catering to SMEs, empowering them to go beyond the traditional SOC functions of merely monitoring perimeter security. 
By integrating EVVO360, a cybersecurity analytics platform, and a suite of cybersecurity intelligence solutions, EVVO Cybersecurity aims to provide customers with a 360-degree view of all the endpoints and network traffic across the organisation.
This will greatly enhance the ability of organisations to detect, response and recover from incidents of compromise.
Link: http://www.networksasia.net/article/evvo-launches-automated-security-operations-centre-singapore.1469497028



Former Splunk Security Executive Fred Wilmot Joins PacketSled as Chief Technology Officer
SAN DIEGO, July 26, 2016 /PRNewswire/—PacketSled, Inc., the company that democratizes security investigations and response by providing its customers with automated network visibility, detection, incident response and forensics in the cloud, announced today that Fred Wilmot will be joining the company as its Chief Technology Officer, effective immediately.
In this role, he will be responsible for all aspects of the company's technology strategy, including software engineering, security research and development, and cloud operations. 
Fred brings more than 20 years of cybersecurity expertise to PacketSled.
Most recently, he served as Vice President, Solutions Engineering at Context Relevant, where he implemented a real-time transaction fraud platform for financial markets, weaponizing security use cases with data science automation and machine learning. 
During his tenure at Splunk, Fred was responsible for the company's ascension to a market leader in the security industry, placing the company in the Gartner SIEM magic quadrant.
As the founder and director of the global security practice, Fred prototyped innovation in the field, and built platform applications that were utilized in responding to some of the most major breaches in Internet history.
Fred and his team were responsible for architecting and delivering the first version of Splunk's enterprise security product.
Link: http://www.prnewswire.com/news-releases/former-splunk-security-executive-fred-wilmot-joins-packetsled-as-chief-technology-officer-300304209.html



Spy Game: The Emerging Cybersecurity Realm of Threat Intelligence 
While Watson might be the most famous cyberpersonality to take on the challenge of defending networks against attacks, it isn’t the first.
This is the latest development in the emerging field of cyberthreat intelligence (CTI), a discipline dedicated to applying military-style intelligence techniques to the collection, analysis and use of information about cybersecurity threats. 
CTI providers do the heavy lifting of cybersecurity analysis that most enterprises simply don’t have the resources to undertake.
They typically combine information from at many different categories of sources to generate products that help their clients better understand and react to the evolving cybersecurity threat landscape.
Some of hese sources include: 
- Gathering threat information from deployed security tools. 
- Deploying their own sensors. 
- Gathering intelligence from public sources. 
- Recruiting spies. 
After CTI providers gather information from all of these sources, they feed it to a team of analysts who have the job of transforming it into actionable intelligence.
One of the most common products offered by CTI vendors is a real-time feed of known malicious hosts on the Internet.
Link: http://www.gocertify.com/articles/spy-game-the-emerging-cybersecurity-realm-of-threat-intelligence



AlienVault Unveils Latest Edition of Open Threat Exchange 
-  Launched in 2012, Open Threat Exchange (OTX) has grown to more than 47,000 users who contribute approximately 4 million artifacts each day to the OTX community.
-  With the latest version, OTX members can now create private communities and discussion groups, where they can share content and selected pulses with members.
-  OTX data works hand-in-hand with security platforms, such as AlienVault Unified Security Management, to ensure users have the latest intelligence to identify threats. 
With this release, OTX members can now create private communities and discussion groups, where they can share threat information with only members of the group.
This capability enables more targeted, in-depth discussion and threat information distribution related to specific industries, particular regions and types of threats.
This new feature supports the mission of Information Sharing and Analysis Centers (ISACs) pursuant to Presidential Decision Directive-63 (PDD-63) by providing a platform for information sharing and risk mitigation for specific groups and teams.
In addition, managed service providers can use this feature to distribute threat data to their subscribers. 
OTX data works hand-in-hand with security platforms, such as AlienVault USM, to ensure users have the latest intelligence to identify, respond to and mitigate threats.
As part of AlienVault's commitment to continually innovating and enabling even the smallest IT departments to detect and respond to threats more effectively, a new version of USM, with enhanced capabilities like USB detection, will also be available in early August.
Link: http://finance.yahoo.com/news/alienvault-unveils-latest-edition-open-130000037.html



ThreatQuotient Recognized on CRN’s 2016 Emerging Vendors List 
RESTON, Va.—(BUSINESS WIRE)—ThreatQuotient™, a leading provider of enterprise-class threat intelligence platforms, announced today that CRN®, a brand of The Channel Company, has named ThreatQuotient to its 2016 list of Emerging Vendors.
This annual list recognizes recently founded, up-and-coming technology suppliers who are shaping the future of the IT channel through unique technological innovations.
In addition to celebrating these standout companies, the Emerging Vendors list also serves as a valuable resource for solution providers looking to expand their portfolios with cutting-edge technology.
Link: http://www.businesswire.com/news/home/20160726005486/en/ThreatQuotient-Recognized-CRN%E2%80%99s-2016-Emerging-Vendors-List

IT Security Industry News - 2016-07-26

Table of Contents

  • Scanning Code for Viruses Is No Longer a Job for Humans
  • No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware
  • Cybersecurity firm offers users reimbursement for ransomware infections
  • DEFCON CYBER™ Joins FireEye Cyber Security Coalition
  • How to ensure your A.I. gets good nutrition
  • Sydney IT company looking to educate about security
  • Australia’s security software spending sees growth spurt
  • Juniper Networks reports lower profit
  • How predictive analytics discovers a data breach before it happens
  • 3 Reasons To Buy FireEye
  • Trustwave opens Waterloo office, strengthens ties with Rogers Communications
  • Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer
  • Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
  • Former IBM Cloud Chief Sets Sights on Hot Security Market
  • Belden Industrial Cyber Security Initiative Builds Momentum
  • Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year
  • Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
  • RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
  • Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year
  • Palo Alto Networks clinch 500 customers in India in past 2 years
  • Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
  • AlienVault Unveils Latest Edition of Open Threat Exchange



Scanning Code for Viruses Is No Longer a Job for Humans 
Alexey Malanov, malware expert at Kaspersky Lab, said 99 percent of the code his firm analyzes is seen only by machines—and it's been that way for five years.
The process keeps improving in terms of speed and efficacy, he said. 
Automation works because most malware is an alteration of code already known. “Even if a cybercriminal creates something from scratch, in most cases he’ll integrate previously known malicious functionality,” said Malanov. "Automation will process all this." 
Machine learning works along with a wide range of clustering and classifying algorithms, used to identify whether or not the scanned file is malicious or not, said Liviu Arsene, senior e-threat analyst at Bitdefender, another antivirus company that uses machines to process over 99 percent of the malware it receives. 
Humans are better at discovering new features hidden within the malware, they have a better intuition and make non-obvious connections.
They are able to tackle a problem from creative angles.
Link: http://motherboard.vice.com/en_uk/read/scanning-code-for-viruses-is-no-longer-a-job-for-humans



No More Ransom: Law Enforcement and IT Security Companies Join Forces to Fight Ransomware 
WOBURN, Mass.—(BUSINESS WIRE)—Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab join forces to launch an initiative called No More Ransom, a new step in the cooperation between law enforcement and the private sector to fight ransomware together.
No More Ransom (http://www.nomoreransom.org) is a new online portal aimed at informing the public about the dangers of ransomware and helping victims to recover their data without having to pay ransom to the cybercriminals. 
The aim of the online portal http://www.nomoreransom.org is to provide a helpful online resource for victims of ransomware.
Users can find information on what ransomware is, how it works and, most importantly, how to protect themselves.
Awareness is key as there are no decryption tools for all existing types of malware available to this day.
If you are infected, the chances are high that the data will be lost forever.
Exercising a conscious internet use following a set of simple cyber security tips can help avoid the infection in the first place. 
The project provides users with tools that may help them recover their data once it has been locked by criminals.
In its initial stage, the portal contains four decryption tools for different types of malware, the latest developed in June 2016 for the Shade variant. 
The project has been envisioned as a non-commercial initiative aimed at bringing public and private institutions under the same umbrella.
Due to the changing nature of ransomware, with cybercriminals developing new variants on a regular basis, this portal is open to new partners’ cooperation.
Link: http://www.businesswire.com/news/home/20160725005101/en/Ransom-Law-Enforcement-Security-Companies-Join-Forces



Cybersecurity firm offers users reimbursement for ransomware infections 
Security firm SentinelOne is confident it can beat any of today’s ransomware—and is willing to put money behind that claim. 
The company is offering a new service that will cover up to $1 million in damages for any customers infected by ransomware. 
SentinelOne is calling it the “Cyber Threat Guarantee” and treating it like an extended warranty that customers can buy starting Tuesday. 
SentinelOne’s guarantee works like this: for individual computers infected with ransomware, the company will pay up to $1,000 to free the system.
The number of computers it will cover is up to 1,000 systems. 
The policy has been designed this way because most ransomware attackers ask for around $250 or more to decrypt any data held hostage, Grossman said. 
Customers who opt-in to the guarantee will pay an additional $5 fee for each Windows PC or server protected on top of their existing service.
The coverage will last a year before it can be renewed again. 
Grossman joined SentinelOne last month after designing a similar guarantee program for his previous company, Whitehat Security.
Under that program, WhiteHat would refund customers if their websites ever got hacked with a vulnerability that the company failed to detect.
Link: http://www.computerworld.com/article/3099999/security/cybersecurity-firm-offers-users-reimbursement-for-ransomware-infections.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-26&idg_eid=d5d



DEFCON CYBER™ Joins FireEye Cyber Security Coalition 
MANASSAS, Va., July 25, 2016 /PRNewswire/—DEFCON CYBER™ offers a proactive cybersecurity solution cloud service that prioritizes incidents, automates the response workflow process, and measures activity responses across operations to produce a cybersecurity risk posture score.
DEFCON CYBER™ operationalizes the National Institute of Standards and Technology (NIST) Cybersecurity Framework to be the business risk driver for incident prioritization and mitigation.
DEFCON CYBER™ enables an organization and its supply chain to significantly reduce priority incident response times and measure the cybersecurity risk posture through the successful execution of their respective cybersecurity risk management strategies.
DEFCON CYBER™ is offered as a hosted cloud service, on-premise cloud service (VMWare and Hyper-V), or an application plug-in to an existing Microsoft SharePoint enterprise platform. 
Rofori Corporation today announced its partnership with FireEye, as a member of the FireEye® Cyber Security Coalition—an ecosystem designed to simplify customers' complex security environments via the intelligence-led FireEye Global Threat Management Platform.
Joint customers will benefit from enhanced threat detection and faster, more efficient correlation and response.
Rofori Corporation has applied its patented collaboration technology to the application of cybersecurity best practice outcomes to precisely manage the incident prioritization, automated initialization and tracking the response activity, and closing mitigated incidents.
DEFCON CYBER™ continuously measures the activities across asset management, threat intelligence, and operations to calculate the organization's cybersecurity posture.
DEFCON CYBER™ makes full use of the output of FireEye's leading iSight Intelligence to provide instant correlation between actionable threat intelligence and indicators. "In today's environment, resources are limited to analyze and correlate vast amounts of information," said Chuck O'Dell, Rofori Corporation CEO. "The combination of DEFCON CYBER™ and FireEye's iSIGHT Intelligence enables automated and continuous correlation of threat intelligence data to priority incidents."
Link: http://www.marketwatch.com/story/defcon-cybertm-joins-fireeye-cyber-security-coalition-2016-07-25



How to ensure your A.I. gets good nutrition
A.I. shouldn’t be allowed to drink wildly from a data lake where data has not been cleansed, packaged and structured for easy consumption.According to the Compliance, Governance and Oversight Counsel (CGOC), nearly 70% of the data that companies produce and collect has no business, legal or compliance value, so you must develop a way to understand and specify the scope and criteria of the data to be fed to A.I.
Which data stores and what file types.
What connections exist between the data.
Who is responsible for making the determination and for final approval? 
You need to tag and classify the data to ensure that it can be properly digested.
Depending on the A.I. task, some metadata has more value than others.
If you are looking for marketing insights, you will likely value metadata drawn from EXIF files associated with images on social media sites, including geolocation, timestamps, camera type and serial numbers.
In medical settings, metadata elements including patient ID-date of birth, provenance-timestamp, and privacy-content are essential. 
Finally, you must have governance capabilities built into the system to track responses to the information used and adjust the diet accordingly.
Link: http://www.cio.com/article/3098428/artificial-intelligence/how-to-ensure-your-a-i-gets-good-nutrition.html?token=%23tk.CIONLE_nlt_cio_insider_2016-07-26&idg_eid=e87b17913ba9d312d52f2efa84a73904&utm_so



Sydney IT company looking to educate about security 
SYDNEY — A Sydney-based information technology company that relaunched this spring is looking to solve the data and security breaches some small- and medium-sized companies face as business grows. 
Devantec IT surfaced again in April after about a three-year hiatus due to president and CEO James Mackinnon’s work on other projects. 
Devantec recently announced it is offering free network assessments to companies this summer.
The company is looking to educate local businesses in the dos and don’ts of IT best practices.
Local businesses should consider their IT strategy from the outset and how it can work as efficiently as possible to ensure growth over the long-term, he said. 
It could be as straight forward as a company setting a goal to grow to 50 employees and expanding to a second location, said Danielle Patterson, Devantec’s chief marketing officer. 
“We want people to stop feeling scared of technology.”
Link: http://www.capebretonpost.com/News/Local/2016-07-25/article-4597848/Sydney-IT-company-looking-to-educate-about-security/1



Australia’s security software spending sees growth spurt 
According to Gartner, the global security software market rose by 3.7% in 2015, while Australia recorded a 19.4% leap in spending. 
Australia’s national focus on computer security should increase after the appointment of the country’s first cyber security minister.
Former diplomat Dan Tehan was announced in mid-July as minister assisting the prime minister for cyber security. 
Australian organisations are also being urged to be more vigilant about information governance – so that even if cyber attackers get past the padlocks and cameras, the information available to them is tightly managed and controlled. 
A new organisation, Information Governance ANZ, will be launched formally in August as a forum for Australian and New Zealand governance professionals.
Co-founder and director Susan Bennett said Australia is lagging behind the US in information governance, despite there being significant risks for organisations that choose to store every piece of computer-generated data just because it is technically possible.
Link: http://www.computerweekly.com/news/450300891/Australia-security-software-spending-growth-spurt



Juniper Networks reports lower profit 
Juniper Networks Inc. on Tuesday reported an 11% decline in second quarter profit and warned challenging market conditions would continue to pressure margins. 
The Sunnyvale, Calif., company said it expects operating margins to decline slightly from the 18.8% it reported last year. 
Shares, down 12% this year, fell 0.9% to $24 in after-hours trading. 
Over all, Juniper reported a profit of $140 million, or 36 cents a share, down from $158 million, or 40 cents a share, a year earlier.
Excluding stock-based compensation and other items, profit was 50 cents a share, compared with 53 cents a year earlier and analysts' projections of 47 cents a share.
The most recent results are based on 2.7% fewer shares outstanding.
Link: http://www.marketwatch.com/story/juniper-networks-reports-lower-profit-2016-07-26-17485198



How predictive analytics discovers a data breach before it happens 
]The traditional approach to fighting cyberattacks involves gathering data about malware, data breaches, phishing campaigns, etc., and extracting relevant data into signatures, i.e. the digital fingerprint of the attack.
These signatures will then be compared against files, network traffic and emails that flow in and out of a corporate network in order to detect potential threats. 
Though a very promising trend, predictive analytics has some hefty requirements when applied to cybersecurity use cases.
For one thing, the variety and volume of data involved in identifying and predicting security threats are overwhelming.
This necessitates the use of analytics solutions that can scale to the huge storage, memory and computation requirements. 
“The challenges are the same, yet amplified, as those encountered when applying analytics in general,” says Lucas McLane (CISSP), Director of Security Technology at machine learning startup SparkCognition. “This is because predictive analytic processing requires a lot more computing resources (i.e.
CPU, memory, disk I/O throughput, etc.).
This is especially true when the algorithms are operating on large-scale data sets.
Predictive analytics engines need to be paired with computing resources that are designed to scale with the volume of data targeted for analysis.” 
Forging alliances across industries certainly has its benefits.
As Orad explains, advanced analytics platforms such as Sisense enable cybersecurity firms to obtain “an end-to-end solution for modeling, analyzing and visualizing data, without investing vast resources into building a data warehouse as traditional tools would necessitate.” 
“Predictive analytics in security provide a forecast for potential attacks — but no guarantees,” says McLane from SparkCognition.
That’s why he believes it has to be coupled with the right machine learning solution in order to be able to harness its full potential. 
SparkCognition’s platform, SparkSecure, uses “cognitive pipelining,” a technique that involves the combination of machine-learning-based predictive analytics with the company’s own patented and proprietary static and dynamic natural language processing engine, called DeepNLP. 
Not everyone believes that predictive analytics is the ultimate solution to deal with advanced threats.
Arijit Sengupta, CEO of business analysis company BeyondCore, suggests that we look at the problem from a different perspective. 
According to Sengupta, cybersecurity challenges stem from two factors.
Firstly, the value and volume of online assets are exploding at and exponential rate.
Secondly, hackers are increasingly growing in sophistication due to their easy and inexpensive access to large compute resources through cloud computing. 
Invincea’s Ghosh believes it is inevitable the security industry will need to re-tool to address an ever-changing threat. “We are making our bet on artificial intelligence is the solution to predict our adversaries’ next moves,” he says.
Link: https://techcrunch.com/2016/07/25/how-predictive-analytics-discovers-a-data-breach-before-it-happens/



3 Reasons To Buy FireEye 
Though FireEye shares have gained momentum on the back of buyout speculation, investors should not ignore the company's robust long-term prospects.
The cost of data breaches is set to increase to over $2.1 trillion by 2019, representing a four-fold increase compared to the estimated cost of breaches in 2015.
The company is well-prepared to tap this opportunity by shifting its business to an "as-a-service" model, since this will help it enjoy economies of scale and enhance margins.
By enhancing economies of scale, FireEye expects product gross margin in the high-60% range and service margin in the mid-70% range for the full year.
The company is also enhancing operational efficiency by shifting toward lower-cost locations, consolidating support and SoC operations, improving purchasing efficiencies, and reducing discretionary spending.
Link: http://seekingalpha.com/article/3990991-fireeye-3-reasons-buy?auth_param=137vrm:1bpb0s2:868907aba33eb11dad51e4eed0db6dbf&uprof=45&dr=1#alt2



Trustwave opens Waterloo office, strengthens ties with Rogers Communications 
Global security firm Trustwave has opened a new office in Waterloo, Ontario, announced a new wave of hiring, and added a new country manager, Michael Sims, to oversee the company’s Canadian operations. 
Trustwave had previously leased an approximately 850 square metre space in Cambridge, Ontario. 
Sims joined Trustwave in April 2016, after serving as Canadian Country Manager for Optiv Security, where he oversaw that company’s go-to-market strategy for managed security services and other offerings.
Link: http://www.cantechletter.com/2016/07/trustwave-opens-waterloo-office-strengthens-ties-rogers-communications/



Tenable Network Security Names Seasoned Security Leader Dave Cole as Chief Product Officer 
COLUMBIA, Md.—(BUSINESS WIRE)—Tenable Network Security, Inc., a global leader transforming security technology for the business needs of tomorrow, announced today that it has hired security industry veteran Dave Cole as chief product officer, responsible for leading continued technology innovation and product excellence. 
Before joining Tenable, Cole served as chief product officer at CrowdStrike, where he drove the design, development and support of the company’s cloud-based endpoint security product.
Prior to that, he led product management for Norton at Symantec.
As a seasoned product leader, Cole also held senior product positions at Foundstone and Internet Security Systems.
Link: http://www.businesswire.com/news/home/20160725005027/en/Tenable-Network-Security-Names-Seasoned-Security-Leader



Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat 
FREMONT, CA—(Marketwired - Jul 25, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, today announced that the Attivo ThreatMatrix™ Deception and Response Platform has been enhanced to provide an organization's visibility and assessment of vulnerable attack paths that a cyber attacker would take to reach critical assets.
Attivo is empowering organizations with insight into how an attacker would target misconfigured systems or misused credentials and then automating the response actions to isolate these systems from causing additional infection, exfiltrating data or harming critical infrastructure.
Additionally, the company announced that its next generation software has enhanced its deception technology to misdirect and detect attackers seeking to begin their attack by targeting Microsoft Active Directory, which is a favored target for attackers seeking credentials for attack escalation.
The new release will also include an expansion of the ThreatMatrix Platform to support routed networks, for micro-segmented datacenters and enterprises networked across multiple locations and branch offices. 
The ThreatMatrix Deception and Response Platform provides real-time threat detection and attack forensic analysis for accelerated incident response and remediation.
The platform is designed to provide early detection of cyberattacks from all threat vectors including zero-day, stolen credential, ransomware and phishing attacks that are renowned for bypassing traditional prevention systems.
The platform is aligned to Gartner's Adaptive Security Architecture of Predict, Block/Prevent, Detect and Respond (Gartner, February 2016)* and is designed for early Detection of threats, accelerated incident Response and strengthening of Prevention systems based on attack information gathered while deceiving and engaging attackers.
The company's announcement expands the ThreatMatrix Platform into the pillar of Prediction and enhances its Detection capabilities. 
ThreatPath™: Provides an attack path vulnerability assessment based on likely attack paths that an attacker would have traversed through misconfigured systems or credential misuse. 
Active Directory Deception and Detection: Organizations running the Microsoft Windows Server platform are susceptible to attacks where attackers exploit and gain un-authorized access to Active Directory. 
Routed Network Support: ThreatMatrix BOTsink engagement servers can now engage with deceptive IP addresses and networks on routers over Layer 3 GRE tunnels, which is ideal for micro-segmented datacenters, enterprises networked across multiple locations and branch offices.
Link: http://www.marketwired.com/press-release/attivo-networks-launches-attack-path-vulnerability-assessments-continuous-threat-management-2144878.htm



Former IBM Cloud Chief Sets Sights on Hot Security Market 
Lance Crosby, who co-founded SoftLayer, the cloud computing company IBM bought three years ago for about $2 billion, is finally ready to talk about StackPath, his cybersecurity startup. 
It’s a well-funded effort; StackPath has $150 million in backing from Boston-based private equity fund ABRY Partners, and another $30 million from what Crosby calls “friends and family.” 
-  MaxCDN built a content delivery network (CDN) with 19 global points of presence, which monitor and speed up delivery of content for some 16,000 customers.
-  Fireblade offers a web application firewall, to protect against malignant content.
-  Staminus works to stop distributed denial of service (DDoS) attacks.
-  Cloak is a virtual private network that brings secure Wi-Fi for iOS and Mac applications.
This is an ambitious undertaking.
StackPath will compete with Akamai in CDNs, Prolexic, and others in DDOS—CloudFlare, which offers CDN, DDOS and firewall capabilities, for example.
Link: http://fortune.com/2016/07/25/stackpath-ceo-on-his-startup/



Belden Industrial Cyber Security Initiative Builds Momentum 
ST.
LOUIS—(BUSINESS WIRE)—Belden Inc. (NYSE: BDC), a global leader in high quality, end-to-end signal transmission solutions for mission-critical applications, today announced the achievement of four strategic milestones of its industrial cyber security initiative over the first half of 2016.
Together, these milestones demonstrate Belden’s commitment to the emerging industrial cyber security market and realization of its strategic vision for this market segment. 
Key cyber security milestones include: 
he Tofino Xenon Industrial Security Appliance now solves many of the most specialized energy-specific cyber and physical security challenges.
The easy-to-deploy appliance protects against malicious and unauthorized access due to system vulnerabilities, improves supervisory control and data acquisition (SCADA) system reliability, provides greater security control for industrial control system (ICS) devices, and supports more industrial protocols than any other device available, including DNP3 and IEC 104. 
In response to customers’ requests for a pragmatic solution to the complexities of industrial cyber security, Belden has developed a practical three-step approach to industrial cyber security strategies.
The Belden 1-2-3 model provides industrial organizations with practical advice on developing a cyber security program that reduces risks while supporting and enhancing availability, reliability and safety. 
Belden’s partnership with FireEye brings together advanced detection, targeted threat intelligence and specialized Mandiant ICS services from FireEye with an industrial cyber security portfolio that includes deep visibility; endpoint intelligence and change detection from Tripwire; secure noninvasive network segmentation from Tofino; and ruggedized industrial networking solutions from GarrettCom. 
Tripwire® Configuration Compliance Manager (CCM) now monitors industrial automation environments.
It allows customers to measure the configuration security of industrial environments against ANSI/ISA-62443, a global standard for securing industrial automation systems, controllers and associated networking equipment configurations.
Tripwire CCM can now reduce cyber security risks from external attacks, as well as malicious insiders and human error.
It does this while protecting critical infrastructure reliability, uptime and safety in industrial automation and manufacturing environments.
Link: http://www.businesswire.com/news/home/20160725005741/en/Belden-Industrial-Cyber-Security-Initiative-Builds-Momentum



Imperva Named by Gartner as the Only Leader in the 2016 Magic Quadrant for Web Application Firewalls for the Third Straight Year 
REDWOOD SHORES, Calif., July 25, 2016 (GLOBE NEWSWIRE)—Imperva, Inc. (NYSE:IMPV), committed to protecting business-critical data and applications in the cloud and on-premises, today announced that it has been named the sole leader in the Gartner Magic Quadrant for Web Application Firewalls (WAF).
Imperva is unique in that it is the only vendor that has been the sole leader in a Gartner Magic Quadrant for the past three years.
Link: http://globenewswire.com/news-release/2016/07/25/858649/0/en/Imperva-Named-by-Gartner-as-the-Only-Leader-in-the-2016-Magic-Quadrant-for-Web-Application-Firewalls-for-the-Third-Straight-Year.html



Fortinet to Provide Enterprises With On-Demand Security at Scale With Verizon Virtual Network Services
Fortinet® (NASDAQ: FTNT), the global leader in high-performance cybersecurity solutions, today announced that it has been selected as a vSecurity technology partner as part of Verizon Enterprise Solutions' new Virtual Network Services. 
The Fortinet Security Fabric will provide enterprise customers of Verizon Virtual Network Services with open, adaptive virtual security and actionable threat intelligence, turning network protection into a driver of business insight and agility. 
A broad range of security features within the FortiGate virtual network function (VNF), including enterprise firewalls, FortiManager single pane of glass management, integrated threat intelligence from FortiGuard Labs, data loss prevention, IP security, and intrusion detection system will enable enterprises to deploy advanced software-defined networking (SDN) security functions to protect all points in their network. 
As part of Verizon's Virtual Network Services, Fortinet will provide plug-and-play vSecurity VNFs so businesses can deploy security network functions in software.
With a broad range of advanced virtual network security features offered, including Fortinet FortiGate enterprise firewalls, advanced threat intelligence, global policy controls, and internal segmentation to protect mission-critical data from breaches, Fortinet vSecurity will deliver all the performance of traditional network security in virtualized solutions.
Link: http://www.broadwayworld.com/bwwgeeks/article/Fortinet-to-Provide-Enterprises-With-On-Demand-Security-at-Scale-With-Verizon-Virtual-Network-Services-20160725



RiskVision Teams With Offensive Security to Advance Enterprise Vulnerability Management
SUNNYVALE, CA—(Marketwired)—07/26/16—RiskVision, the enterprise risk intelligence company formerly known as Agiliance, today announced it will be utilizing the Exploit Database, a non-profit project maintained by Offensive Security.
As part of the RiskVision offering, exploit information is correlated with RiskVision-configurable business context and vulnerability attributes to prioritize exploitable threats in vulnerability risk scoring.
This helps security and business risk owners reduce network operations activity while dramatically improving risk posture in their organizations. 
he Exploit Database's aim is to serve the most comprehensive collection of exploits gathered through direct submissions and mailing lists, as well as other public sources, and then present them in a freely-available, easy-to-navigate database.
The database is a repository for exploits and proof-of-concepts, rather than advisories, making it a valuable resource for those who need actionable data right away. 
RiskVision's closed-loop vulnerability management delivers innovation in every step of the cyber vulnerability work flow.
In addition to integrating with threat exploit services such as Offensive Security, RiskVision utilizes products and services from vendors in the threat intelligence, vulnerability scanning, endpoint security, SIEM and DLP, IT service management and configuration management spaces. 
RiskVision's approach to vulnerability management improves operational efficiency by performing automated risk scoring based on threat and business context, as well as filtering for relevant incidents based on event monitoring data.
Uniquely, with RiskVision, Security Operations analysts can prioritize remediation, Organizational Unit risk experts can participate in decision-making with compliance oversight and IT Operations can be assured their workloads do not require additional staff.
Link: http://news.sys-con.com/node/3881210



Ingram Micro Named Cisco Asia Pacific Security Distributor of the Year 
IRVINE, CA—(Marketwired - Jul 26, 2016) - Ingram Micro Inc. (NYSE: IM) today announced it has earned Cisco's Security Distributor Award for Outstanding Performance in the Asia-Pacific-Japan (APJ) region for 2016.
Link: http://www.marketwired.com/press-release/ingram-micro-named-cisco-asia-pacific-security-distributor-of-the-year-nyse-im-2145482.htm



Palo Alto Networks clinch 500 customers in India in past 2 years
Bangalore: US based Palo Alto Networks, a network and enterprise security provider is growing faster with an expanding base of customers in the Indian market, according to company's top executive. 
"Most of these customers are replacing products and solutions of legacy security vendors and migrating to our offerings," added Bhasin, who was appointed as top executive of company's India operations in 2013. 
The steady rise in customer base does suggest how Palo Alto Network's business in India is flourishing, although it doesn't provide specifics of its business in India. 
However, citing IDC study, Bhasin said that company's growth has been faster than the top four security vendors in India. 
Company is moving fast enough to close in the gap between its two close competitors Cisco and Check with market share of 17.4 percent and 13.8 percent respectively. 
Although, Palo Alto Networks was a late entrant in the Indian market, which is largely dominated by established security vendors like Cisco, Juniper, Check Point, Fortinet and others, but it has significantly successful in penetrating this market.
Link: http://cio.economictimes.indiatimes.com/news/corporate-news/palo-alto-networks-clinch-500-customers-in-india-in-past-2-years/53395107



Centripetal Networks Joins with Infoblox to Offer Actionable Threat Intelligence
Centripetal Networks Inc., the leading provider of Real-Time Active Network Defense solutions, today announced it is joining with Infoblox to provide a platform to easily apply cyber threat intelligence to directly defend networks with up-to-date intelligence.
The relationship further expands Centripetal’s RuleGate® Network Protection System with the addition of Infoblox’s ActiveTrust data, which combines threat intelligence from trusted white-hat allies, including law enforcement agencies and internet infrastructure providers, with vetted data from select open-source providers. 
Centripetal’s RuleGate® Network Protection System dynamically updates threat intelligence from Infoblox, and more than 40 other sources, normalizes the intelligence, and applies it to the network to alert, block or redirect malicious traffic.
The platform includes the Advanced Cyber Threat™ (ACT) service, the RuleGate® network appliance and QuickThreat®, Centripetal Networks’ real-time threat intelligence analytics application.
Link: http://www.pressreleaserocket.net/centripetal-networks-joins-with-infoblox-to-offer-actionable-threat-intelligence/474462/



AlienVault Unveils Latest Edition of Open Threat Exchange 
-  Launched in 2012, Open Threat Exchange (OTX) has grown to more than 47,000 users who contribute approximately 4 million artifacts each day to the OTX community.
-  With the latest version, OTX members can now create private communities and discussion groups, where they can share content and selected pulses with members.
-  OTX data works hand-in-hand with security platforms, such as AlienVault Unified Security Management, to ensure users have the latest intelligence to identify threats. 
With this release, OTX members can now create private communities and discussion groups, where they can share threat information with only members of the group.
This capability enables more targeted, in-depth discussion and threat information distribution related to specific industries, particular regions and types of threats.
This new feature supports the mission of Information Sharing and Analysis Centers (ISACs) pursuant to Presidential Decision Directive-63 (PDD-63) by providing a platform for information sharing and risk mitigation for specific groups and teams.
In addition, managed service providers can use this feature to distribute threat data to their subscribers. 
OTX data works hand-in-hand with security platforms, such as AlienVault USM, to ensure users have the latest intelligence to identify, respond to and mitigate threats.
As part of AlienVault's commitment to continually innovating and enabling even the smallest IT departments to detect and respond to threats more effectively, a new version of USM, with enhanced capabilities like USB detection, will also be available in early August.
Link: http://finance.yahoo.com/news/alienvault-unveils-latest-edition-open-130000037.html

Monday, July 11, 2016

IT Security News - 2017-07-11

Table of Contents

  • How to handle security risks in Red Hat virtualization environments
  • Google is already fighting hackers from the future with post-quantum cryptography
  • If My Website Is Hacked and Customer Data Exposed, Am I Liable?
  • Business travellers putting organisations' cyber-security at risk
  • Protecting a BIT of Integrity BYTES
  • Global Cybergangs Take The ‘Cyber Arms Race’ Lead
  • Cybercrime Now Surpasses Traditional Crime In UK
  • Report: Firms see cyber threats, but not the means to deal with them
  • Business Intelligence and Data Security: A Double-Edged Sword
  • 8 Ways Ethically Compromised Employees Compromise Security



How to handle security risks in Red Hat virtualization environments 
Here's a rundown of the types of threats to virtualization environments, and ways they can be mitigated: 
- Denial of Service (DOS) attacks
- Memory corruption and leakage  
- Guest-to-Host escape
Mitigation Techniques
-You can use control groups to protect the four core resources (memory, CPU, disk or network) that can be exploited. 
-SELinux is Red Hat's Linux Security Module and it operates by implementing Mandatory Access Controls (MAC). 
-sVirt (secure virtualization) combines SELinux and virtualization. 
-SecComp is a kernel feature still early in development which also provides sandboxing like capabilities.
Link: http://www.techrepublic.com/article/how-to-handle-security-risks-in-red-hat-virtualization-environments/?ftag=TRE684d531&bhid=21487072891631060763005914609462



Google is already fighting hackers from the future with post-quantum cryptography 
"We're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used," Google Software Engineer Matt Braithwaite wrote in a blog post Thursday, pointing out that Google plans to discontinue the experiment after two years, and hopefully move on to an even better algorithm. 
What does all this mean for Chrome users.
Not much.
Regular users won't be part of the test.
Those who want to have a fraction of their online communication protected with a post-quantum key exchange algorithm should install the latest Chrome Canary build.
To check whether post-quantum crypto was on, go to a HTTPS-secured page, click on the lock next to the URL in the address bar, click on "details," and check if Key Exchange starts with “CECPQ1”.
Link: http://mashable.com/2016/07/08/google-chrome-quantum-cryptography/#zm1AzEuUGuqW



If My Website Is Hacked and Customer Data Exposed, Am I Liable?
That is a question most small business owners aren’t losing sleep over or are readily prepared to answer.
But in an era where data breaches routinely occur, it warrants serious consideration. 
Unfortunately, there is no cut-and-dried answer to that question.
Some attest that the entity holding the information is liable while others suggest the customer bears responsibility. 
Perez, weighing in on the liability issue, warns that small businesses running an ecommerce site must comply with the Payment Card Industry Data Security Standard (PCI DSS). 
“The landscape of cyber security is shifting rapidly as data breaches are spiking,” Delaney said. “Congress, regulators and state attorneys general are taking a hard look at how companies … are protecting consumer information from unauthorized access.
Hearings have been held, and new laws pushed.” 
Notification can quickly become very expensive, however, particularly if you have thousands of customers with which to communicate. 
Unfortunately, standard commercial property and liability insurance does not cover the loss of personally identifiable information.
To address the issue, several companies now offer cyber liability policies intended to cover a data breach where customer information, such as Social Security or credit card numbers, is exposed or stolen. 
While the question of liability is still not clear cut, businesses can protect themselves and their customers by following the guidelines included in this article.
Link: http://smallbiztrends.com/2016/07/website-hacked-customer-data-exposed-liable.html



Business travellers putting organisations' cyber-security at risk 
A survey by Kaspersky Lab of 11,850 people from across Europe, Russia, Latin America, Asia Pacific and the US found that the pressure from work to get online is clouding the judgment of business travellers when connecting to the internet. 
It said that three in five (59 percent) of people in senior roles say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected.
The research also found that 47 percent think that employers, if they send staff overseas, must accept any security risks that go with it. 
Almost half (48 percent) of senior managers and more than two in five (43 percent) of mid-level managers use unsecure public access Wi-Fi networks to connect their work devices when abroad.
At least two in five (44 percent and 40 percent, respectively) use Wi-Fi to transmit work emails with sensitive or confidential attachments. 
One in five (20 percent) senior executives admit to using work devices to access websites of a sensitive nature via Wi-Fi – compared to an average 12 percent.
One in four (27 percent) have done the same for online banking – compared to an average 16 percent.
Link: http://www.scmagazine.com/business-travellers-putting-organisations-cyber-security-at-risk/article/508027/



Protecting a BIT of Integrity BYTES 
Leveraging the NIST Cybersecurity Framework to apply necessary albeit painful and often overlooked cyber changes to protect your most critical high-value assets (“Crown Jewels”) from advanced cyber threats
This post will focus primarily on Identify function’s Asset Management component and the Protect function of the NIST framework as it relates to often overlooked operational changes needed to isolate critical high-value assets. 
What to Protect? 
How to Protect? 
Rise above the threats.
Leverage the NIST Cybersecurity Framework and follow best practices to isolate and protect your most critical “crown jewels” and tier-0 credentials using operational security practices and not just dependence on the latest “shiny object” security tools.
Bad guys have these same security tools before they attack, so we need to change the way we isolate and operate on our network.
These changes can be painful and often not intuitive, but defending against advanced attackers require advanced operational defenses to keep a breached PC from becoming a totally owned network.
Link: https://blogs.technet.microsoft.com/staysafe/2016/07/07/protecting-a-bit-of-integrity-bytes/



Global Cybergangs Take The ‘Cyber Arms Race’ Lead 
In the release of its first Cyber Crime Assessment report on Thursday (July 7), the U.K.’s National Crime Agency (NCA) said that police and businesses are losing the “cyber arms race” to these sophisticated criminals. 
According to the data, the most significant and advanced threat to the U.K. is actually from a small group of international crooks that use “highly profitable” malware to fuel cyberattacks.
These organized gangs of criminals are able to launch attacks directly at both businesses and individuals. 
According to the report, advertisements — ranging from “DDOS attacks for as low as $5 USD an hour” to “Online tutorials from $20 USD that cover DDOS attacks, cracking Wi-Fi, Crypters and much more” — are just a sample of the offerings posted across the underground marketplace, which it describes as growing bigger, more sophisticated and competitive. 
The intelligence analysts found that malware is becoming “much cheaper and continues to offer a low barrier to entry for cybercriminals looking to steal information,” posing an even greater threat to unsuspecting groups, consumers, private organizations and the government.
Link: http://www.pymnts.com/news/security-and-risk/2016/cybergangs-cyber-arms-race-malware/



Cybercrime Now Surpasses Traditional Crime In UK
Cybercrime is currently outpacing traditional crime in the United Kingdom in terms of impact spurred on by the rapid pace of technology and criminal cyber-capability, according to the UK’s National Crime Agency. 
The trend suggests the need for a more collective response from government, law enforcement, and industry to reduce vulnerabilities and prevent crime, the NCA report says. 
One security expert notes that the cybercrime situation here in the US is even more dire. 
“I think it is more dramatic in the US and I do think cybercrime is a larger industry than narcotics trafficking because of intellectual property theft and secondary infection,” says Tom Kellermann, co-founder and CEO of Strategic Cyber Ventures, which invests in next-generation security technology.
Link: http://www.darkreading.com/threat-intelligence/cybercrime-now-surpasses-traditional-crime-in-uk/d/d-id/1326208



Report: Firms see cyber threats, but not the means to deal with them 
The study, “Taking the Offensive: Working Together to Disrupt Cyber Crime,” was undertaken by international consulting firm KPMG and telecoms group BT. 
While awareness of the threat has never been higher — 73 percent of respondents said digital security was on the agenda of board meetings — most organizations still don’t understand the scale of the threat and aren’t ready for it, according to the report. 
Businesses are struggling to keep their data and systems secure against a backdrop of proliferating attack tools and growing cyber-criminal sophistication—what the report calls a “vast dark market” for cyber crime tools.
Less than a quarter (22 percent) said they were “fully prepared” to combat security breaches by ever-more-agile cyber criminals. 
Nearly half of senior decision makers said they were constrained by regulation and lacked the right skills and people to thwart cyber crime.
Other constraints were organization-specific; 46 percent cited legacy IT systems as an issue and 38 percent identified bureaucratic processes.
Lack of investment and even cultural change within organizations were cited as barriers.
Link: http://fedscoop.com/organizations-fully-aware-of-growing-cyber-threat-but-few-ready-to-deal-with-it-study-finds



Business Intelligence and Data Security: A Double-Edged Sword 
Business intelligence represents great opportunities for businesses that have the right people, processes and technology in place.
According to a recent ComputerWorld survey, 50 percent of respondents are increasing their IT security budget. 41 percent are increasing their analytics investment.
Another survey found that 35 percent of respondents considered security concerns to be the biggest obstacle surrounding data analysis.
The analytics software space is packed with vendors looking to cash in on this opportunity.
Proof positive is how hot the big data market has been over the past several years.
New data frontiers like social media, mobile ecommerce and web content performance represent new challenges and opportunities for insight for companies of all sizes.
Security Information and Event Management systems are powerful analytics solutions in their own right.
The latest security analytics systems are positioned as more advanced than SIEM could offer.
Threat Analytics/Intelligence solutions, delivered via the cloud by companies like FireEye, Palo Alto Networks and Fortinet are seen as the next generation of security intelligence.
Traditional BI vendors collect a lot of data from various repositories such as ERP, CRM and asset management systems, though they have typically left security and threat analytics to the leading vendors in that space.
Sharing business performance information across your company should be carried out on a “need to know” basis.
Providing permission-based access to data visualizations and executive dashboards should be provisioned with consideration of:
Standards-based API’s, certified by credible sources makes for safer analytics hub than coding your own connections.
Analytics engines are often at the center of multiple systems, which makes them a potentially lucrative target for opportunistic hackers.
Since many data breaches are as a result of employee activities, it emphasizes the need to govern access to reporting systems.
Link: http://www.business2community.com/business-intelligence/business-intelligence-data-security-double-edged-sword-01577755#KvjcbYs2JVLiiH8q.97



8 Ways Ethically Compromised Employees Compromise Security
The fact is that there are always a few bad apples in the barrel, and when it comes to employees—whether IT or your typical corporate user—the bad actors can introduce a lot of risk to the organization.
But some IT executives may not realize just how many potential bad apples there can be, depending on the circumstances. 
Here are a few statistics that show how prevalent shaky ethics really are in the workplace.
Link: http://www.darkreading.com/threat-intelligence/8-ways-ethically-compromised-employees-compromise-security/d/d-id/1326196

Sunday, July 10, 2016

Security Industry News - 2016-07-10

Table of Contents

  • Novosco buys UK IT security services firm NetDef
  • Independent Research Firm Cites BeyondTrust as a Leader in Privileged Identity Management Report
  • Thai companies beef up security as malware threats evolve
  • Kaspersky ATM security solution promises big malware defense in a small package
  • Cybersecurity firms step up intel sharing despite issues of trust
  • Skyport interacts with Cisco ACI
  • European tech investors spot safe havens from Brexit worries
  • Why FireEye Is A Toxic Investment
  • UPDATED: Michael Yell joins RSA



Novosco buys UK IT security services firm NetDef
UK IT security solutions and managed services company NetDef has been acquired by Irish cloud provider Novosco for a 7-figure sum.
The deal will expand Novosco's workforce to 140 and expand its UK business.
Link: http://www.telecompaper.com/news/novosco-buys-uk-it-security-services-firm-netdef—1152320



Independent Research Firm Cites BeyondTrust as a Leader in Privileged Identity Management Report 
PHOENIX—(BUSINESS WIRE)—BeyondTrust,
the leading cyber security company dedicated to preventing privilege
abuse and stopping unauthorized access, today announced it has been
named a Leader in The Forrester WaveTM: Privileged Identity
Management, Q3 2016 report.
According to The Forrester Wave, BeyondTrust
excels with its privileged session management capabilities.
Link: http://tucson.com/business/independent-research-firm-cites-beyondtrust-as-a-leader-in-privileged/article_da699be3-f0ae-541e-907a-b1f62a430533.html



Thai companies beef up security as malware threats evolve 
Spending on computer security in Thailand is expected to resume double-digit growth this year, fuelled by the growing sophistication of malware threats and development of the digital economy and the national e-payment system, says a security software firm. 
The surge follows high-single-digit growth in 2015.
No raw figures are available on computer security spending. 
Khongsak Kortrakul, senior manager for technical service at Trend Micro (Thailand), said the growth of malware threats is boosting demand for automated data protection software. 
Companies in Thailand experience about 10 malware incidents a month, with medium-sized enterprises heavily targeted.
Link: http://www.thestar.com.my/tech/tech-news/2016/07/08/companies-beef-up-security-as-malware-threats-evolve/



Kaspersky ATM security solution promises big malware defense in a small package 
Kaspersky Lab recently announced the availability of Kaspersky Embedded Systems Security, a targeted enterprise-grade solution designed to defend ATMs, point-of-sale systems and point-of-service machines against malware attacks. 
The solution works to protect a variety of Windows-based platforms that handle sensitive financial operations, a press release said. 
The solution supports Windows versions from XP up to and including Windows XP Embedded, Windows Embedded 8.0 Standard and Windows 10 IoT.
Additionally, it can run on systems with as little as 256 megabytes of memory and just 50 megabytes of available disk space, Kaspersky said.
Link: http://www.atmmarketplace.com/news/kaspersky-atm-security-solution-promises-big-malware-defense-in-a-small-package/



Cybersecurity firms step up intel sharing despite issues of trust
“We have to win this war together,” said Ben Johnson, chief security strategist of Carbon Black. 
The company is the latest to help pool together security expertise with a new platform called the Detection eXchange. 
In 2014, Palo Alto Networks joined with rivals including Fortinet, Intel Security and Symantec to form the Cyber Threat Alliance.
The vendors are each sharing around 1,000 malware samples each day and using that data to bolster their security products. 
The alliance is still small, with only about eight members, but Howard believes it will be a “game changer” if the group can expand to 50. 
The intelligence sharing fills gaps in what each security vendor knows.
For instance, Palo Alto Networks and Symantec overlap in only about 70 percent of the malware intelligence they share, according to Howard. 
A major fear is that information shared about vulnerabilities or a company's infrastructure may be leaked accidentally to other hackers.
But the pros can outweigh the cons.
Companies Wright has talked to see the benefits of wider collaboration and even expect it from their vendor.
They realize they’re walking a fine line between the risk of sharing too much and potentially stopping the next cyber attack.
Link: http://www.pcworld.com/article/3093477/cybersecurity-firms-step-up-intel-sharing-despite-issues-of-trust.html



Skyport interacts with Cisco ACI 
Skyport's SkySecure converged system brings together zero trust compute, virtualization and a full stack of security technologies.
It logs all traffic at a forensically auditable level, enabling users to see where traffic originates, where it is headed, whether it was allowed or not, what policy allowed or blocked it, and when and who put that policy into action.
Remote management capability allows users to easily secure branch infrastructure without firewalls, proxies, MPLS or other security measures.
Link: http://www.convergedigest.com/2016/07/skyport-interoperates-with-cisco-aci.html



European tech investors spot safe havens from Brexit worries 
Technology investors seeking refuge after Brexit are picking companies delivering instant access to services for Web and mobile customers or firms mainly doing business globally which can benefit from the pound's fall. 
They are shying away from hardware makers or e-commerce suppliers with sizeable UK sales, which count for less after currency swings driven by Britain's vote to leave the EU. 
Shareholders are also wary of software and services firms getting caught short by budget freezes by customers scrambling to reassess their businesses and resulting slowing economic growth. 
Two UK-based safe havens are ARM Holdings (ARM.L), which licenses chip technology used in most smartphones worldwide, and Sophos (SOPH.L), driven by demand for its computer security software and services, most financial analysts say. 
U.S. names like Salesforce.com (CRM.N) and Red Hat (RHT.N), with long-term subscriptions for Internet-delivered software and little direct exposure to Britain, are safe bets, said Silicon Valley-based analyst Trip Chowdhry.
Amazon.com (AMZN.O) and Apple (AAPL.O), while active in Britain, enjoy strong brands and have sticky subscription business models likely to insulate them from any UK slowdown, he said.
Link: http://www.reuters.com/article/us-britain-eu-tech-results-idUSKCN0ZQ0F2



Why FireEye Is A Toxic Investment 
FireEye investors who have bought the stock in the hopes of an acquisition should consider selling their holdings as none will buy out the company at its asking valuation. 
FireEye has removed its CEO who used to specialize in selling several emerging companies and was spearheading companies like McAfee and Documentum when they were acquired. 
No buyer will pay a premium for FireEye as its expenses have been rising at a faster pace than the revenue, while the debt is also substantial. 
Due to a rapid growth in expenses, FireEye's operating cash flow has slipped deep into the red, which is why no buyer might pay its $30/share asking price. 
FireEye has made a mistake by not accepting two buyout offers this year, while the management shake-up indicates that the board does not intend to sell the company. 
With expenses increasing at a faster rate than revenue, FireEye's business model is currently unsustainable.
Clearly, the company is bleeding money and will continue to do so as the trend above suggests. 
In my opinion, an acquisition would have been the best possible outcome.
However, due to the reasons mentioned above, the chances of the company getting acquired at $30 per share are next to zero now.
Hence, I think investors should stay away from the stock.
Link: http://seekingalpha.com/article/3987377-fireeye-toxic-investment#alt2



UPDATED: Michael Yell joins RSA
Security vendor RSA has appointed a new head of channels and alliances for Asia Pacific and Japan, naming former TeleSign executive Michael Yell to the role. 
Yell joined the company as of June 2016 and will be based at RSA’s Sydney offices. 
The company has recently moved a number of APJ roles to Sydney including channel, inside sales, business unit leads and marketing. 
As part of the role, Yell will be charged with implementing regional channel strategy in the region and managing the company’s partner base.
Link: http://www.arnnet.com.au/article/603160/michael-yell-joins-rsa/

Friday, July 08, 2016

IT Security News - 2017-07-08

Table of Contents

  • Commission boosts cybersecurity industry and steps up efforts to tackle cyber-threats
  • Endpoint and Network Security: The rise of “Defense in Depth”
  • EU to invest €450 million in cybersecurity partnership fund
  • The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges
  • Password Sharing Is a Federal Crime, Appeals Court Rules
  • French internet security report urges use of best practice
  • Meeting the cyberchallenge
  • BT : Industrialisation Of Cybercrime Is Disrupting Digital Enterprises
  • Brian Krebs at TMG Executive Summit: Financial institutions have to empower security leaders
  • Microsoft Cybersecurity Advocates for Coordinated Norms



Commission boosts cybersecurity industry and steps up efforts to tackle cyber-threats 
Since the adoption of the EU Cybersecurity Strategyin 2013, the European Commission has stepped up its efforts to better protect Europeans online.
It has adopted a set of legislative proposals, in particular on network and information security, earmarked more than €600 million of EU investment for research and innovation in cybersecurity projects during the 2014-2020 period, and fostered cybersecurity cooperation within the EU and with partners on the global stage. 
But more work is needed to address the increasing number and complexity of cyber-threats.
This is why the Commission proposes today a series of measures to reinforce cooperation to secure Europe's digital economy and society, and to help develop innovative and secure technologies, products and services throughout the EU. 
The Commission has proposed an action plan to further strengthen Europe’s cyber resilience and its cybersecurity industry.
This includes measures to: 
- Step up cooperationacross Europe
- Support the emerging single market for cybersecurity products and services in the EU
- Establish a contractual public-private partnership (PPP) with industry  
The EU Cybersecurity Strategy and the forthcoming NIS Directive already lay the groundwork for improved EU-level cooperation and cyber resilience. 
The forthcoming NIS Directive establishes two coordination mechanisms:
-  the Cooperation Group which supports strategic cooperation and exchange of relevant information related to cyber incidents among Member States, and
-  the Network of Computer Security Incident Response Teams (so-called CSIRT network) which promotes swift and effective operational cooperation on specific cybersecurity incidents and sharing information about risks.
Link: http://europa.eu/rapid/press-release_MEMO-16-2322_en.htm



Endpoint and Network Security: The rise of “Defense in Depth” 
While there is an important place for network security – the simple fact that no system will ever be 100% secure shines light on the need for additional layers of security.
Often network security solutions are trying to filter dangerous content from reaching vulnerable endpoints, but isn’t it better if we can make the endpoints less vulnerable.
With this in mind, the best strategy is to build security from the endpoint out - reducing the attack surface and building defendable infrastructure. 
While network-based security solutions can attempt to block threats before they hit the endpoint, the major problem with this approach is that companies that rely heavily on network security end up with an “eggshell” security stance – whereby a system is reliant on a single outer shell to protect all of the organization’s data. 
The main difficulty faced by detection solutions is the impossible trade-off between security and usability.
Namely, all threats need to be deeply analyzed, but security teams simply cannot make employees wait while they address these issues, which would reduce productivity and staff morale. 
Intel Security found that more than 30% of organizations disable network-based security features for this exact reason.
Malware authors know this, and therefore will create attacks that simply lay dormant for a period of time to bypass the network sandbox.
This has caused malware to evolve new methods of avoiding networks security products, including:
• Delayed onset
• Detecting virtualized environment
• Checking the number of CPU cores (network sandbox usually only presents one)
• Checking if user is real (monitor mouse movement, etc.)
• Exploiting the virtual environment to escape
The most effective way to complement a strong network defense is by reducing the attack surface of the endpoint. 
1- Removing administrator privileges
2- Application whitelisting
3- Sandboxing
A bank doesn’t leave the vault door open just because they have a security guard on the door – they start from the vault and layer security outward.
If the endpoint isn’t secure, and security admins do not ensure that both systems work in tandem, companies simply risk losing data, intellectual property, resources, money and invaluably, trust – in other words, everything.
Link: http://www.information-management.com/news/security/endpoint-and-network-security-the-rise-of-defense-in-depth-10029240-1.html



EU to invest €450 million in cybersecurity partnership fund
The Commission said that it will invest an initial €450 million in the partnership and expects organisations including national, regional and local government bodies, research centres and academia to invest three times as much. 
The partnership will bring companies together for research into cybersecurity solutions for different sectors including energy, health, transport and finance, the Commission said. 
The Commission will encourage EU countries to make use of cooperation mechanisms which will be established under the new Network and Information Security (NIS) Directive, which is expected to be adopted by the European Parliament this week.
Link: http://www.out-law.com/en/articles/2016/july/eu-to-invest-450-million-in-cybersecurity-partnership-fund/



The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges 
This kernel of wisdom comes from a certain high-tech headhunter in the late 1980s, who passed it on as she was helping her candidates prepare for their next job.
Twenty years later, it showed up again in “What Got You Here Won’t Get You There,” a best-selling business book by Marshall Goldsmith. 
Two Distinct Roles
As recommended in a strategy map for security leaders, successful next-generation CISOs should strive for their information security teams to be perceived by key stakeholders as being strong in both of two distinct roles: 
- Subject matter experts
- Trusted advisers
Four Fundamental Questions
1) What’s the risk? 
2) What’s the annualized risk in the specific context
3) How does an incremental investment quantifiably reduce risk? 
4) How does one investment compare to another
Three Persistent Challenges
1) A language challenge
2) A measurement challenge
3) A communications challenge
Link: https://securityintelligence.com/the-information-security-leader-part-1-two-distinct-roles-four-fundamental-questions-and-three-persistent-challenges/



Password Sharing Is a Federal Crime, Appeals Court Rules 
One of the nation’s most powerful appeals courts ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all “hacking” law that has been widely used to prosecute behavior that bears no resemblance to hacking. 
In this particular instance, the conviction of David Nosal, a former employee of Korn/Ferry International research firm, was upheld by the Ninth Circuit Court of Appeals, who said that Nosal’s use of a former coworker’s password to access one of the firm’s databases was an “unauthorized” use of a computer system under the CFAA. 
At issue is language in the CFAA that makes it illegal to access a computer system “without authorization.” McKeown said that “without authorization” is “an unambiguous, non-technical term that, given its plain and ordinary meaning, means accessing a protected computer without permission.” The question that legal scholars, groups such as the Electronic Frontier Foundation, and dissenting judge Stephen Reinhardt ask is an important one: Authorization from who?
Link: http://motherboard.vice.com/read/password-sharing-is-a-federal-crime



French internet security report urges use of best practice
An official report on internet security in France has urged all players in the sector to follow best practice recommendations for the BGP, DNS and TLS security protocols. 
The Resiliance of the French Internet report also encouraged all those in the sector to prepare themselves against the distributed denial-of-service (DDoS) attacks that have been behind some of the higher-profile failures of internet services. 
The 2015 report, the fifth of its kind, made the following principle recommendations: monitor prefix advertisements, and be prepared to react in case of hijacking; use protocols that support forward secrecy and discontinue the increasingly vulnerable SSLv2 and SHA-1 algorithms; diversify the number of SMTP and DNS servers in order to improve the robustness of the infrastructure; apply best practices to limit the effects of failures and operational errors and pursue the deployment of IPv6, DNSSEC, and RPKI to help develop skills and to anticipate possible operational problems.
Link: http://www.telecompaper.com/news/french-internet-security-report-urges-use-of-best-practice—1152056



Meeting the cyberchallenge 
Each year, the United States falls farther behind in educating K-12 students in science, technology, engineering and math (STEM).
It falls behind in teaching the next generation of technology workers for American companies.
And it falls behind in instructing cybersecurity professionals who will help protect our country.
This deficiency puts our national security at greater risk.
After years of analyzing this challenge, it’s now time for the federal government to act and help address this vulnerability.
Congress should invest in the future by providing adequate resources for K-12 computer science education for the next fiscal year, especially in this transition period between presidential administrations. 
In addition, at a time of increasing cyberthreats and greater complexity in cyberwarfare, the nation also needs skilled cybersecurity.
We now require individuals who can design weapons to support U.S. warfighters and provide cyberdefense for our country’s assets.
Our cyberstrength relative to that of our nation’s adversaries is too vital to ignore.
Link: http://www.washingtontimes.com/news/2016/jul/4/meeting-the-cyberchallenge/



BT : Industrialisation Of Cybercrime Is Disrupting Digital Enterprises 
DALLAS, July 5, 2016 /PRNewswire/—Only a fifth of IT decision makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber-criminals.
The vast majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to new research from BT and KPMG. 
The report, Taking the Offensive - Working together to disrupt digital crime finds that, while 94 per cent of IT decision makers are aware that criminal entrepreneurs are blackmailing and bribing employees to gain access to organisations, roughly half (47 per cent) admit that they don't have a strategy in place to prevent it. 
The report also finds that 97 per cent of respondents experienced a cyber-attack, with half of them reporting an increase in the last two years.
At the same time, 91 per cent of respondents believe they face obstacles in defending against digital attack, with many citing regulatory obstacles, and 44 per cent being concerned about the dependence on third parties for aspects of their response. 
Mark Hughes, CEO Security, BT, said: "The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft.
The twenty-first century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market." 
The BT-KPMG report shows that Chief Digital Risk Officers (CDROs) are now being appointed to hold strategic roles which combine digital expertise with high-level management skills.
With 26 per cent of respondents confirming that a CDRO has already been appointed, the report's data suggests that the security role and accountability for it is being re-examined.
Link: http://www.4-traders.com/BT-GROUP-PLC-11943/news/BT-Industrialisation-Of-Cybercrime-Is-Disrupting-Digital-Enterprises-22632905/



Brian Krebs at TMG Executive Summit: Financial institutions have to empower security leaders
DES MOINES, IA (July 7, 2016) — TMG Executive Summit keynote speaker Brian Krebs told a room full of credit union and community bank leaders that layers of technology are not enough to stop a data breach.
Instead, the investigative reporter insisted, security is only as effective as the people managing it for you. 
“Organizations buy into the idea that doing security right is layering on the right mix of technology software and services, and that this magic combination will block 99 percent of attacks,” said Krebs, mastermind behind the popular Krebs on Security blog. “It’s just not true.
It’s very expensive to do security right, and that’s partly because the actual security of your organization comes from security specialists.” 
It’s not uncommon, Krebs said, for an organization to look at its event logs for the first time after someone like him gives them a call.
He devotes a lot of energy to breach notification.
Comparing the experience of being notified of a breach to the five stages of grief, Krebs says the people he notifies are almost always in denial. “Those with a high degree of security maturity skip through the first stages and go straight to depression,” Krebs said to a roomful of nervous laughter. 
Phishing, he said, is becoming increasingly sophisticated, even though some cybersecurity experts talk about it as a solved problem.
Over a span of three weeks, Krebs notified several different companies of phishing threats facing their C-suites.
He had seen actual communications spoofing CEO email addresses on the dark web.
No one from any of these vulnerable organizations returned his calls. 
Krebs concluded his hour-long talk by coming back to his point about the importance of human security leadership.
The head of security, Krebs advised, should always report to the COO, CEO or the board of directors.
Organizations with what he calls a high degree of security maturity have created separation between IT and security: “The surest way to deny your security people any say is to have them report to the head of IT.”
Link: https://www.cuinsight.com/press-release/brian-krebs-tmg-executive-summit-financial-institutions-empower-security-leaders



Microsoft Cybersecurity Advocates for Coordinated Norms 
Microsoft wants new standards for the cybersecurity world, a vision proposed in its recently published paper “From Articulation to Implementation: Enabling Progress on Cybersecurity Norms.” 
Overall, the Microsoft cybersecurity viewpoint emphasizes the need for a consensus across the industry.
Specifically, the company wants to establish norms regarding the effective disclosure of security issues as well as methods to deal with the attribution of hostile acts directed at software. 
What Microsoft wants is a “coordinated disclosure” approach.
This is a variant of responsible disclosure that also allows disclosure to computer emergency response teams (CERTs) along with the vendor.
The company believes that public disclosure should only happen after a patch has been issued and believes this should be the new cybersecurity norm. 
But Juan Andres Guerrero-Saade, a senior security researcher at Kaspersky Lab, may have identified a problem with trying to establish any norms.
He told SecurityWeek that “the whole concept of norms assumes that they relate to some homogeneous body guided by the same basic principles.
That clearly isn’t so in cyberspace.”
Link: https://securityintelligence.com/news/microsoft-cybersecurity-advocates-for-coordinated-norms/

Thursday, July 07, 2016

Security Industry News - 2016-07-07

Table of Contents

  • 10 cutting-edge tools that take endpoint security to a new level
  • mindSHIFT unveils new proactive IT security offerings to protect customers' information
  • Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice
  • Despite Decline, FireEye Is Still Not Cheap
  • Faraday: Collaborative pen test and vulnerability management platform
  • Faraday: Collaborative pen test and vulnerability management platform
  • UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines
  • Twistlock Secures $10 Million in Series A Funding
  • Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution
  • Report: Here's Who FireEye Could Be Eyeing For An Acquisition
  • Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
  • Worldwide cloud IT infrastructure revenue grows to $6.6 billion
  • Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company
  • Antivirus merger: Avast to buy AVG for $1.3 billion
  • Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out
  • Cyphort Strengthens Management Team with Two New Executive Hires
  • Palo Alto offers $16,000 in looming CTF hack off



10 cutting-edge tools that take endpoint security to a new level
The 10 products we tested in this review go beyond proactive monitoring and endpoint protection and look more closely at threats.
They evaluate these threats in a larger ecosystem, combining the best aspects from network intrusion detection and examining the individual process level on each computer.
That is a tall order, to be sure. 
Evidence of how important this product category has become is Microsoft's latest entry, called Windows Defender Advanced Threat Protection.
Announced at the RSA show in March, it will be slowly rolled out to all Windows 10 users (whether they want it or not, thanks to Windows Update).
Basically what Microsoft is doing is turning every endpoint into a sensor and sending this information to its cloud-based detection service called Security Graph.
No remediation feature has been announced to work with this yet. 
Besides Microsoft, there are many products to choose from.
We looked at Outlier Security, Cybereason, Sentinel One, Stormshield SES, ForeScout CounterAct, Promisec PEM, CounterTack Sentinel, CrowdStrike Falcon Host, Guidance Software Encase, and Comodo Advanced Endpoint Protection. (BufferZone, Deep Instinct, enSilo, Triumfant, ThreatStop and Ziften declined to participate.) 
The best products combine both hunting and gathering approaches and also look at what happens across your network, tie into various security event feeds produced by both internal systems and external malware collectors, work both online and offline across a wide variety of endpoint operating systems and versions, and examine your endpoints in near real-time. 
As you might suspect, no one product does everything.
You will have to make compromises, depending on what other security tools you already have installed and the skill levels of your staff.
Because of this, we weren't able to score each product numerically or award an overall winner.
Link: http://www.infoworld.com/article/3091100/endpoint-protection/10-cutting-edge-tools-that-take-endpoint-security-to-a-new-level.html



mindSHIFT unveils new proactive IT security offerings to protect customers' information 
STERLING, Va., July 6, 2016 /PRNewswire/—mindSHIFT Technologies, Inc., a Ricoh company, today announced the launch of mindSHIFT IT Security, Risk and Compliance Services.
This latest addition to mindSHIFT's robust IT services portfolio will enable customers to take a proactive approach to information security. 
Available to customers today, mindSHIFT's IT Security, Risk and Compliance Services consist of three distinct services to help organizations identify and mitigate risk from security breaches, cyberattacks, rogue employees and to help organizations achieve compliance with federal, state and industry regulations.
These services include External Vulnerability Assessments, Penetration Testing and Cybersecurity Risk Assessments.
Link: http://finance.yahoo.com/news/mindshift-unveils-proactive-security-offerings-133000140.html



Kroll Names J. Andrew Valentine Associate Managing Director in Cyber Security and Investigations Practice 
Kroll (“the Company”), a global leader in risk mitigation, compliance, security, and incident response solutions, today announced the appointment of J.
Andrew Valentine as an Associate Managing Director in its Cyber Security and Investigations practice.
With a wide range of experiences and skills that bridge the private sector and law enforcement, Valentine is a highly accomplished practitioner as well as a recognized thought leader, author, and speaker on computer crime and cyber security.
He has managed numerous high-profile criminal forensic and data breach investigations in the United States and internationally, where his work proved instrumental in the arrests and successful prosecutions of notorious hackers and criminals. 
Over the course of a 14-year career, Valentine became well-versed in criminal and civil investigative requirements, including computer forensics, evidentiary procedures, and fact-finding techniques, during his service with the Florida Department of Law Enforcement’s Computer Crime Center and with Verizon/Cybertrust.
He has regularly collaborated with government and state/provincial law enforcement agencies worldwide, including the Federal Bureau of Investigation, U.S.
Secret Service, and Department of Homeland Security.
Adept at making a complex and challenging subject matter clear and comprehensible, Valentine has served as an expert witness in criminal and civil trials.
Link: http://finance.yahoo.com/news/kroll-names-j-andrew-valentine-155300383.html



Despite Decline, FireEye Is Still Not Cheap 
FireEye’s economic earnings, the true cash flows of the business, have declined from -$40 million in 2012 to -$587 million over the trailing twelve months.
By removing stock based compensation expense, FEYE is able to report non-GAAP results that, while not positive, are improving year-over-year while the true profits are declining. 
With shares now greatly overvalued plus large profit losses and strong competition, FireEye (NASDAQ:FEYE) is this week's Danger Zone pick. 
The security industry is highly competitive and FEYE faces significant challenges from each of its competitors.
As noted in the company's 10-K, competition comes from Cisco (NASDAQ:CSCO), Juniper (NYSE:JNPR), Intel (NASDAQ:INTC), IBM (NYSE:IBM), and Palo Alto Networks (NYSE:PANW), among others.
Figure 3 makes it clear that FEYE's competition have higher margins and ROICs.
With such negative profitability, FireEye has competitive disadvantages in the form of less capacity to invest in product development and less pricing flexibility. 
More recently, in 1Q16, revenue grew by 34% year-over-year.
However, cost of revenues grew 37%, R&D grew 31%, and general and administrative costs grew 30% year-over-year.
In order to buy into the bull case, one must believe FEYE can significantly cut costs in order to improve margins, while simultaneously growing revenue to maintain the "growth story" initially sold to the market.
Link: http://seekingalpha.com/article/3986664-despite-decline-fireeye-still-cheap?auth_param=137vrm:1bnqfrk:d48164696a98d79d229d4e247763caad&uprof=45&dr=1



Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



Faraday: Collaborative pen test and vulnerability management platform 
Faraday is an integrated multi-user penetration testing environment that maps and leverages all the knowledge you generate in real time.
It gives CISOs a better overview of their team’s job, tools and results.
You can run it on Windows, Linux and OS X. 
The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multi-user way.
Faraday supports more than 50 tools, including Burp Suite, w3af, Maltego, Metasploit, Qualysguard, Nessus, Netsparker, and Shodan. 
Radical changes to the tool – how looks and behaves – are in the works.
One is a brand new GTK interface, which will replace the old QT3-based one, and will make the tool more stable as well as more pleasant to use.
Link: https://www.helpnetsecurity.com/2016/07/06/faraday-pen-test/



UpGuard Becomes Member of the Center for Internet Security, Develops Solution to Help Businesses Meet CIS Guidelines 
MOUNTAIN VIEW, CA—(Marketwired - Jul 6, 2016) -  UpGuard today announced that it has become a member of the Center for Internet Security (CIS), and will continue to help businesses expand visibility into their cyber risk by providing hardening benchmarks to all customers.
By incorporating these benchmarks, UpGuard's CSTAR solution builds on its lead in providing the most complete assessment of both internal and external cyber risk.
Link: http://finance.yahoo.com/news/upguard-becomes-member-center-internet-160000777.html



Twistlock Secures $10 Million in Series A Funding 
SAN FRANCISCO, CA—(Marketwired - Jul 6, 2016) - Twistlock, the leading provider of security solutions for virtual containers, today announced it has completed a $10 million round of funding led by TenEleven Ventures.
The round was completed with strong support from new investor Rally Ventures and existing backers YL Ventures and a strategic venture firm. 
Twistlock also announced that Alex Doll, founder of TenEleven Ventures, has joined its board of directors.
Alex is a long-time security industry veteran who cofounded PGP Corporation and currently is an investor in and director of several high-growth cybersecurity companies, including CounterTack, Cylance and Ping Identity.
Link: http://finance.yahoo.com/news/twistlock-secures-10-million-series-113000696.html



Ixia Combines Visibility and Test Technology to Speed Network Fault Isolation and Outage Resolution 
Ixia, a leading provider of network testing, visibility, and security solutions, today announced TrafficREWIND™, a new solution that captures traffic patterns from a production network and accurately recreates them in a controlled sand-box environment.
TrafficREWIND, based on new patent pending technology, enables enterprises, service providers, and network equipment manufacturers to dramatically speed fault isolation and outage resolution with real world testing.
Ixia is planning a demonstration of TrafficREWIND at Cisco Live (Booth #3019) in Las Vegas 2016, July 10th – 14th. 
TrafficREWIND leverages the advanced functionality of several of the company’s solutions, including the Vision ONE™ network visibility solution to capture production network traffic profiles, the BreakingPoint™ testing platform to replay the traffic in a controlled environment such as a pre-deployment lab or a staged network, as well as Ixia’s Application and Threat Intelligence (ATI) technology for advanced threat intelligence. 
Ixia’s BreakingPoint validates the stability, accuracy, and quality of networks and network devices.
Adding TrafficREWIND enables customers to review past production traffic conditions and replay them, plan for the future by scaling or changing traffic dynamics, and freeze time to examine a specific incident at the exact moment it happened, for rapid fault analysis.
Link: http://finance.yahoo.com/news/ixia-combines-visibility-test-technology-173700737.html



Report: Here's Who FireEye Could Be Eyeing For An Acquisition 
After making two acquisitions earlier this year, a report by financial services company The Cowen Group speculated that FireEye could be on the acquisition trail again.
- Bromium
- ForeScout Technologies  
- Cato Networks
- Securonix
Cowen report aside, rumors have again emerged that FireEye could be the target of a buyout bid itself.
Link: http://www.crn.com/slide-shows/security/300081243/report-heres-who-fireeye-could-be-eyeing-for-an-acquisition.htm/pgno/0/1



Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio 
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report. 
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share. 
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats. 
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.” 
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace. 
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security



Worldwide cloud IT infrastructure revenue grows to $6.6 billion 
Vendor revenue from sales of infrastructure products (server, storage, and Ethernet switch) for cloud IT, including public and private cloud, grew by 3.9% year over year to $6.6 billion in the first quarter of 2016 (1Q16) on slowed demand from the hyperscale public cloud sector, according to the IDC. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion. 
Total cloud IT infrastructure revenues climbed to a 32.3% share of overall IT revenues in 1Q16, up from 30.2% a year ago.
Revenue from infrastructure sales to private cloud grew by 6.8% to $2.8 billion, and to public cloud by 1.9% to $3.9 billion.
Link: https://www.helpnetsecurity.com/2016/07/07/worldwide-cloud-it-infrastructure/



Fusion Wins $1.3 Million Contract to Provide Cloud Services to Leading Cybersecurity Company 
NEW YORK, NY—(Marketwired - July 07, 2016) - Fusion (FSNN), a leading provider of cloud services, today announced that it has been selected to provide a fully integrated suite of advanced cloud solutions to an award-winning cybersecurity company.
The company, well recognized for its innovative cybersecurity solutions, has specialized in advanced threat detection, analysis and remediation for more than twenty years.
The cybersecurity leader cited Fusion's fully redundant and diverse cloud network, its secure data centers, and its built-in business continuity and disaster recovery solutions as primary reasons for awarding Fusion the contract, which has a minimum three year term.
The contract is expected to generate more than $1.3 million in cloud-based services revenue. 
In addition to selecting Fusion for its cloud voice services, dedicated Internet access and a powerful managed cloud network solution connecting three of the company's sites, the cybersecurity company trusted Fusion to provide a secure Data Center Service solution, which houses the company's cloud applications, servers and additional business-critical equipment in a fully certified data center.
Further, the cybersecurity company wanted to maintain control over its service environment and was impressed with Fusion's powerful management portals, including a voice portal that allows the company to distribute its calls across multiple sites, lowering costs while guaranteeing that communications can continue to flow during peak periods or unforeseen service interruptions.
The company was looking for a single source cloud solutions provider and found it in Fusion, ensuring that service delivery is seamlessly and securely delivered through one contract and managed through one experienced point of contact.
Link: http://finance.yahoo.com/news/fusion-wins-1-3-million-124625349.html



Antivirus merger: Avast to buy AVG for $1.3 billion 
The deal will give Avast access to more than 400 million "endpoints," or devices running its and AVG's software, 160 million of them phones or tablets, the company said Thursday. 
Avast hopes the deal will make the combined company more efficient, as well as allowing it to take advantage of new growth opportunities such as securing the internet of things.
Link: http://www.computerworld.com/article/3092501/security/antivirus-merger-avast-to-buy-avg-for-13-billion.html?token=%23tk.CTWNLE_nlt_computerworld_dailynews_2016-07-07&idg_eid=d5d8326c323742a4ed7bf4fd3d



Duelling Unicorns: CrowdStrike Vs. Cylance In Brutal Battle To Knock Hackers Out 
Stuart McClure, goateed and soft-spoken, is confident and calm as he recites a well-rehearsed pitch on how his company, Cylance, is using artificial intelligence to shake up the antivirus industry. “We block 99.9% of the attacks out there,” he says, sounding like he’s selling a bottle of Purell. “Response to our product has been so overwhelming that we’re almost compelled to accelerate expansion so everyone can get their hands on it.” 
McClure has a lot to be confident about: In June his nearly four-year-old, 420-employee company was valued at $1 billion after raising a $100 million Series D round from Blackstone Tactical Opportunities and Insight Venture Partners.
But mention the name George Kurtz, his former partner and the current CEO of rival unicorn CrowdStrike, and the even-keeled 47-year-old security entrepreneur loses his cool. “George is a major competitor, and he’ll say anything to stop you from writing a story like this,” McClure says in a burst. “We’re beating him constantly in the market because he doesn’t do anything around prevention–they only do detection, and they don’t do it all that well.” 
McClure and Kurtz – once pals, partners and bestselling coauthors – are now fierce competitors. 
The race is on for Cylance and CrowdStrike - as well as other richly-valued security startups like FireEye and Palo Alto Networks – to convince corporate clients that their software will keep out the criminals in the cheapest and most efficient way possible. 
Cylance acts like a border guard, blocking shady actors before they enter the network. 
CrowdStrike, meanwhile, is a digital cop, patrolling networks for suspicious behavior. 
As for their bestselling book, Hacking Exposed, McClure says Kurtz’s name should never have been on it: “He wrote one chapter, but he makes it sound like it’s his book.
I gave him the book cover because I’m a nice guy.” Kurtz responded: “The claim that I wrote one chapter is not true.
I spent six months writing almost a third of the book.”
Link: http://www.forbes.com/sites/thomasbrewster/2016/07/06/duelling-unicorns-crowdstrike-vs-cylance-in-brutal-battle-to-knock-hackers-out/#16c05c4f1211



Cyphort Strengthens Management Team with Two New Executive Hires 
SANTA CLARA, Calif.—(BUSINESS WIRE)—Cyphort, the next generation Advanced Persistent Threat (APT) defense company, today announced it has hired Gord Boyce as Chief Customer Officer and Franklyn Jones as Vice President of Marketing.
Both Boyce and Jones offer decades of experience with technology leadership and will have oversight of the strategic direction and operation of their respective sales and marketing teams.
Boyce and Jones will report to Manoj Leelanivas, president and CEO. 
A high-tech veteran, Gord Boyce brings nearly 25 years of industry experience to Cyphort.
Prior to Cyphort, Boyce was CEO of file security company FinalCode, and CEO of network security and continuous monitoring company ForeScout Technologies.
He joined ForeScout as SVP of Worldwide Sales and Marketing, helping the company to expand its global channel, strategic partner base and market share.
Under his tenure, the company’s enterprise customer base increased from 200 to well over 1500 globally, including some of the world’s largest financial and military organizations.
Prior to ForeScout, Boyce held several senior management positions within the Nokia Internet Communications group and the Enterprise Solutions business group.
As the Chief Customer Officer for Cyphort, Boyce will be responsible for leading worldwide sales and driving customer engagement programs. 
Franklyn Jones has provided marketing leadership for innovative start-ups and established market leaders for more than 25 years.
His experience in cybersecurity includes CMO of Spikes Security, VP of Marketing at Bromium and nearly five years at Palo Alto Networks, which included helping launch and lead the company’s revenue growth in EMEA.
Jones also ran Solutions Marketing at Blue Coat Systems, helping the company accelerate its revenue growth and expand its leadership in the secure web gateway market.
In his role as Vice President of Marketing at Cyphort, Jones will be responsible for all aspects of corporate, product, and channel marketing, with a goal of accelerating Cyphort’s growth in the market.
Link: http://www.businesswire.com/news/home/20160707005166/en/Cyphort-Strengthens-Management-Team-Executive-Hires



Palo Alto offers $16,000 in looming CTF hack off 
In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials. 
The first to solve all six challenges will receive US$5000 (£3866, A$6640), and can score six lots of US$1000 (£773, A$1328) if they are also the first to complete each individual track.
Each track in the CTF dubbed LabyREnth will test competitor's abilities in disciplines including reverse engineering, programming, and threat intelligence. 
The tracks, designed by Palo Alto's @Unit42's Richard Wartell (@wartortell) will become increasingly difficult over time.
Link: http://www.theregister.co.uk/2016/07/07/palo_alto_offers_16000_in_looming_ctf_hack_off/

Incident Response Newsalert - 2016-07-07

Table of Contents

  Breach Secure Now!’s New Breach Prevention Platform Provides MSPs with Tools to Minimize the Chance of Client Data Breaches
  Data Breach Digest: Breach trends that will define incident response
  Risk analytics market to experience serious growth
  Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
  Corax Selects Splice Machine’s Dual-Engine RDBMS to Deliver Faster, Real-Time Cyber Security Analytics to its Customers
  Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio

Breach Secure Now!’s New Breach Prevention Platform Provides MSPs with Tools to Minimize the Chance of Client Data Breaches
Breach Secure Now! has released its highly anticipated Breach Prevention Platform, a suite of security tools to help MSPs reduce the likelihood of their clients having a data breach.
MSPs can add these breach prevention tools to their portfolio of IT services, and offer them to clients under their own label.
Breach Prevention Platform sits behind the MSP’s branded security portal and lets clients access a variety of tools, from automated security risk assessments (SRA) and simulated phishing attacks to security policies and ongoing employee security training.
A new addition to the Breach Prevention Platform is the variety of employee security training tools, since the majority of breaches happen due to human error.
The security training starts with an overview of security threats, such as phishing scams, ransomware, social media hoaxes, hackable wifi, etc., and the information is bolstered with ongoing lessons aimed at reinforcing the initial material.
As an option, MSPs can add $100,000 of financial protection and breach response services to the Breach Prevention Platform.
These value-added services can provide the critical help their clients will need to survive and recover if a breach does occur.
The breach response services supplement the services MSPs already provide to their clients.
Unlike the MSP’s typical security offerings of firewalls, anti-virus and security patches that are invisible to clients, Breach Prevention Platform is customer-facing and interactive.
Link: http://www.pressreleaserocket.net/breach-secure-nows-new-breach-prevention-platform-provides-msps-with-tools-to-minimize-the-chance-of-client-data-breaches/467332/

Data Breach Digest: Breach trends that will define incident response
Along with being a great way to make sense of the major security news we see every day, a key part of effective breach response is being able to anticipate the emerging threats and effectively integrate them into the incident response process.
The following reviews a few of our 2015 predictions to see how they fared and some fresh threats for businesses to consider:
EMV Chip and PIN Liability Shift Will Not Stop Payment Breaches
The Healthcare Industry Will Face New Attacks and Stay in the Crosshairs
Cyber Conflicts Between Countries Will Leave Consumers and Businesses as Collateral Damage
The first half of 2016 has also presented several threats that companies must be on the lookout to address:
Phishing for Data (Not Malware)
Username and Password Hacks Are Back in Style
Corporate Extortion
Link: http://www.securityinfowatch.com/article/12228883/data-breach-digest-breach-trends-that-will-define-incident-response

Risk analytics market to experience serious growth
The risk analytics market is estimated to grow from USD 16.55 billion in 2016 to USD 30.18 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.8%, according to MarketsandMarkets.
The major vendors in the Risk Analytics Market include IBM, SAP, SAS Institute, Oracle, FIS Global, and Verisk Analytics, along with others.
The GRC software is expected to dominate the market from 2016 to 2021.
This is due to the fact that this software empowers organizations with the ability to identify, manage, monitor, and analyze risk and compliance across the enterprise in a single integrated solution.
Scorecard and visualization tools software is expected to gain traction in the next five years as it enables representation of multi-dimensional data to enhance the quality of analysis and insight by facilitating rapid and accurate observations.
The manufacturing segment is expected to grow at a rapid rate from 2016 to 2021 in the Risk Analytics Market.
The high growth rate can be attributed to the rapidly changing customer expectations, fierce market competition, and stringent regulatory constraints faced by the manufacturing industries.
North America is expected to have the largest market share and dominate the Risk Analytics Market from 2016 to 2021, due to increasing adoption of risk analytics software and services by organizations in order to safeguard their businesses from losses and also because of the stern non-compliance measures adopted by the government and various regulatory bodies in this region.
APAC offers potential growth opportunities due to the rise in technology penetration and presence of large number of SMEs which are under tremendous competitive pressure from large enterprises.
Link: https://www.helpnetsecurity.com/2016/07/06/risk-analytics-market/

Diagnosis SOC-atrophy: What To Do When Your Security Operation Center Gets Sick
Congratulations, you’re the new CISO.
Whether you have served in the role previously or it’s new to you, you’ll be asked to observe your new organization, to develop a 100-day plan, to evaluate people, processes, and technology, and of course you’ll need to tell the CEO where you would attack the organization and how you will protect against that.
It’s a daunting and exciting task to be the new CISO.
Your SOC became sick for several reasons.

The technology you have is antiquated and completely signature-based, best suited for static threats, not advanced threats.
While signature-based solutions have a role, it’s a secondary protection role.
The organization failed to keep up with technology and the evolving threat.
For years, the organization has relied on incremental funding.
This budget strategy has a typical result; a disparate mix of capabilities purchased individually as security silos without consideration for how the capabilities will work together.
The tools don’t work together.
It’s an integration nightmare!
Your goal now is to bring it back to a healthy state.
Here are five strategies to overcome SOC-atrophy.
- Research to understand all SOC investments.
- Perform a SOC-focused assessment.
- Study the threat landscape.
- Resist the urge to fund your tools piecemeal.
- Encourage cross-organizational collaboration.
Link: http://www.darkreading.com/threat-intelligence/diagnosis-soc-atrophy-what-to-do-when-your-security-operation-center-gets-sick/a/d-id/1326118

Corax Selects Splice Machine’s Dual-Engine RDBMS to Deliver Faster, Real-Time Cyber Security Analytics to its Customers
SAN FRANCISCO, July 6, 2016 /PRNewswire/—Splice Machine, the dual-engine RDBMS for mixed operational and analytical workloads, powered by Hadoop and Spark, today announced that Corax, a startup company that provides cloud-based cyber security operations, analysis and reporting software, has selected Splice Machine to manage its risk quantification calculations, store large datasets and meet future scalability requirements.
Leveraging machine learning and a streamlined user interface, Corax will be able to provide faster, meaningful recommendations to its customers about cyber security actions, investment and insurance, helping them make decisions that prevent cyber crime and data loss.
Splice Machine is a dual-engine RDBMS for mixed operational and analytical workloads, powered by Hadoop and Spark.
Instead of having to synchronize data across multiple compute engines like a traditional Lambda architecture, Corax is able to rely on a less complex architecture with a dual-engine RDBMS, enabling its analytical systems to propagate threat data in real-time, while simultaneously performing compute-heavy analytics jobs – all from one data source.
Link: http://finance.yahoo.com/news/corax-selects-splice-machines-dual-120000362.html

Increased Complexity of Attacks to Create Opportunities for the Global Security Intelligence and Analytics Solutions Market Through 2020, Reports Technavio
LONDON—(BUSINESS WIRE)—Technavio analysts forecast the global security intelligence and analytics solutions market to grow at a CAGR of over 10% during the forecast period, according to their latest report.
The research study covers the present scenario and growth prospects of the global security intelligence and analytics solutions market for 2016-2020.
The report also lists security intelligence and security analytics as the two main product segments, with security intelligence accounting for more than 71% of the market share.
Most internet service providers have a distributed architecture hence, a security solution at the network level cannot limit the threat of attacks.
Most attacks on systems originate from the web.
For consumers, most threats are sourced from web interactions and peer-to-peer usage.
As these threats target specific systems, they are difficult to detect and prevent at the network level.
Therefore, end-users are increasingly adopting security intelligence and analytics solutions at a rapid pace, as these solutions help in detecting and eliminating the threats.
According to Amrita Choudhury, a lead analyst at Technavio for IT security research, “Security breaches pose the threat of loss of end-user data and will lead potential customers away from the company as well as erode the brand image and equity of the company.
Thus, investments in threat intelligence security have considerably increased due to increased need for enterprises to preserve their reputation and brand image.”
The complexity of threats directed toward end-users is increasing.
For instance, threats such as advanced persistent threats are on the rise.
Unlike the traditional threats that were individual in nature and were targeted at a single system, these threats are targeted at a whole setup.
Furthermore, they have the capability to bring down the infrastructure of a whole entity.
Hence, to counter these attacks, which are increasing in both frequency and complexity, end-users are adopting security analytics solutions at a rapid pace.
Growing use of mobile devices such as laptops, smartphones, and other handheld devices is contributing to the growth of the market.
The increased use of mobile devices leads to the storage of critical information and easy access to this information.
This increases the need to protect these devices.
Link: http://www.businesswire.com/news/home/20160705005292/en/Increased-Complexity-Attacks-Create-Opportunities-Global-Security

Friday, April 24, 2015

Newsalert - 2015 Apr 23

Threat intelligence programs maturing despite staffing, tech obstacles
During a Tuesday session at RSA Conference 2015, entitled “Threat Intelligence is Like Three-Day Potty Training,” Forrester Principal Analyst Rick Holland used the analogy to highlight how threat intelligence is increasingly becoming a requirement for enterprises, but building a program and advancing it to the point where it supports an organization’s strategic objectives often takes much longer than anticipated.
Citing data from Forrester’s 2014 global security survey, Holland said that for the past two years more than three-quarters of North American enterprises said establishing or improving threat intelligence was a priority in the next 12 months.
Link: [ http://searchsecurity.techtarget.com/news/4500244809/Threat-intelligence-programs-maturing-despite-staffing-tech-obstacles ] ( http://searchsecurity.techtarget.com/news/4500244809/Threat-intelligence-programs-maturing-despite-staffing-tech-obstacles )

IDC Analysts Identify IT Security Trends at RSA
in the world of cyber-fraud (or “consumer cyber security”), intelligence has not significantly advanced in recent years. While in the world of enterprise security, advanced threat intelligence identifies IOCs, TTPs, and causes pain to the threat actor, in the world of fraud, intelligence has remained superficial – here’s a compromised credit card number, or here’s a ZeuS hash. No depth or insight. In the world of fraud, we receive disconnected data points for the most part.
Link: [ http://pulseblog.emc.com/2015/04/22/the-need-for-advanced-fraud-intelligence/ ] ( http://pulseblog.emc.com/2015/04/22/the-need-for-advanced-fraud-intelligence/ )

IRC Botnets alive, effective & evolving
In this era of sophisticated Botnets with multiple C&C communication channels, custom protocols, and encrypted communication; we continue to see a steady number of new IRC based Botnet payloads being pushed out in the wild on a regular basis. As we saw in our analysis, IRC based Botnet families continue to evolve in terms of sophisticated features incorporated in the bots.
Link: [ http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html?m=1 ] ( http://research.zscaler.com/2015/04/irc-botnets-alive-effective-evolving.html?m=1 )

5 Overlooked IT Risk Management Issues That Can Bite You In The Budget
The cold, stark reality of IT budgeting is that there are plenty of IT risk management issues that can easily be overlooked … and end up biting you in the budget. Here are five to put on the agenda for your next IT staff meeting so that you don’t find yourself footing an unexpected (and nasty) bill later in the fiscal year.
Link: [ http://www.forbes.com/sites/sungardas/2015/04/22/5-overlooked-it-risk-management-issues-that-can-bite-you-in-the-budget/ ] ( http://www.forbes.com/sites/sungardas/2015/04/22/5-overlooked-it-risk-management-issues-that-can-bite-you-in-the-budget/ )

New F-Secure Report Warns of Growth in Extortion Malware
New research from cyber security firm F-Secure points to an increase in the amount of malware designed to extort money from unsuspecting mobile phone and PC users. New F-Secure Report Warns of Growth in Extortion Malware According to the new Threat Report, malware such as premium SMS message sending trojans and ransomware continue to spread, making them a notable presence in today’s digital threat landscape.
Link: [ http://www.reuters.com/article/2015/04/23/idUSnMKWHJ1bYa+1f2+MKW20150423 ] ( http://www.reuters.com/article/2015/04/23/idUSnMKWHJ1bYa+1f2+MKW20150423 )

Conficker remains top of the threats as existing malware for Windows dominates
Android is still the main target for mobile malware, with 61 new families discovered compared to only three for iOS. The fastest growth has been in malware that sends premium SMS messages. Ransomware is still growing too, the Koler and Slocker trojans being the largest ransomware families on Android.
Looked at geographically, most threats reported by F-Secure users in the second half of 2014 originated from Europe and Asia, but in the last six months the company saw more activity reported in South America.
Link: [ http://betanews.com/2015/04/23/conficker-remains-top-of-the-threats-as-existing-malware-for-windows-dominates/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN ] ( http://betanews.com/2015/04/23/conficker-remains-top-of-the-threats-as-existing-malware-for-windows-dominates/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN )

Mobile malware infections may be overhyped
Mobile users in the US are 1.3 times more likely to be struck by lightning than malware, new research has found.
Atlanta-based security firm, Damballa, has released data at the RSA conference in San Francisco that suggests the problem of mobile malware has been overemphasised.
Link: [ http://www.arnnet.com.au/article/573309/mobile-malware-infections-may-overhyped/?fp=2&fpid=1 ] ( http://www.arnnet.com.au/article/573309/mobile-malware-infections-may-overhyped/?fp=2&fpid=1 )

Kaspersky Lab Finds “Darwin Nuke” Vulnerability in OS X and iOS
The “Darwin Nuke” vulnerability is exploited while processing an IP packet of specific size and with invalid IP options. Remote attackers can initiate a DoS (denial of service) attack on a device with OS X 10.10 or iOS 8, sending an incorrect network packet to the target. After processing the invalid network packet, the system will crash. Kaspersky Lab’s researchers discovered that the system will crash only if the IP packet meets the following conditions:
Link: [ http://www.equitybulls.com/admin/news2006/news_det.asp?id=158598 ] ( http://www.equitybulls.com/admin/news2006/news_det.asp?id=158598 )

Wednesday, April 22, 2015

Newsalert - 2015 Apr 22

**RSA Conference: ThreatStream Announces First Apple Watch App for Managing Threat Intelligence On-the-Go** 
SAN FRANCISCO AND REDWOOD CITY, Calif., April 21, 2015 /PRNewswire/—ThreatStream® (RSA booth #S2727), the leading provider of an enterprise-class threat intelligence platform, today announced the first iOS threat intelligence app for the Apple Watch. The app, which is also available for the iPhone and iPad, provides full access to the ThreatStream Optic threat intelligence platform dashboard and displays, and enables users to take action with a simple tap of the screen or voice command. The new Apple Watch app will be demonstrated in the ThreatStream booth during the RSA Conference (@rsaconference) this week. ThreatStream will also be giving away one Apple Watch a day to visitors who come by their booth. 
**Link:** [  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ] (  http://www.wkrg.com/story/28856933/rsa-conference-threatstream-announces-first-apple-watch-app-for-managing-threat-intelligence-on-the-go  ) 

**Corporate privacy policies are out of step with protecting sensitive data** 
Data protection specialist Druva has released the results of a new study conducted by Dimensional Research which examines companies’ efforts to protect sensitive data, the challenges they face ensuring data privacy and gathers respondent views on protecting data privacy in the cloud. 
Among the findings are that 99 percent of respondents reported having some for of sensitive data, including personal financial, healthcare and authentication-related data, they needed to manage. 84 percent reported plans to boost their efforts to protect the privacy of sensitive data. There are problems with enforcement, however, with almost 84 percent of respondents reporting that employees don’t follow data privacy policies. 
**Link:** [  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ] (  http://betanews.com/2015/04/22/corporate-privacy-policies-are-out-of-step-with-protecting-sensitive-data/  ) 

**Corporate privacy becoming a top business concern in 2015** 
(BPT) – As many as 43 percent of companies experienced a data breach in the past year – a 10 percent increase from last year, according to an annual study conducted by the Ponemon Institute. As companies scramble to keep their names out of the headlines by bolstering up security practices and protocols, it’s important to take a deeper look into the little things you can do to better manage privacy and security within your own company. 
**Link:** [  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ] (  http://www.mymotherlode.com/news/technology/ask-tech/corporate-privacy-business-concern-2015  ) 

**Governor Terry McAuliffe announced today that the Commonwealth of Virginia is establishing the Nation’s first state-level Information Sharing and Analysis Organization (ISAO). ** 
“As Governor McAuliffe’s homeland security advisor, I’m excited that Virginia is leading the ISAO movement and look forward to working alongside our DHS, state, and other cybersecurity partners to help develop standards and best practices for information sharing with the private sector,” said Secretary of Public Safety and Homeland Security Brian Moran. 
**Link:** [  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ] (  https://governor.virginia.gov/newsroom/newsarticle?articleId=8210  ) 

**This month’s second Patch Tuesday brings 34 Windows updates, all optional** 
Today’s list is much larger than normal, with 34 patches all rated Optional, meaning they will not be installed automatically. You have to open Windows Update and manually select one or more updates to install them. 
**Link:** [  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ] (  http://www.zdnet.com/article/this-months-second-patch-tuesday-brings-34-updates-all-optional/?tag=nl.e539&s_cid=e539&ttag=e539&ftag=TRE17cfd61  ) 

**CIO-CSO tension makes businesses stronger** 
“There’s a natural tension between these roles because they have what appear to be different priorities, and because in many larger organizations, the CSO role, and security in general, becomes a higher priority,” says Justin Cerilli, managing director, financial services technology and operations, Russell Reynolds and Associates. 
One of the struggles in achieving this balance and laying the foundation for a good working relationship between CIOs and CSOs is the potential for personality clashes, says Cerilli. Human Resources can and should play a major role in finding leaders who can work well together and put the business’ needs ahead of any personal need for career advancement or recognition, he says. 
**Link:** [  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.cio.com/article/2912625/leadership-management/cio-cso-tension-makes-businesses-stronger.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-22&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**Report: Need better breach crisis? IT manager may not be best bet** 
Companies must have a strategy in place when a data breach occurs, and it looks like IT managers may not be best to handle a breach crisis, according to a new report by Booz Allen Hamilton. Instead, a business savvy leader at the company is better prepared to handle the problem, as they will be prepared to address crisis communications, legal issues, disaster recovery, and other strategic decisions that must be made. 
**Link:** [  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ] (  http://www.tweaktown.com/news/44710/report-need-better-breach-crisis-manager-best-bet/index.html  ) 

**Webroot 2015 Threat Brief Reveals Smarter Threats and Rising Complexity of Cybercrime** 
The data shows that organizations need to bolster their security posture with real-time, highly accurate threat intelligence to protect themselves from cybercriminal activity. This enables them to set proactive policies to automatically protect networks, endpoints, and users as part of a defense-in-depth strategy. This is crucial when security teams consider the threat landscape as a whole, in addition to conducting in-depth analysis on the threats targeting them. Individuals also need to be more vigilant than ever about the websites they visit, the URLs they follow from emails, and the applications and mobile apps that they use. 
**Link:** [  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ] (  http://www.reuters.com/article/2015/04/22/webroot15threatbrief-idUSnPnbjZ3xq+88+PRN20150422  ) 

**Standard Chartered hires former UK surveillance chief to combat cybercrime** 
The Asia-focused bank said Iain Lobban would become a member and senior advisor to the committee responsible for matters including anti-money laundering, sanctions compliance and prevention of corruption. 
**Link:** [  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ] (  http://ca.reuters.com/article/technologyNews/idCAKBN0ND0U020150422  ) 

**NATO cybersecurity drill to focus on hackers** 
TALLINN, Estonia — About 400 computer experts will participate in a major cybersecurity drill in Estonia this week as part of NATO’s efforts to upgrade its capability to counter potentially debilitating hacker attacks, organizers said Tuesday. 
**Link:** [  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ] (  http://www.sfgate.com/world/article/NATO-cybersecurity-drill-to-focus-on-hackers-6214619.php  ) 

**Honeywell : Technology First To Proactively Manage Cyber Security Risk For Industrial Sites; Honeywell’s Cyber Security Risk Manager Gives Industrial Users Real-Time Visibility** 
The Honeywell Industrial Cyber Security Risk Manager, is designed to simplify the task of identifying areas of cyber security risk, providing real-time visibility, understanding and decision support required for action. It monitors and measures cyber security risk in multi-vendor industrial environments. 
**Link:** [  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ] (  http://www.4-traders.com/HONEYWELL-INTERNATIONAL-I-4827/news/Honeywell—Technology-First-To-Proactively-Manage-Cyber-Security-Risk-For-Industrial-Sites-Honeywe-20234050/  ) 

**Nation’s First Incident Management Center for Utilities Launched** 
A new training center to support incident management for the utility industry was announced today at the Western Energy Institute (WEI) Spring Operations Conference in Las Vegas. 
**Link:** [  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ] (  http://www.reuters.com/article/2015/04/21/or-concordia-university-idUSnBw216455a+100+BSW20150421  ) 

**Google, Microsoft serve up security treats for productivity suites** 
Microsoft announced a trio of Office 365 security features, including a new API to feed data into SIEM systems and finer grain encryption for email, while Google has announced new a way for Drive admins to manage two-factor authentication keys for Google Apps at work. 
**Link:** [  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ] (  http://www.cso.com.au/article/573188/google-microsoft-serve-up-security-treats-productivity-suites/  ) 

Tuesday, April 21, 2015

Newsalert - 2015 Apr 21

**Pushdo spamming botnet gains strength again** 
Computers in more than 50 countries are infected with a new version of Pushdo, a spamming botnet that has been around since 2007 and survived several attempts to shut it down. 
The latest version has been pushing Fareit, which is malware that steals login credentials, and Cutwail, a spam engine module. It has also been used to distribute online banking menaces such as Dyre and Zeus. 
Using an elaborate algorithm, the secondary system generates 30 domains names a day that an infected computer can try to contact, according to an advisory on Fidelis’s blog. Fidelis reverse-engineered the algorithm that generates those domain names, allowing it to register some of the domains. 
**Link:** [  http://www.itworld.com/article/2912535/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news  ] (  http://www.itworld.com/article/2912535/pushdo-spamming-botnet-gains-strength-again.html#tk.rss_news  ) 

**Study Uncovers Fears of Potential Domino Effect from Cyberattacks** 
RedSeal (redseal.co) unveiled its comprehensive survey of high-ranking executives that vividly illustrates widespread concern regarding the potential effects of cyberattacks in corporate America. Most of the C-level professionals surveyed readily acknowledge that a coordinated assault launched by sophisticated cybercriminals would wreak ongoing havoc on business operations, cause considerable harm to a brand, and potentially affect related companies, even entire industries. In addition, many also point out that in the networked economy, containing the problems caused by a sustained network attack will be very difficult. In fact, a major network disruption at a single company or network can easily disrupt or even wreak havoc on a local, state, national and even global level.
The vast majority of the executives surveyed, 74%, acknowledge that cyberattacks on networks of U.S. organizations can cause “serious damage or disruption,” and most of the rest, 21%, admit to fears of “significant damage or disruption.” More specifically, almost 80% admit that such attacks can inflict “serious impacts to business profitability and growth,” and bring about “serious brand damage.” A large number, 45%, also related personnel concerns, saying such events will lead to a “big hit on employee productivity.” More than 43% also predict business downtime, while more than 41% fear “internal/organizational disruption or chaos.” 
In fact, the idea of a domino effect—one successful attack on one network leading directly to attacks on different networks in diverse but connected sectors of the economy—clearly resonated strongly with the executives surveyed. More than half the respondents, 52%, singled out “defense systems” as being potentially affected by a cyber-criminal incident or data breach, while 45% cited “border security.” And taking a big picture approach, a significant 59% said such attacks will take their toll on “economic security.” 
Link:  [ http://www.darkreading.com/attacks-breaches/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks/d/d-id/1320053 ] (http://www.darkreading.com/attacks-breaches/study-uncovers-fears-of-potential-domino-effect-from-cyberattacks/d/d-id/1320053 )

**Investment Advisers: Six Areas of Focus for SEC Cybersecurity Exams** 
The U.S. Securities and Exchange Commission (SEC), in an effort to consistently reinforce its expectations in the area of cyber risk management, last year issued a cybersecurity-dedicated Risk Alert, as well as other communications to address the growing number and complexity of cybersecurity risks facing investment advisers (IAs). The alert, issued by the Office of Compliance Inspections and Examinations (OCIE)¹, highlights the SEC’s cybersecurity initiative, including a sweep of more than 50 registered IAs and broker-dealers focusing on cybersecurity.² 
he alert also provides a sample document request that lists six primary areas that the OCIE plans to evaluate during cybersecurity exams and the processes and controls examiners expect IAs to have in place to address threats, including those related to networks and information, remote customer access and vendors and other third parties.   
**Link:** [  http://deloitte.wsj.com/riskandcompliance/2015/04/21/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3/  ] (  http://deloitte.wsj.com/riskandcompliance/2015/04/21/investment-advisers-six-areas-of-focus-for-sec-cybersecurity-exams-3/  ) 

**U.S. plans a cybersecurity center in Silicon Valley** 
The center will function as a satellite office of the National Cybersecurity and Communications Integration Center (NCCIC), a day-and-night operation that acts as an information and threat clearing house for government and private entities. 
**Link:** [  http://www.computerworld.com/article/2912468/cybercrime-hacking/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ] (  http://www.computerworld.com/article/2912468/cybercrime-hacking/us-plans-a-cybersecurity-center-in-silicon-valley.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_pm_2015-04-21&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4  ) 

**New fileless malware found in the wild** 
Since the discovery of the Poweliks fileless Trojan in August 2014, researchers have been expecting other similar malware to pop up. 
The wait over: Phasebot malware, which also has fileless infection as part of its routine, is being sold online. 
Phasebot seems to be a direct successor of Solarbot. 
Its detection evasion tactics include rootkit capabilities, encryption of communications with its C&C server by using random passwords, virtual machine detection. 
**Link:** [  http://www.net-security.org/malware_news.php?id=3021  ] (  http://www.net-security.org/malware_news.php?id=3021  ) 

**“Buhtrap” Malware Targeting Russian Banks And Businesses** 
ESET has discovered a malware campaign targeting Russian banks and the accounting departments of Russian businesses, nicknamed Operation Buhtrap. Apparently, the malware has been active for more than a year, and 88 percent of the attacks have been in Russia and 10 percent in the Ukraine. 
Analysts at ESET uncovered CVE-2012-0158 late in 2014, which is a buffer overflow vulnerability in the ListView/TreeView Active X controls found in the MSCOMCTL.OCX library. The malicious code can be activated using a specially modified DOC or RTF file for MS Office 2003, 2007, or 2010, according to Security Affairs. 
**Link:** [  http://www.bsminfo.com/doc/buhtrap-malware-targeting-russian-banks-businesses-0001  ] (  http://www.bsminfo.com/doc/buhtrap-malware-targeting-russian-banks-businesses-0001  ) 

**Lieberman Software’s Security Double-Tap(TM) Defeats Golden Ticket Cyber Attacks** 
LOS ANGELES, CA—(Marketwired - April 21, 2015) - Lieberman Software Corporation today announced Security Double-Tap, a solution to block the destructive Golden Ticket cyber attack. This new feature is included in Enterprise Random Password Manager™ (ERPM)—the company’s privilege management platform—and is being exhibited for the first time at RSA Conference 2015 in San Francisco, CA.
Today’s enterprises are under assault from sophisticated cyber attacks like pass-the-hash (PTH) and pass-the-ticket (PTT). These advanced persistent threats—at the core of some of the most notorious recent data breaches—operate at nearly a 100% success rate.  While PTH is a more widely known threat, the related PTT attack is just as dangerous. PTT attacks target Kerberos, the default authentication protocol in Windows domains. 
ERPM now provides an automated double password reset specifically designed to combat the Golden Ticket attack. The two password resets—a Security Double-Tap—force rapid replication of the changed credentials throughout the domain, to block the use of compromised accounts. In conjunction with this process, ERPM can also force an automatic chained reboot of target system to clear memory of hashes and passwords, and prevent memory scraping. 
**Link:** [  http://www.reuters.com/article/2015/04/21/idUSnMKWDwJzFa+1ea+MKW20150421  ] (  http://www.reuters.com/article/2015/04/21/idUSnMKWDwJzFa+1ea+MKW20150421  ) 

**RSA supremo rips ‘failed’ security industry a new backdoor, warns of ‘super-mega hack’** 
RSA 2015 RSA president Amit Yoran tore into the infosec industry today, telling 30,000 attendees at this year’s RSA computer security conference that they have failed. 
He said security bods should drop “legacy approaches” that have led to a false sense of security. Such approaches are akin to building “higher walls” and “deeper moats,” which will not help address the shortcomings in security. 
**Link:** [  http://www.theregister.co.uk/2015/04/21/rsa_boss_rips_failed_security_industry/  ] (  http://www.theregister.co.uk/2015/04/21/rsa_boss_rips_failed_security_industry/  ) 

Monday, April 20, 2015

Newsalert - 2015 Apr 20

INSIGHT: When it comes to threat detection and incident response, context matters
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected.
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way.
Link: [ http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/ ] ( http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/ )

(ISC)² STUDY: WORKFORCE SHORTFALL DUE TO HIRING DIFFICULTIES DESPITE RISING SALARIES, INCREASED BUDGETS AND HIGH JOB SATISFACTION RATE
The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world. - See more at: http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html#sthash.ZiGva4cy.dpuf 45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals.
Link: [ http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html ] ( http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html )

Use of multiple contractors could leave oil, gas operators open to hackers Read more: http://triblive.com/news/editorspicks/8084464-74/gas-oil-energy#ixzz3XodTt7wG Follow us: @triblive on Twitter | triblive on Facebook
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh.
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan.
Link: [ http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba ] ( http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba )

ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers.
Link: [ http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610 ] ( http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610 )

UN conference weighs efforts to combat cybercrime
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape.
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America.
Link: [ http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime ] ( http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime )

Predictive Replaces Reactive Security at RSA 2015
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles.
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market.
Link: [ http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html ] ( http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html )

Banks the target for hackers not customers, Europol chief Rob Wainwright says
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says.
Link: [ http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722 ] ( http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722 )

Sunday, April 19, 2015

Newsalert - 2015 Apr 19

**INSIGHT: When it comes to threat detection and incident response, context matters** 
This new generation of security analytics tools will undoubtedly make analysts more efficient and accurate in their analysis, but it will also mean that the analyst is reaching conclusions faster, contributing to the operational outcomes of security rather than “after action reporting” on incidents they have detected. 
Ultimately the organisations that are moving beyond SIEM systems and are striving to understanding the extent and impact of attacks through Security Analytics, rather than just the mere presence of those threats are leading the way. 
**Link:** [  http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/  ] (  http://www.reseller.co.nz/article/572958/insight-when-it-comes-threat-detection-incident-response-context-matters/  ) 

**(ISC)² STUDY: WORKFORCE SHORTFALL DUE TO HIRING DIFFICULTIES DESPITE RISING SALARIES, INCREASED BUDGETS AND HIGH JOB SATISFACTION RATE** 
The results of the seventh (ISC)² Global Information Security Workforce Study (GISWS) conducted by Frost & Sullivan for the (ISC)² Foundation with the support of Booz Allen Hamilton, Cyber 360 Solutions and NRI Secure Technologies reveal that the security of businesses is being threatened by reports of understaffed teams dealing with the complexity of multiple security technologies and the threats posed by our increasingly connected world.  - See more at: http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html#sthash.ZiGva4cy.dpuf
45 percent of hiring managers reporting that they are struggling to support additional hiring needs and 62 percent of respondents reporting that their organizations have too few information security professionals. 
**Link:** [  http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html  ] (  http://blog.isc2.org/isc2_blog/2015/04/isc-study-workforce-shortfall-due-to-hiring-difficulties-despite-rising-salaries-increased-budgets-a.html  ) 

**Use of multiple contractors could leave oil, gas operators open to hackers   Read more: http://triblive.com/news/editorspicks/8084464-74/gas-oil-energy#ixzz3XodTt7wG  Follow us: @triblive on Twitter | triblive on Facebook** 
“The more third parties you work with, in general, they could then become a target to pivot into your network,” said Bob Marx, a cybersecurity and industrial automation consultant with Cimation, an energy consulting company from Houston, Texas, with offices in Pittsburgh. 
60 percent of energy companies in an international survey this year by Oil & Gas IQ, an industry news site, said they do not have a cyber attack response plan. 
**Link:** [  http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba  ] (  http://triblive.com/news/editorspicks/8084464-74/gas-energy-oil#axzz3Xod0Ycba  ) 

**ISACA first to combine skills-based cyber security training with performance-based exams, certifications to address talent shortage** 
ISACA introduced a portfolio of new cyber security certifications that are the first to combine skills-based training with performance-based exams and certifications. The seven new Cybersecurity Nexus (CSX) certifications help professionals build and evolve their careers in a constantly changing field and help close the skills gap for employers. 
**Link:** [  http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610  ] (  http://www.itweb.co.za/index.php?option=com_content&view=article&id=142610  ) 

**UN conference weighs efforts to combat cybercrime** 
Efforts to tame the fast-growing cybercrime threat took center stage at the United Nations Crime Congress under way in Doha, Qatar, as a diverse group of experts in the field urged strong partnerships between the public and private sectors to create a safer digital landscape. 
For the past two years, UNODC, under its programme for cybercrime, has been delivering technical assistance to law enforcement authorities, prosecutors, and the judiciary, in three regions of the world, in Eastern Africa, South-East Asia, and Central America. 
**Link:** [  http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime  ] (  http://www.eturbonews.com/57811/un-conference-weighs-efforts-combat-cybercrime  ) 

**Predictive Replaces Reactive Security at RSA 2015** 
More than 30,000 expected to attend. The larger the turnout at a security conference, the more it indicates that the bad actors are winning most of the battles. 
The armored-car approach certainly remains an integral part of any security strategy, but the added dimension of anticipitory security using advanced data analytics to predict and deflect data breaches from the outside and inside is where it’s at now. This is what topmost on the minds of vendors, thought leaders and entrepreneurs. At least it should be, and if it isn’t, vendors not thinking about this are going to be left behind by the market. 
**Link:** [  http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html  ] (  http://www.eweek.com/security/predictive-security-replaces-reactive-at-rsa-2015.html  ) 

**Banks the target for hackers not customers, Europol chief Rob Wainwright says** 
Banks, rather than their customers, are increasingly the main target of online thieves, the head of the European Union’s law enforcement agency says. 
**Link:** [  http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722  ] (  http://www.abc.net.au/news/2015-04-18/banks-the-target-for-hackers-not-customers/6402722  ) 

Tuesday, April 14, 2015

Newsalert - 2015 Apr 14

DNS Zone Transfer AXFR Requests May Leak Domain Information
A remote unauthenticated user may request a DNS zone transfer

from a public-facing DNS server. If improperly configured, the DNS server may respond with information about the requested zone, revealing internal network structure and potentially sensitive information.

Link: https://www.us-cert.gov/ncas/alerts/TA15-103A
 
Better Together: Network Operations & Infosec
For an enterprise, the key takeaway is its critical need to be able to detect activities on the network that can lead to a data breach. That capability is diminished by the fact that security operations and network operations typically work in silos. That means security vulnerabilities have to be handled twice

: first by the SOC, which has evidence of malicious activity but often no mechanism for actively stopping it, and then again by the NOC, which needs to wait for specific instructions from the SOC. Any time delay here creates advantages for an attacker.

Threats are getting increasingly harder to discover, and attackers are more brazen than ever. Getting network operations and information security teams together

in the same room for the first time will be a critical step for organizations that want to build a continuous information security improvement culture capable of defending against those threats.

Link: http://www.darkreading.com/attacks-breaches/better-together-network-operations-and-infosec-/a/d-id/1319898?ngAction=register
 
The critical 48 hours: how to mitigate the damage from a cyber-attack
The days of in-house security teams being capable of preparing and responding to incidents has long gone. Professionally qualified, experienced teams of staff are necessary

to respond to and prevent an incident from impacting the business. These people are few and far between and need continuous on-the-job and up-to-date experience and training. By using professional service providers brings greater value including cyber threat intelligence, up-to-the minute advice and guidance and impartial and high quality assessments. In-house is simply no longer an option.

Link: http://www.itproportal.com/2015/04/12/critical-48-hours-how-to-mitigate-damage-cyber-attack/
 
Dell Threat Report Finds POS, SSL, SCADA attacks on the Rise
The company released its 2015 Dell Security Annual Threat Report this week, which found that both businesses and individuals increasingly are falling victim to malicious attacks from several key areas, including POS malware variants and attacks from SSL/TLS encrypted protocols. Dell also found a 100 percent increase in attacks against industrial control systems

during this year’s analysis.

Dell also reported a surge in malware being encrypted through SSL and TSL traffic

, which usually are associated with secure HTTPS websites. With the number of websites using secure encryption rising by more than 100 percent last year, Dell discovered hackers have begun encrypting their malware to avoid detection from corporate firewalls.

Link: http://thevarguy.com/var-guy/041315/dell-threat-report-finds-pos-ssl-scada-attacks-rise
 
Files encrypted by CoinVault ransomware? New free tool may decrypt them

Victims of the CoinVault ransomware might be able to decrypt their files with a free tool released by Kaspersky Lab together with the Dutch police.

The tool can be found at https://noransom.kaspersky.com. The application uses decryption keys

found by the Dutch police as part of an investigation.

Link: http://www.cio.com/article/2909294/files-encrypted-by-coinvault-ransomware-new-free-tool-may-decrypt-them.html
 
Cyber security firm uncovers decade-long malware attack on ASEAN governments and businesses

Today FireEye, the California-based security software firm, issued a lengthy report alleging that a single entity has been carrying out malware attacks towards businesses and governments in India, the USA, and Southeast Asia.

FireEye claims that the entity, which it calls APT 30

, has been self-registering DNS domains with malware command and control since 2004. Its malware attacks appear to be targeted towards organizations with information generally relevant to state security and diplomatic agencies – in particular, the Communist Party of China. FireEye adds that APT 30 appears to have been working in a systematic, collaborative manner, using tools designed for longevity, which indicates the attacks constitute part of a long-term campaign.

Link: https://www.techinasia.com/cyber-security-firm-uncovers-decade-long-malware-attack-on-asean-governments-and-businesses/
 
New report: Cyber Security and Critical Infrastructure in the Americas
According to the General Secretariat of the Organization of American States (OAS) and the Trend Micro report, 44 percent of respondents were aware of different types of destructive attacks, while 40 percent said they had experienced attempts to shutdown cybernetic systems

. The report also presents specific cases related to cyber security in each OAS country and analysis of cyber attacks and their methodologies, while detailing the current cyber security measures and policies in place.

Link: http://continuitycentral.com/news07594.html

Subscribe to this list: http://paulgdavis.us3.list-manage1.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a

Friday, April 10, 2015

Newsalert - 2015 Apr 10

iOS 8.3 fixes dozens of security vulnerabilities
Apple has issued more than three-dozen security fixes in its latest mobile operating system update, released Wednesday.
Link: http://www.zdnet.com/article/ios-8-3-fixes-dozens-of-security-issues/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f

Malware-as-a-Service enabling novice threat actors to attack
According to the Websense Security Labs 2015 Threat Report, MaaS (Malware-as-a-Service) is enabling even entry level threat actors to successfully create and launch data theft.
One of the oldest vectors of attack, email, is still a potent attack launcher in spite of the evolution of the web.
Link: http://www.cbronline.com/news/cybersecurity/data/malware-as-a-service-enabling-novice-threat-actors-to-attack-4549833

Proactive Security Strategies Dramatically Improve Security Effectiveness
A new study from Accenture and the Ponemon Institute confirms that companies that employ proactive security strategies realized a greater return on security investments than companies who depend on more traditional approaches to securing their networks,
“Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent,” the report found.
“Live threat intelligence is the key to surviving the new digital siege. But in order to be useful, threat intelligence needs to be as complete and relevant as possible. New offerings like the Norse Appliance 10g are becoming must-have tools for defending modern organizations on the Internet.”
Link: http://blog.norsecorp.com/2015/04/08/proactive-security-strategies-dramatically-improve-security-effectiveness/#prettyPhoto

Cybercrime fighting group takes down Beebone botnet
LONDON (AP) - A new group of international cybercrime fighters claimed one of its first kills Thursday, pulling the plug on malicious servers that hijacked at least 12,000 machines, most of them in the United States.
Beebone was modest by botnet standards, but Samani - the chief technology officer of Intel Security’s Europe, Middle East and Africa division - said it was state-of-the-art. Beebone relied on a pair of malicious programs that re-downloaded each other, an insurance policy should one of them be removed. Regular tweaks to the software’s code made it difficult for experts to blacklist the programs.
Link: http://www.vcstar.com/news/world/new-cybercrime-group-takes-down-beebone-botnet_70421421

Botnet activity inside organisations predicts likelihood of future data breach
Organisations showing evidence of botnets inside their networks are not only more likely to suffer a data breach, the level of botnet activity correlates directly to increased risk, security analytics firm BitSight has suggested after analysing incidents at more than 6,000 companies.
Breaking this down by sector showed that education was the poorest performer, perhaps not a surprise. This sector had the smallest number of grade A networks (the best) and the highest number of grade F networks (the worst).
Utilities was the next worst performer, ahead of data breach hotspot healthcare, retail, in that order. Finance was the best performing sector, differences BitSight has commented on before.
Link: http://www.techworld.com/news/security/botnet-activity-inside-organisations-predicts-likelihood-of-future-data-breach-3607112/

Wall Street Needs Better Safeguards Against Hackers, Says Regulator
Financial regulators are raising concerns about weaknesses in the networks of outside vendors that serve Wall Street’s biggest banks, security lapses that might allow hackers to gain access to sensitive financial data.
In a survey of 40 banks, New York state’s top bank cop, Benjamin Lawsky, found that fewer than half regularly inspected the security systems of their outisde vendors. About two-thirds of the firms surveyed had no policy in place requiring partners to give notice when their networks have been compromised, the New York Times reports.
Link: http://www.ibtimes.com/wall-street-needs-better-safeguards-against-hackers-says-regulator-1875823

Infosecurity Europe 2015: Escalating Cyber-Threats Driving Business Response Strategies – Report
The results of Infosecurity Europe’s 2015 survey are now in – and the research indicates that the key driver of businesses’ security and response strategies is the escalating number of high-profile, headline-grabbing threats and breaches.
According to 67% of respondents, well-publicized incidents such as Target, Sony and JP Morgan, along with vulnerabilities like Heartbleed and Shellshock, are having a positive impact on businesses’ understanding of potential threats.
A corresponding number (62%) reported that reputational damage was the worst possible outcome their organizations could face in the wake of an incident. It would appear that industry horror stories from 2014 and early 2015 are resonating.
In addition, 44% of professionals surveyed believe that the key driver of security strategy and investment in their organization is the complex and evolving threat landscape.
Link: http://www.infosecurity-magazine.com/news/infosecurity-europe-escalating/

Thursday, April 09, 2015

Newsalert - 2015 Apr 8

Cyber War Games: Top 3 Lessons Learned About Incident Response
Deloitte leads client organizations in war game exercises like these to “stress test” their incident response plans, and identify the strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.
• Designate a Crisis Officer
• Be Skeptical About The Information You’re Receiving
• Resist Finger Pointing In Any Direction
Don’t forget about your employees. While the media, the regulators, and the customers are usually top of mind, many companies tend to forget about how they need to communicate about a security incident to their own employees. In the simulation, the chief operating officer was the one who brought it up first.
Link: http://www.darkreading.com/risk/cyber-war-games-top-3-lessons-learned-about-incident-response/d/d-id/1319813

WHAT ARE NATION STATE INFORMATION SECURITY ATTACKS REALLY TELLING US?
It is rarely considered that for most nation-state sponsored attackers, targeting foreign companies is a day job: it is more economically feasible to steal $500,000 of research rather than spending $2,000,000 and two years to conduct the research themselves.
Malware is one for the easiest ways in for attackers. The game is stacked in their favour for several reasons..
There needs to be a fundamental transformation from seeing attacks as unusual events brought about by people out to do us direct harm, where our emotions and reflex actions overtake reasoned and rational thinking, to one where these attacks are viewed as a part and parcel of doing business.
Link: http://continuitycentral.com/feature1302.html

iSIGHT Partners Acquires Critical Intelligence
iSIGHT Partners, Inc., the leading provider of cyber threat intelligence for global enterprises, today announced the acquisition of Idaho-based Critical Intelligence, the leader in cyber situational awareness and threat intelligence for Industrial Control Systems (ICS) owners and operators. Under the terms of the agreement, iSIGHT Partners has acquired 100% of Critical Intelligence, a 6-year-old company and pioneer in identifying vulnerabilities and threats to critical infrastructure systems, including supervisory control and data acquisition (SCADA) and other process control systems (PCS).
The move comes on the heels of iSIGHT Partners’ announcement of a $30m investment by Bessemer Ventures Partners and the company’s expansion of operations in the EMEA region. iSIGHT experienced significant growth in 2014 and finished the year with record revenues and strong client acquisition across numerous vertical and geographic segments, including energy, oil and gas and manufacturing. Growth continues to accelerate and iSIGHT Partners experienced over 100% year-over-year bookings growth in the first quarter of 2015.
Link: http://www.power-eng.com/marketwired/2015/04/7/isight-partners-acquires-critical-intelligence.html

Malicious, large-scale Google ad campaign slams users with malware
A large number of ads distributed by a Google advertising partner redirected users to Web-based exploits that attempted to install malware on users’ computers.
Security researchers from Dutch security firm Fox-IT observed the malvertising campaign Tuesday, when ads coming through a Google partner in Bulgaria called Engage Lab started redirecting users to the Nuclear Exploit Kit.
Link: http://www.pcworld.com/article/2907492/largescale-google-malvertising-campaign-hits-users-with-exploits.html

Two NTP Key Authentication Vulnerabilities Patched
The Department of Homeland Security and CERT at the Software Engineering Institute at Carnegie Mellon University on Tuesday issued an advisory warning of the two vulnerabilities, which were patched in ntp-4.2 8p2.
Link: https://threatpost.com/two-ntp-key-authentication-vulnerabilities-patched/112067

Microsoft closes acquisition of R software and services provider
Microsoft acquires Revolution Analytics, a commercial provider of services for the open source R programming language for statistical computing and predictive analytics.
“Revolution has made R enterprise-ready with speed and scalability for the largest data warehouses and Hadoop systems,” he adds.
Link: http://www.cio.com/article/2906456/data-analytics/microsoft-closes-acquisition-of-r-software-and-services-provider.html?phint=newt%3Dcio_insider&phint=idg_eid%3De87b17913ba9d312d52f2efa84a73904#tk.CIONLE_nlt_insider_2015-04-08

HP warns cybersecurity customers to focus on people and processes
To protect themselves against cyberattacks, organizations should focus more on training their employees and improving their internal processes instead of buying new technology, according to one tech vendor.
Yet, businesses and government agencies often focus on the next “silver bullet” product, unaware that most cybersecurity problems stem from flawed procedures and human error, said Art Gilliland, senior vice president and general manager for Hewlett-Packard’s software enterprise security products.
Link: http://www.computerworld.com/article/2907058/hp-warns-cybersecurity-customers-to-focus-on-people-and-processes.html?phint=newt%3Dcomputerworld_dailynews&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4#tk.CTWNLE_nlt_dailyam_2015-04-08&siteid=&phint=tpcs%3D&phint=idg_eid%3Dd5d8326c323742a4ed7bf4fd3dac54c4

Malware writers take a page from the spam industry to evade detection
While the volume of cyberthreats declined slightly last year, their sophistication increased, according to a new report from Websense Security Labs. One indicator that attackers are reusing pre-existing tools and infrastructure was in the form of botnet usage.
According to Websense, the average price of an exploit kit is now between $800 and $1,500 a month, and the number of these kits tripled last year, keeping prices low.
The total number of C&Cs has doubled last year, from 1.1 billion to 2.2 billion, he added.
Link: http://www.csoonline.com/article/2907124/cyber-attacks-espionage/malware-writers-take-a-page-from-the-spam-industry-to-evade-detection.html

AlienSpy A More Sophisticated Version Of The Same Old RATs
… AlienSpy is distributed via phishing emails with subject headers that are designed to fool recipients into opening them. Many of the emails purport to contain information related to financial transactions of some sort. Systems that are infected could end up having additional botnet and data-stealing malware loaded on them.
Fidelis researchers have observed AlienSpy being sold in the cyber underground via a subscription model, with prices starting at $9.90 for 15-day use to $219.90 for an annual subscription. The subscription provides users with access to the malware’s complete range of capabilities, including some newer techniques like sandbox detection, antivirus tool disablement, and Transport Layer Security (TLS) encryption-protected command-and-control capabilities.
AlienSpy is currently detected by only a limited set of antivirus products and incorporates features like multi-platform support. Fidelis described the capabilities of the malware tool as far beyond what used to typically be available with previous generation remote access malware tools.
Link: http://www.darkreading.com/attacks-breaches/alienspy-a-more-sophisticated-version-of-the-same-old-rats/d/d-id/1319842

FSS [Korea] dedicates itself to fighting ‘five financial evils’
The Financial Supervisory Service (FSS) is branding voice phishing, insurance fraud, illegal loan sharks, illegal bond collections and overly aggressive sales of products by financial institutions as “five financial evils” that it will endeavor to fight.
The financial watchdog announced a special task force led by Senior Deputy Governor Seo Tae-jong on Wednesday to combat those financial crimes, which are getting more clever and complex and therefore pose more of a risk than in the past.
Link: http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=3002878

Tuesday, April 07, 2015

Newsalert - 2015 Apr 7

Cisco Launches New Advanced Malware Protection Capabilities and Incident Response Services, Giving Customers Powerful Tools for Faster Time to Detection and Resolution
SAN JOSE, CA, Apr 07, 2015 (Marketwired via COMTEX)—Cisco CSCO, -0.32% today unveiled a host of new capabilities and services that give security professionals extensive intelligence and analysis on potential compromises and solutions to protect against, respond to and recover from attacks.
Link: http://www.marketwatch.com/story/cisco-launches-new-advanced-malware-protection-capabilities-and-incident-response-services-giving-customers-powerful-tools-for-faster-time-to-detection-and-resolution-2015-04-07?reflink=MW_news_stmp

Heartbleed still a risk for most large UK firms, study shows
More than two-thirds of Forbes Global 2000 companies in the UK remain vulnerable to attacks that exploit incomplete remediation of the Heartbleed vulnerability in OpenSSL, a study shows.
Link: http://www.computerweekly.com/news/4500243837/Heartbleed-still-a-risk-for-most-large-UK-firms-study-shows?asrc=EM_EDA_41521413&utm_medium=EM&utm_source=EDA&utm_campaign=20150407_Heartbleed%20still%20a%20risk%20for%20most%20large%20UK%20firms,%20study%20shows_

NIST calls for final comments on draft covering sensitive information protection
NIST composed the draft with the National Archives and Records Administration (NARA) in accordance with Executive Order 13556, which established the CUI program and designated NARA as the main entity to implement it, a NISA press release states. The deadline to comment is May 12, after which NIST will review the thoughts and put together its final document with an anticipated June release.
Link: http://www.scmagazine.com/nist-and-nara-collaborate-to-release-final-draft/article/407586/

A new experiment tracks credit card data as it travels through the criminal web
Earlier this year, security firm BitGlass decided to test the underground marketplace with a little experiment. The company created an Excel file with 1,568 fake profiles, complete with names, phone numbers, addresses, social security numbers, and credit card numbers. Along with the phony data, the file had a hidden watermark that would report back to BitGlass every time the file was opened, operating like a homing beacon. Then the company dropped the file onto a public Dropbox account and posted it to a few cybercrime forums and waited for the beacon to phone home.
Link: http://www.theverge.com/2015/4/7/8356953/dark-web-data-breach-credit-card-tracking

A guide to monetizing risks for security spending decisions
You have a finite amount of cash to spend on people and technologies to keep your business’ risk to an acceptable level, so you have to make your decisions wisely. As Curt Dalton points out in this step-by-step guide, monetizing key risks helps you convey impact in a more meaningful way
• Measure the impact
• Monetize your key risks
• Risk decision making
By monetizing key risks, you will be able to convey impact in a more meaningful way. By providing consistent and methodical risk guidance, executives will be able to more effectively collaborate with you to improve alignment between business objectives and security.
Link: http://www.csoonline.com/article/2903740/metrics-budgets/a-guide-to-monetizing-risks-for-security-spending-decisions.html

Firefox issues brand new update to fix HTTPS security hole in new update
Mozilla recently published its scheduled release of Firefox 37.0.
Firefox 37.0 introduced support for HTTP/2, the not-quite-finalised-yet update to the venerable HTTP protocol.
Link: http://news360.com/digestarticle/5zHJpMCjAUC_9dY_guR-rg

Black Duck Software Announces Industry’s Most Comprehensive Security Solution to Identify and Remediate Vulnerabilities
BURLINGTON, Mass.—(BUSINESS WIRE)—Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the industry’s most comprehensive open source security solution that helps security and development teams find and remediate open source vulnerabilities, the Black Duck Hub. The Black Duck Hub helps customers identify open source used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation.
On average, more than 30 percent of software deployed in most enterprises is open source software (OSS); however, few organizations have visibility into what open source is used and where. With more than 4,000 new open source vulnerabilities reported each year, understanding what open source is used within an organization is critical. Thousands of unknown open source vulnerabilities go unnoticed within a typical enterprise. The Black Duck Hub identifies open source usage, maps known open source vulnerabilities, and tracks remediation efforts. The Black Duck Hub leverages Black Duck’s KnowledgeBase of license and vulnerability data, the most comprehensive source of language coverage in the industry.
Link: http://www.businesswire.com/news/home/20150407005252/en/Black-Duck-Software-Announces-Industry%E2%80%99s-Comprehensive-Security#.VSSAWRPF-OU

New RSA Breach Readiness Survey Finds Majority Not Prepared
SBIC serves as Best Practices Benchmark while 57% of industry at large never update or review Incident Response plans
Content Intelligence in the survey measured awareness gained from tools, technology and processes in place to identify and monitor critical assets. While all SBIC members have a capability to gather data and provide centralized alerting, 55% of the general survey population lacks this capability rendering them blind to many threats. Identifying false positives still proves a difficult task.  Only 50% of the general respondents have a formal plan in place for identifying false positives while over 90% of SBIC members have automated cyber-security technologies and a process to update information to reduce the chances of future incidents.
Link: http://www.reuters.com/article/2015/04/07/rsa-globalreachresult-idUSnPnTxWN4+56+PRN20150407

XL Launches Security Insight Platform to Identify Global Business Risks
XL Group’s kidnap & ransom underwriting team has announced the launch of its new Global Security Insight (GSI) platform.
Created and frequently updated by Salamanca Group, the merchant banking and operational risk management business, the global platform provides XL Group’s clients with detailed information about security risks in over 200 territories. Access is included as part of XL Group’s pre-incident response service and provides clients and their staff with vital information for those traveling or conducting business throughout the world.
Link: http://www.insurancejournal.com/news/international/2015/04/07/363481.htm

Newsalert - 2015 Apr 06

Wyoming broadens definition of personal information in amended data breach notification law
The amendment expands the definition of personal information to now include an individual’s first name or first initial and last name in combination with any of the following: (1) Social Security number, (2) driver’s license number, (3) account number, credit card number or debit card number in combination with any security code, access code or password that would allow access to a financial account of the person, (4) tribal identification card, (5) federal or state government issued identification card, (6) shared (login) secrets or security tokens known to be used for data based authentication purposes, (7) a username or email address when combined with a password or security question and answer that would permit access to an online account, (8) a birth or marriage certificate, (9) medical information, meaning a person’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, (10) health insurance information, meaning a person’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the person or information related to a person’s application and claim’s history, (11) unique biometric data, or (12) an individual taxpayer identification number.
Link: http://www.lexology.com/library/detail.aspx?g=5a82bdde-187f-458d-907f-7bb8e010b149

How to Build a Successful IT Security Awareness Program
The first step towards creating a successful security awareness program is to recognize that this is not a project with a defined timeline and an expected completion date, but is instead a development of organizational culture.
Similarly, the measurements of success are not just found in reduced counts of accidents or exposures but in the base line attitudes and practices of employees as they perform their business functions.
Link: http://www.tripwire.com/state-of-security/security-awareness/how-to-build-a-successful-it-security-awareness-program/?utm_source=Threat+Brief&utm_campaign=b08684f8ae-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-b08684f8ae-388769721

Should security providers be held liable for data breaches?
Black Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to “secure”. The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have voiced their opinions.
A managed security service provider (MSSP), where an information security company such as Paladion is managing the security posture of the enterprise, is involved in maintaining the security products of the organization or uses their own to protect the organization. An MSSP can be held liable if there is a breach if it was an oversight or error by their security analysts that caused the breach. Liability would depend on the service contract that was drawn between the company and the service provider. An outcome based contract will have SLAs and liabilities that commensurate to the value, but a normal manpower based contract will not have this.Paladion provides outcome based information security services and has such contracts with several companies where penalties are defined in case of breaches.” added Rajat
Link: http://www.dnaindia.com/scitech/report-should-security-providers-be-held-liable-for-data-breaches-2075017

8 Steps to Stronger Information Risk Management
Your compliance and security teams may be approaching you, as the CFO, to be their advocate in obtaining the funds needed to set up or strengthen your information security or compliance programs.  CFOs have historically been risk-averse by nature, focusing on protection of the business and the bottom line. But in the world we are now facing, CFOs will be expected to bring innovative ideas to the table to help their companies remain competitive.
As CFO, you know the risk appetite of the C-suite and the limitations of the budgets. Make sure the investments being recommended are in line with your organization’s strategy and operational needs. It’s important to either establish or strengthen an internal risk management governance council to guide decision-making.
Link: http://ww2.cfo.com/data-security/2015/04/8-steps-stronger-information-risk-management/

Principles of Malware Sinkholing
With malware dependency on domain name systems (DNS) and the use of domain generation algorithms (DGAs) on the rise, we’ve also seen an increase in the use of sinkholing as a defense and intelligence-gathering technique.
Although sinkholing is simple to execute, complex risks can be involved. First, some obvious legal issues may crop up with external sinkholing; for example, victim machines are now contacting a server you control. If, for instance, you use external sinkholing to control victim machines that do not belong to your organization—even if it’s for benefit—it’s a criminal act in most jurisdictions. This holds true even if there is a “self-destruct” feature in the malware that will uninstall itself when given the command to do so.
Ultimately, sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
Link: http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/principles-of-malware-sinkholing/a/d-id/1319769

Brazil top for Android smartphones infected by malware
Brazil was last year among the countries most affected by malicious apps and spies for Android, according to a report released by Google, reports Teletime. In the ranking of infections by Potentially Hazardous Applications (PHA), looking at sites outside of Google Play and including unlocked devices (with root), Japan had the lowest rate of all in 2014, with 0.0702 percent. The global average was 0.7891 percent, and Brazil ranked above with 0.9996 percent. Brazil was only ahead of India, the UAE and Russia, which had highest percentage at 3.8548 percent. When it comes to spyware, the global average was 0.2035 percent and Brazil was again above this figure, placing penultimate with 0.4218 percent. Again, the lowest annual average was Japan, with 0.0141 percent.
Link: http://www.telecompaper.com/news/brazil-top-for-android-smartphones-infected-by-malware—1075037

Thursday, April 02, 2015

Newsalert - 2015 April 02

Wake up! What are you doing to battle breach fatigue?
On the surface, there is a silver lining to the fatigue phenomenon: Since the public has been hammered with nonstop news about breaches, it isn’t necessarily perceived to be as severe. This can translate to a quicker recovery for a business whose reputation takes a breach-related hit.
Ultimately, however, this silver lining acts as a false sense of security. A cyber threat that isn’t considered severe is unlikely to be treated as a priority issue.
Apply the three Es:
• Enforce
• Educate
• Evaluate
Link: http://www.scmagazine.com/wake-up-what-are-you-doing-to-battle-breach-fatigue/article/404946/

Admin rights to blame for 97 percent of critical Microsoft flaws - Report
The figures are from the 2014 Microsoft Vulnerabilities Report by UK-based security firm Avecto, in which the company pulled data from every patch issued by Microsoft in 2014—240 in total.
In 2013, the same report found that 92 percent of 147 total vulnerabilities with a critical rating could have been prevented via the same admin rights removal—indicating a 63 percent year-over-year increase in the total number of critical vulnerabilities.
Link: http://www.zdnet.com/article/admin-rights-to-blame-for-97-percent-of-critical-microsoft-flaws-report/?utm_source=Threat+Brief&utm_campaign=5a80b96ab6-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-5a80b96ab6-388769721

Orgs need to share info, crave more board oversight, study says
The “Third Annual Information Security Survey,” conducted by Blue Lava Consulting and sponsored by vArmour, found that while 36 percent of respondents share information with industry groups, while 50 percent of respondents don’t share any information.
The study also found that legacy security systems that guard the perimeter have lost their luster with the majority (75 percent) of information security professionals surveyed who are stepping away from traditional security approaches, and now will likely allocate their budget dollars on new vendors for “agile security solutions” to protect their data centers.
Link: http://www.scmagazine.com/survey-finds-that-11-of-security-pros-report-to-board-of-directors/article/406878/?utm_source=Threat+Brief&utm_campaign=5a80b96ab6-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-5a80b96ab6-388769721

Meet the Top 50 Most Popular Voices in U.S. Hospital Security
SCOTTSDALE, AZ—(Marketwired - Apr 1, 2015) - Guardian 8 Corporation, a wholly-owned subsidiary of Guardian 8 Holdings (OTCQB: GRDH) and the developer and manufacturer of an enhanced non-lethal device called the Pro V2, today announced the results of a research project identifying the 50 most popular voices in U.S. hospital security. The voices belong to a broad range of security pros—from board certified protection professionals and security directors to security consultants, online community leaders, and officers past and present. Collectively, they drive, join or facilitate discussions about how to mitigate risk and de-escalate violence in hospitals.
Link: http://www.reuters.com/article/2015/04/01/idUSnMKWlmflxa+1c0+MKW20150401

Application of Threat Indicators: A Temporal View
To put some definitions in place, I refer to the application of indicators (IP addresses, URLs, domains, MD5 hashes) to future activity as the prospective application of threat indicators. Correspondingly, the application of indicators to historical data such as log management and SIEMs is known as the retrospective application of threat indicators. Both of these techniques have value but occasionally in strikingly different ways, and this distinction is worthy of examination.
As you venture into the world of threat intelligence and indicator sharing, you’ll want to consider optimizations. This is true across the spectrum, whether you happen to be a producer, distributor, or consumer of threat intelligence, or even the provider of the technology that enables the operationalization of data. Enterprises should be evaluating their providers with these objectives in mind—for example, demanding the ability to apply rich indicators to historical events.
Link: http://www.darkreading.com/partner-perspectives/general-dynamics-fidelis/application-of-threat-indicators-a-temporal-view/a/d-id/1319724

CIO - Why you should be spending more on security
Many CIOs endanger their companies simply by not spending enough on security.
That may seem odd to posit, given that a recent Pricewaterhouse Coopers survey found that businesses now spend a higher percentage of their IT budgets on security than ever before. According to the survey, large organizations spend an average of 11 percent of their IT budgets on security while small businesses spend nearly 15 percent.
The good news is that there is new security technology on the horizon, and some of it looks like it will be a worthwhile investment. “Cutting-edge technologies show genuine promise and are already being used by enlightened companies,” Chuvakin says. “Analytics may give a huge boost to defenders, as well as machine learning and threat intelligence. It’s too early to say ‘buy this and you’ll win, but there is definitely light at the end of the tunnel.”
Link: http://www.cio.com/article/2904364/security0/why-you-should-be-spending-more-on-security.html

Three ways a CSO can stop being the bad guy
Are you the Dr. No of your company, always with security-related reasons for stopping or slowing down projects?
But some security executives are redefining their roles to become people who say “yes,” and restructuring their departments around becoming enablers of business.
Meyer urged very CSO and CISO to begin building working relationships with other business leaders in their company, and to stay positive.
Link: http://www.csoonline.com/article/2904027/security-leadership/three-ways-a-cso-can-stop-being-the-bad-guy.html?phint=newt%3Dcso_update&phint=idg_eid%3D3ed717ef9867f793024f9cb8f4bb3860#tk.CSONLE_nlt_update_2015-04-02&siteid=&phint=tpcs%3D&phint=idg_eid%3D3ed717ef9867f793024f9cb8f4bb3860

Do Threat Exchanges Work?
The big question is, do these threat exchanges work? Sharing information about threats is one thing, but does this sharing result in reducing your security risk by preventing your organization falling victim to viruses and other malware infections or more concerted attacks by hackers?
Question of Trust
Does Size Matter?
It’s impossible to know in advance which exchange offers the right combination of these traits to be helpful for your organization. All that can be said is that you’ll recognize it if and when the threat information you receive starts to help you ward off viruses, malware and hacker attacks.
Link: http://www.esecurityplanet.com/network-security/do-threat-exchanges-work.html

Reduce Breach Liability [Infographic]
Customer identity data is a highly valuable asset not only to you as a business, but also to criminals intent on exploiting the data for personal gain. Thieves can make an estimated $50 million from just one data breach, and brands have lost as much as $125 million in breach associated costs*.
While most of us are aware of the dangers, it can be difficult to know what to do to prevent a data breach. However, there are questions that you can ask to understand your areas of vulnerability and ward off an insider security breach later..
Link: http://www.business2community.com/infographics/infographic-reduce-breach-liability-01195068

Google bans Chinese websites, cites security breach
BEIJING, April 2 (UPI)—Google’s tense relationship with Chinese authorities took another turn when the search engine announced its web browser and other applications will not recognize security certificates from the China Internet Network Information Center, or CNNIC.
Google announced the move in a blog post on March 23, saying the CNNIC had farmed out its certification authority to Egypt-based MCS Holdings, an organization Google described as “not fit to hold (authority).”
Link: http://www.upi.com/Top_News/World-News/2015/04/02/Google-bans-Chinese-websites-cites-security-breach/6011427986032/

Google’s Android security scans over 200 million devices a day
Google’s data suggests that the percentage of Android phones that didn’t have any PHAs stood at around 99.5 percent at its lowest in October 2014, although this figure excludes anyone that rooted the phone and, er, freed up the security system built into the mobile OS. Notably, this figure is from before both Android 4.4 and its successor. The company counts that it’s got one billion devices protected by its Android security services: its Verify Apps service now scans over 200 million devices a day in the background, aimed at improving device security. Google is quick to add that none of your pics, location data or personal information is accessed. Phew.
Link: http://www.engadget.com/2015/04/02/google-security-android-2014/

iOS Security Reports Say No iPhone Is Safe
According to the GFI report, Apple took the top vulnerability spots, with its Mac OSX at No. 1 with 147 vulnerabilities, followed by Apple iOS with 127 vulnerabilities. The Linux kernel was a close third, followed very distantly by Ubuntu and Windows. Android, meanwhile, had only six reported vulnerabilities for 2014 (although GFI took care to note that this number did not include certain Linux vulnerabilities that also apply to Android).
Link: http://www.informationweek.com/ios-security-reports-say-no-iphone-is-safe/a/d-id/1319750

Wednesday, April 01, 2015

Newsalert - 2015 April 01

Why Data Breaches Don’t Hurt Stock Prices
[The] mismatch between the stock price and the medium and long-term impact on companies’ profitability should be addressed through better data. Shareholders still don’t have good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value. In most cases, at the time a security breach is disclosed, it is almost impossible for shareholders to assess its full implications. Shareholders should look beyond short-term effects and examine the impact on other factors, such as overall security plans, profitability, cash flow, cost of capital, legal fees associated with the breach, and potential changes in management.
Now that major security breaches have become an inevitability in doing business, companies should put strong data security systems in place, just as they protect against other types of business and operational risks. However, companies whose assets are primarily non-digital have less incentive to invest in prevention if they know their stock price will survive — and that takes a toll on the overall economy and consumer privacy.
Link: https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices

Updated – Security Alert: Vawtrak aka Neverquest Trojan Targeting Canadian Banks
Our malware analysts have detected an ongoing malware campaign, where Vawtrak (or Neverquest), a classic Trojan-banker targets credentials from banks in Canada to steal financial information.
This high versatility offers Vawtrak the ability to collect credentials and sensitive information from FTP servers, email clients and finally from all spheres of the online.
Number and location of victims: the size of the BOTnet depends on the campaign, but we have already identified approximately 15.000 BOTs in the Canadian targeted attack, and 90% of these are located in Canada based on geoIP.
Link: https://heimdalsecurity.com/blog/vawtrak-financial-malware/

Targeted controls key to effective information security, says Protiviti
The firm’s managing director and global lead of the IT governance and risk management practice, Jonathan Wyatt, said too often businesses focus only on keeping intruders out.
The first thing businesses need to accept is that it is impossible to protect everything to the highest level all the time, he said, but also that they do have valuable data and that keeping it safe is achievable. Businesses must take control of their IT landscape
Link: http://www.computerweekly.com/news/4500243458/Targeted-controls-key-to-effective-information-security-says-Protiviti?asrc=EM_ERU_41330668&utm_medium=EM&utm_source=ERU&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&src=5375580

Social engineering techniques are becoming harder to stop, experts say
As social engineering techniques get more sophisticated and attacks appear more like authentic messages, experts say that training methods need to evolve as well. Baker said that the trick to educating employees has always been to make people suspicious of these requests, but that is getting more difficult because it often isn’t enough to simply have users keep an eye out for improper use of language or odd typos.
As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.
Link: http://searchsecurity.techtarget.com/news/4500243233/Social-engineering-techniques-are-becoming-harder-to-stop-experts-say?utm_medium=EM&asrc=EM_ERU_41331086&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&utm_source=ERU&src=5375580

Corporate Security Checklist – a CEO’s Guide to Cyber Security
You may not know the figures yet, but data breaches are currently among the most common and most costly security problems for organizations of all sizes. The 2014 Cyber Security Intelligence Index by IBM shows that companies are attacked around 16,856 times a year, and data breaches are one of the preeminent causes for these attacks.
Ensuring your company’s cyber security is a complex job and you need a trustworthy CTO or CIO to keep things up to date and working well. As a manager or CEO, you couldn’t possibly have the time to dedicate to understanding or coordinating all of this by yourself.
What we’re trying to help you is understand why cyber security is a necessity and a fundamental factor that influences your company’s stability and success.
Link: https://heimdalsecurity.com/blog/corporate-security-checklist-a-ceos-guide-to-cyber-security/

Sinkholing Volatile Cedar DGA Infrastructure
There is currently some buzz about the Volatile Cedar APT activity in the Middle East, a group that deploys not only custom built RATs, but USB propagation components, as reported by Check Point [pdf]. If you are interested in learning more about this APT, we recommend checking their paper first.
One interesting feature of the backdoors used by this group is their ability to first connect to a set of static updater command and control (C2) servers, which then redirect to other C2. When they cannot connect to their hardcoded static C2, they fall back to a DGA algorithm, and cycle through other domains to connect with.
Link: https://securelist.com/blog/research/69421/sinkholing-volatile-cedar-dga-infrastructure/

PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities
The governing body behind the Payment Card Industry Data Security Standard has confirmed that the next version of the mandate will be released in just a few weeks, which could spark a scramble by merchants trying to implement the surprise update.
According to the SSC, the changes in PCI 3.1 will affect all requirements that reference SSL as an example of what it calls “strong cryptography,” which in its glossary of terms is defined as “cryptography based on industry-tested and accepted algorithms, along with strong key lengths (minimum 112-bits of effective key strength) and proper key-management practices.”
Link: http://searchsecurity.techtarget.com/news/4500243398/PCI-DSS-31-set-for-April-2015-release-will-cover-SSL-vulnerabilities?utm_medium=EM&asrc=EM_NLN_41362368&utm_campaign=20150401_Fire%20drill:%20Surprise%20PCI%20DSS%20update%20may%20be%20days%20away_mtamarov&utm_source=NLN&track=NL-1820&ad=899837

Cisco buys virtual appliance software vendor
Cisco (CSCO -1%) is buying Embrane, a provider of virtual (software-based) firewall and load balancer appliances, and (perhaps more importantly for Cisco) a software platform for deploying and managing virtual appliances (whether Embrane’s or a third party’s). Terms are undisclosed.
Embrane’s team is joining Cisco’s Insieme SDN/switching unit; the networking giant argues Embrane’s offerings will strengthen the feature set of its Nexus data center switch line and ACI SDN/networking virtualization platform (seeing healthy growth, in pitched battle with VMware’s NSX).
Link: http://seekingalpha.com/news/2405416-cisco-buys-virtual-appliance-software-vendor?auth_param=137vrm:1aho75g:69ceee3ad86c2affa033f48c8b0df37e&uprof=45

Anonymous proxies used to carry out shotgun DDoS attacks
… new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.
According to the findings DDoS attacks from anonymous proxies accounted for 20 percent of all application layer attacks. On average, perpetrators were directing traffic from 1,800 different IPs. This is what Incapsula calls a “Shotgun” attack.
Link: http://betanews.com/2015/03/31/anonymous-proxies-used-to-carry-out-shotgun-ddos-attacks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN

Google kills 200 ad-injecting Chrome extensions, says many are malware
More than a third of Chrome extensions that inject ads were recently classified as malware in a study that Google researchers carried out with colleagues from the University of California at Berkeley. The Researchers uncovered 192 deceptive Chrome extensions that affected 14 million users. Google officials have since killed those extensions and incorporated new techniques to catch any new or updated extensions that carry out similar abuses.
Link: http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-chrome-extensions-says-many-are-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

F5 opens new Security Operations Center in Seattle to help companies defeat ...
GeekWire
F5 Networks marked the opening of a new Security Operations Center at its Seattle headquarters this afternoon — complete with one of its engineers in a black hoodie playing the role of a hacker launching a mock online attack, to show how the company’s ...
Link: http://www.geekwire.com/2015/f5-opens-new-security-operations-center-in-seattle-to-help-companies-defeat-online-attacks/

Tuesday, March 31, 2015

Newsalert - 2015 Mar 31

BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://www.cyberkendra.com/2015/03/bluehost-and-hostmonstor-hacked-by.html

10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way - it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://www.net-security.org/article.php?id=2250

Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://thetechportal.in/2015/03/30/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions/

Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://www.techzone360.com/topics/techzone/articles/2015/03/30/400614-financial-services-investing-data-security-risk-mitigation.htm

Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://www.scmagazineuk.com/russian-banks-combat-tyupkin-atm-malware-gang/article/406061/

Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://www.pandct.com/media/shownews.asp?ID=43167

Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://www.istockanalyst.com/business/news/7249004/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations

Monday, March 30, 2015

Newsalert - 2015 Mar 30

BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://www.cyberkendra.com/2015/03/bluehost-and-hostmonstor-hacked-by.html

10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way - it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://www.net-security.org/article.php?id=2250

Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://thetechportal.in/2015/03/30/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions/

Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://www.techzone360.com/topics/techzone/articles/2015/03/30/400614-financial-services-investing-data-security-risk-mitigation.htm

Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://www.scmagazineuk.com/russian-banks-combat-tyupkin-atm-malware-gang/article/406061/

Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://www.pandct.com/media/shownews.asp?ID=43167

Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://www.istockanalyst.com/business/news/7249004/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations

Sunday, March 29, 2015

Newsalert - 2015 Mar 29

BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://www.cyberkendra.com/2015/03/bluehost-and-hostmonstor-hacked-by.html

10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way - it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://www.net-security.org/article.php?id=2250

Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://thetechportal.in/2015/03/30/interpols-global-complex-for-innovation-identifies-dangerous-malware-in-cryptocurrency-transactions/

Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://www.techzone360.com/topics/techzone/articles/2015/03/30/400614-financial-services-investing-data-security-risk-mitigation.htm

Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://www.cio.com/article/2899082/security0/security-crashes-the-boardroom-party.html

Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://www.scmagazineuk.com/russian-banks-combat-tyupkin-atm-malware-gang/article/406061/

Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://www.pandct.com/media/shownews.asp?ID=43167

Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://www.istockanalyst.com/business/news/7249004/eighth-annual-state-of-the-network-global-study-from-jdsu-s-network-instruments-finds-85-percent-of-enterprise-network-teams-now-involved-in-security-investigations

Thursday, March 26, 2015

Newsalert - 2015 Mar 26

70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept
Websense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year’s e-Crime Congress. Nearly all respondents (98 %) believe that the law should address serious data breaches that expose consumers’ data loss through punishments such as fines (65%), mandatory disclosure (68%), and compensation for consumers’ affected (55%). Sixteen percent even advocate arrest and jail sentence for the CEO or board members.
Respondents feel that companies that are not taking action against data loss and theft have it as an agenda item, but it’s not yet a high enough priority (45%). Furthermore, 70% say the CEO should hold ultimate responsibility should a breach arise. And the pressure is mounting, as 93% of all respondents believe the advent of the Internet of Things will make companies even more vulnerable to data theft.
Link: http://www.firstpost.com/business/70-cos-feel-ceos-responsible-data-breaches-5-blame-dept-2174439.html

Windows Server 2003 End-of-Life Survey Finds Nearly One in Three Companies Will Miss Deadline, Leaving Nearly 3 Million Servers Vulnerable to Breach
An estimated 2.7 million servers—potentially containing hundreds of millions of files—will be unprotected after July 14, 2015, the end-of-life deadline, according to the survey Bit9 + Carbon Black conducted in February 2015.. Key findings from the survey—of IT leaders at 500 medium and large enterprises in the U.S. and U.K. with at least 500 employees—include:
-      More than half of enterprises (57 percent) do not know when the end of life deadline is

Link: http://www.darkreading.com/vulnerabilities—-threats/windows-server-2003-end-of-life-survey-finds-nearly-one-in-three-companies-will-miss-deadline-leaving-nearly-3-million-servers-vulnerable-to-breach/d/d-id/1319612

Rise of threat intelligence is leading to too many sources, finds MWR, CPNI and CERT-UK
Threat intelligence is rapidly becoming an ever-higher business priority with a general awareness of the need to ‘do’ threat intelligence, but vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products.
According to MWR senior security researcher Dr David Chismon, there is a risk that in the hurry to keep up with the threat intelligence trend, organisations will end up paying large amounts of money for products that are interesting but of little value in terms of improving the security of their business. “Doing threat intelligence is important – but doing it right is critical,” he said.
In a report by MWR Infosecurity, supported by the Centre for the Protection of National Infrastructure (CPNI) and CERT-UK, the theme of threat intelligence is covered, including how to build a successful threat intelligence programme ,and crucially, how not to build one, as well as detailed advice on collecting, analysing, acting on and sharing the information obtained.
Link: http://www.itsecurityguru.org/2015/03/25/rise-of-threat-intelligence-is-leading-to-too-many-sources-finds-mwr-cpni-and-cert-uk/

On the Heels of the Successful Ramnit Botnet Takedown, AnubisNetworks Adds Powerful New Features to Cyberfeed Threat Intelligence Service / New Cyberfeed Release Delivers More Visibility Into Cyber Threat Vectors and Improved Enrichment and Correlation f
AnubisNetworks, a subsidiary of Security Ratings company BitSight Technologies, announced today significant enhancements to Cyberfeed, a subscription-based threat intelligence service that allows advanced security organizations such as SOCs, MSSPs and CERTs to obtain real-time event feeds on security threats.
Produced from vast global and proprietary sensors networks, Cyberfeed delivers contextualized threat intelligence by correlating data from different security feeds, for example, verifying if an organization’s IP reputation decrease is related to compromised systems or a persistent campaign. These feeds are enriched with data such as geolocalization information or malware profile, thus enabling organizations to act faster and proactively mitigate cyber risks.
New Enhancements to Cyberfeed
• Intelligence Breadth
• Data Depth
Link: http://www.finanznachrichten.de/nachrichten-2015-03/33222776-on-the-heels-of-the-successful-ramnit-botnet-takedown-anubisnetworks-adds-powerful-new-features-to-cyberfeed-threat-intelligence-service-new-cyber-256.htm

New York Fed Creates Cybersecurity Team
Bloomberg Business on Tuesday reported that the Federal Reserve Bank of New York has created a new team dedicated towards cybersecurity threats.
The team will be led by Roy Thetford, the bank’s former information security officer. He will be working with an examination team to establish a new risk-based cybersecurity assessment framework.
Link: http://www.benzinga.com/news/15/03/5355778/new-york-fed-creates-cybersecurity-team

UK attacks on crypto keys and digital certificates endemic
All 499 UK security professionals polled in a global survey say their organisations have responded to multiple attacks on keys and certificates in the past two years.
The 2015 Cost of Failed Trust Report, commissioned by security firm Venafi, claims to be the only research of its kind to examine the internet system of trust.
The potential risk facing UK firms from attacks on keys and certificates is expected to reach at least £33m in the next two years, according to the report, based on interviews with more than 2,300 IT security professionals around the world.
Link: http://www.computerweekly.com/news/4500243119/UK-attacks-on-crypto-keys-and-digital-certificates-endemic?asrc=EM_ERU_41107776&utm_medium=EM&utm_source=ERU&utm_campaign=20150326_ERU%20Transmission%20for%2003/26/2015%20(UserUniverse:%201433145)_myka-reports@techtarget.com&src=5373575

Despite Demands of Ongoing Transformation, CIOs and IT Professionals Remain Focused on Security and Privacy in 2015
MENLO PARK, Calif., March 25, 2015 /PRNewswire/—As organizations continue to undergo major changes and technology upgrades, CIOs and IT professionals are under growing pressure to manage these transformations successfully while simultaneously addressing increased cybersecurity threats, according to a new survey by global consulting firm Protiviti (http://www.protiviti.com).
“Gone are the days where information security and data privacy vulnerabilities are viewed as just technical issues. Today, these challenges include critical business policy, governance, compliance and communications that must be addressed across the enterprise, placing even more responsibilities on the shoulders of executive management,” said Kurt Underwood, a managing director with Protiviti and global leader of the firm’s IT consulting practice. “Our survey findings show that organizations going through major transformations see the need to elevate more of their attention and budgets toward mitigating and combating security risks as they seek to enhance and protect the value of their businesses with technology.”
Link: http://www.reuters.com/article/2015/03/25/proviti-it-idUSnPn5H4q25+90+PRN20150325

Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide
Dark Reading
This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs.
… discovered a critical vulnerability in ANTlabs’ InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS).Link: http://www.darkreading.com/attacks-breaches/cylance-researchers-discover-critical-vulnerability-affecting-hotel-chains-worldwide/d/d-id/1319644

Virginia first state to enact digital identity law
Legislation in Virginia will create uniform standards for strengthening and authenticating digital identities. The Commonwealth of Virginia is taking the lead on this issue, as the first in the nation attempting to codify their way out of weak passwords, data breaches and identity theft. The bill has been approved by the General Assembly and was signed into law by Gov. Terry McAuliffe.
Link: http://www.secureidnews.com/news-item/virginia-first-state-to-enact-digital-identity-law/

New anti-malware weapon launched as NZ cyber security takes giant leap forward
The Red Alert system is the result of several years’ work by NICT scientists and engineers, supported through commissioned research projects, including by Unitec staff and students on computational intelligence for cyber security.
Designed to help protect any network that is connected and subscribed to it, Red Alert will issue an alert as soon as a hack takes place - it will detect intrusions, notify the victim and then provide a report which includes the type of attack, the part of the network infected and a list of experts who can help them resolve the issue.
Link: http://www.computerworld.co.nz/article/571389/new-anti-malware-weapon-launched-nz-cyber-security-takes-giant-leap-forward/

New router malware injects ads and porn into websites
A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router’s DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.
The malware finds its way into routers by exploiting the fact that many people don’t change their router’s default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn’t specify what routers are affected, but keeping your router’s firmware up to date and changing the default login credentials are good ways to keep secure.
Link: http://www.techspot.com/news/60169-new-router-malware-injects-ads-porn-websites.html

The top SA banking malware is…
They are: SWISYN, which makes up 37% of detections, followed by DORKBOT (27%) and ZEUS/ZBOT (23%).
Link: http://www.fin24.com/Tech/News/The-top-SA-banking-malware-is-20150325

Wednesday, March 25, 2015

Newsalert - 2015 Mar 25

F5 Threat Analysis: It’s a mad, mad, mad, mad ... bot
F5’s State of Application Delivery 2015 survey found that 92% of customers were confident to very confident they were ready and able to handle such attacks. Given that a majority protect all three attack surfaces “all the time”, this confidence is likely warranted…
But as complacency is as dangerous to security as complexity,
Madness is, according to its authors, a superior successor to notorious DDoS malware families “BlackEnergy”, “gbot”, “DirtJumper”, “Darkness Optima”, “iBot” and “w3Bot”.
...Madness displays a growing awareness of the richer attack surfaces at layer 7 (application). While supporting traditional network-based DoS capabilities, Madness also offers a number of application layer attacks with growing detection evasion options. Madness’ HTTP flood options can be categorized into low-level and high-level attacks. Low-level attacks allow the attacker to control all aspects of the HTTP request.
Link: http://www.sys-con.com/node/3315922

BackDoor.Yebot [supposedly there is an uptick in infections, but not confirmed]
Multi-purpose and multi-module backdoor Trojan written in С. It is spread by means of Trojan.Siggen6.31836. URL contains further info…
Link: http://vms.drweb.com/virus/?i=4357803&lng=en

The 7 Truths Of Actionable Intelligence
We’ve talked in the past about Rick Holland’s (Forrester Research) thoughts on how to make sure the intelligence you receive is actionable and thus useful to your mission. Rick has some great guidance that you should take to heart (we have at iSIGHT Partners) – below we look at the seven core areas he details, with our own editorial below each header.
Link: http://www.isightpartners.com/2015/03/the-7-truths-of-actionable-intelligence/

New Report Promises Threat Intelligence 101
Global information security consultancy, MWR InfoSecurity, has produced a comprehensive new guide designed to provide organizations of all sizes with vendor-neutral advice on how to effectively build and evaluate threat intelligence programs. The report, Threat Intelligence: Collecting, Analysing, Evaluating, was produced with support from the UK’s Centre for the Protection of National Infrastructure (CPNI) and CERT-UK.  The link to the report: https://www.mwrinfosecurity.com/articles/intelligent-threat-intelligence/
Link: http://www.infosecurity-magazine.com/news/new-report-promises-threat/

Google warns of fake digital certificates
Google has warned of unauthorised digital certificates issued for several of its domains that could be used to intercept data traffic to its services.
The fake certificates were issued by intermediate certificate authority CNNIC which is owned by MCS Holdings, said Google engineer Adam Langley.
Link: http://www.computerweekly.com/news/4500242932/Google-warns-of-fake-digital-certificates?asrc=EM_ERU_41061149&utm_medium=EM&utm_source=ERU&utm_campaign=20150325_ERU%20Transmission%20for%2003/25/2015%20(UserUniverse:%201429542)_myka-reports@techtarget.com&src=5373152

A Quarter of Businesses Have No Control over Network Privileges
A BeyondTrust survey, Privilege Gone Wild 2 shows that more than one out of four companies indicated they have no controls in place to manage privileged access. That’s even though nearly half of the survey respondents (47%) admit they have employees with access rights not necessary to their current role.
Workers that have excessive privilege rights can easily compromise company assets, via the ability to steal credentials and the ease of access to sensitive data. There’s a rise in crime carried out by malicious insiders, but unwitting employees can also become conduits for outside criminals who have targeted them through judicious, well-crafted social engineering tactics. Sometimes a grooming process takes place, where the employee is developed over a period of weeks or even months to become susceptible to cybercrime ploys.
Link: http://www.infosecurity-magazine.com/news/quarter-of-businesses-network/

‘.bank’ domains, which should be more secure, are coming this summer
The new, exclusive domains offer a higher level of security than .com addresses — a change designed to foil phishing attempts and cybercrime so customers know the website is legitimate, not one created by a hacker trying to steal information.
Firms can begin registering dot-bank domains in May, says Craig Schwartz, who runs the effort for .bank and .insurance domains as director of the fTLD Registry Services. The payments and financial services sectors were the targets of nearly 67% of all phishing attacks in the second quarter of 2014, according to the most recent report published by the Anti-Phishing Working Group. The .bank domains will include encryption measures and authenticate emails so customers can more easily discern if a message truly came from the bank.
Link:  http://www.marketwatch.com/story/bank-domains-which-should-be-more-secure-are-coming-this-summer-2015-03-25

Secunia Report Highlights Critical Importance of Non-Microsoft Patches
Vulnerability management vendor Secunia on Wednesday released its annual “Secunia Vulnerability Review.” Overall findings were that the number of new vulnerabilities reported in 2014 went up by 18 percent compared to 2013. Newly reported vulnerabilities totaled 15,435 in 3,870 applications from 500 publishers, Secunia said. Among those thousands of new vulnerabilities were 25 zero-day vulnerabilities, which are security flaws that are already being exploited in the wild when a vendor publishes a security advisory about them. That figure is up from 14 zero-days in 2013.
Link: http://rcpmag.com/articles/2015/03/25/secunia-importance-of-non-microsoft-patches.aspx

Favicons used to update world’s ‘most dangerous’ malware
Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network.
The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence.
He says Vawtrak uses the Tor2Web proxy to receive updates from its criminal developers.
Kroustek says the latest Vawtrak sample uses steganography to conceal update files within favicons, the small images used to add colour to website bookmarks and browser tabs, in a novel trick that helps conceal the malicious downloads.
Link: http://www.theregister.co.uk/2015/03/25/blank/

root9B Announces Development of First-ever Credential Risk Assessment and Remediation Solution
NEW YORK, March 25, 2015 /PRNewswire/—root9B, a leading provider of advanced cybersecurity services and tailored active defense capabilities, announced today the development of Orkos, a revolutionary product to identify critical credential theft risks in organizational networks. root9B is a root9B Technologies company (OTCMKTS: RTNB).
Orkos, root9B’s credential assessment capability, combines comprehensive data collection, advanced logic, and cutting-edge visualization to identify the critical links attackers will exploit in a major breach. It identifies not only immediate risks, but higher-order effects, showing the total risk of credential theft. Orkos also supports remediation through simulation of network changes that would prevent an attacker from compromising additional systems with stolen credentials. Orkos was designed to find and mitigate the types of dangers vividly illustrated by the recent Target and Sands breaches.
Link: http://www.otcmarkets.com/stock/RTNB/news?id=100303

Tuesday, March 24, 2015

Newsalert - 2015 Mar 24

Is Your Threat Intelligence Platform Just a Tool?
There are new tools coming on the market every day, but many are just that – a simple tool and not a true platform. A tool may solve immediate needs, but you must evaluate your needs across multiple stakeholders throughout your organization (i.e., SOC, IR, Threat Team, CIO, CISO, Board) and look to a single platform to bring everyone together. The platform must support the integration of all the stakeholders and data that is relevant to each in such a way that all interested parties can work together as a team. Customization of the platform is key, as each organization will have different processes, and the need for data customization across those processes for aggregation, analysis, and action.
A platform is a foundational capability. It should be extensible, conducive to enterprise collaboration and evolve as your organization’s strategies shift. We agree with ExactTarget (Salesforce) in their definition of a tool vs. a platform, and in addition to that put forth our spin on the features you want to look for in a Threat Intelligence Platform [list follows …]
Link: http://www.threatconnect.com/news/is-your-threat-intelligence-platform-just-a-tool/

Don’t Let 2015 be the (NEW) Year of the Breach…Embrace Cyber Threat Intelligence
According to our friends at Google, every year since 2011 has been coined “The Year of the Breach”. That’s an awful long time to be stuck being remembered as yet another year we let bad guys take our stuff.
Performing these exercises gives us a pretty clear picture of the attack surfaces we are presenting to an adversary to gain access to our data. But let’s not pat ourselves on the back too vigorously yet. Our adversary’s tactics drive how we prioritize defending each of these attack surfaces. How do we find out what those tactics are?
Security is hard folks, and it’s not for the faint of heart. Not a single concept on this blog is something that can be done quickly or haphazardly. We haven’t even touched the attack surfaces presented by the users of our network. We haven’t touched on a lot of topics really. What we have covered is a basic methodology that will go a long way towards making sure we do our part to ensure 2015 gets coined something other than “the Year of the Breach“.
Link: http://www.isightpartners.com/2015/03/dont-let-2015-be-the-new-year-of-the-breach-embrace-cyber-threat-intelligence/

When DDoS Isn’t All About Massive Disruption
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
Corero also found a large number of short-burst DDoS attacks lasting anywhere from 5- to 30 minutes. Some 96% of DDoS attacks against its service provider and enterprise customers’ networks lasted less than 30 minutes, and 73%, less than five minutes.
Link: http://www.darkreading.com/perimeter/when-ddos-isnt-all-about-massive-disruption/d/d-id/1319581

New Neverquest campaign is targeting Canadian banks
Neverquest (aka Vawtrak) is a classic Trojan-banker with a variety of different advanced functions to attack online banking customers. The malware often gets installed through downloaders that are dropped using drive-by attacks.
The current webinject reveals that the primary goal, at least of this campaign, is financial institutions in Canada. We have more than 15 unique targets in Canada. The webinject is very much in the style of the ZeuS template and with the goal to alter the content of several specified target websites.
Link: https://www.csis.dk/en/csis/blog/4628/

CFOs increase spending on cyber-security
Sixty-three per cent of finance executives in a broader survey said their top response to the increased threat of data breaches was spending more on cyber-security and fraud prevention. In that survey, part of the AICPA’s quarterly Business & Industry Economic Outlook, 29% said they had not made any changes, 13% said they were accelerating the development of new mobile or electronic payment options that could offer more security, and 5% listed an unspecified other response.
Most CFOs in an annual survey by accounting and consulting firm BDO said the main response to cyber-security concerns was the implementation of new software security tools (90%) and the creation of a formal response plan for security breaches (72%).
Link: http://www.cgma.org/Magazine/News/Pages/cyber-security-spending-201512001.aspx?TestCookiesEnabled=redirect

What is keeping CIOs awake in 2015?
Kathy Gibson at the IDC CIO Summit, Sandton – We’ve heard about the four pillars of the 3rd Platform – big data, mobility, social and cloud computing – for some time; but now CIOs are looking to transform their organisations in line with these strategies.
• Security is a hot button issue for CIOs – and by 2016 it will be a top three business priority for 70% of CEOs.
• It is imperative to elevate security to senior executive responsibility, including CXOs in cross-functional governance.
• CIOs are urged to assess overall security architecture and transition from internal fixed cost assets to variable-cost PaaS. And they need to ensure that a security review – including cost – is a prerequisite for any new solution whether or not IT is involved.
• Mobile adds to the complexity of security, and in mobile-first regions the customer privacy agenda is highlighted.
Link: http://it-online.co.za/2015/03/24/what-is-keeping-cios-awake-in-2015/

Shipping analysts warn of cyberattacks at sea
Hackers could interfere with the control of a ship, disable navigation systems, cut off communications or steal confidential data, according to Allianz Global Corporate & Specialty SE’s 2015 Safety and Shipping Review.
The report warned shipping firms to prepare for the likelihood of cyberattacks as hackers around the world become more sophisticated.
Link: http://thehill.com/policy/cybersecurity/236723-shipping-analysts-warn-of-cyberattacks-at-sea

Fleishman launches global cybersecurity and privacy practice
ST. LOUIS: FleishmanHillard has launched a global practice focused on helping clients with data security and privacy challenges.
The group’s mission is to provide clients with a one-stop shop to address data-specific challenges in areas including data breach preparedness and response; employee awareness and engagement; privacy protection communications and advocacy; and public affairs regulatory and legislative counsel.
The practice is also supported by cybersecurity and investigations firms, cyber law firms, and cyber insurance underwriters with which Fleishman has a relationship. For instance, one year ago, Fleishman and risk-management firm Kroll formed a strategic alliance focused on cybersecurity and data-breach-risk mitigation.
Link: http://www.prweek.com/article/1339661/fleishman-launches-global-cybersecurity-privacy-practice

UK government announces £5m anti-malware funding
The UK government has announced a £5m investment to help researchers create new cyber security solutions as part of ongoing efforts to bolster the nation’s defences.
The funding was announced at the World Cyber Security Technology Research Summit in Northern Ireland and will be provided by the Engineering and Physical Sciences Research Council (EPSRC) and Innovate UK.
The research will focus specifically on ways to tackle malware threats, detect intrusions and prevent data theft on laptops, smartphones and cloud storage services.
Link: http://www.v3.co.uk/v3-uk/news/2401139/uk-government-announces-gbp5m-anti-malware-funding

When It Comes to Threat Detection and Incident Response, Context Matters
CSOs should now be using security analytics tools for threat detection and incident response. These security analytics tools offer the analyst unprecedented access to data they have always logged and kept, but rarely used.
This also allows security professionals to explore data sets previously deemed too large and complex for everyday use like full packet captures of all network data. Now we are seeing the emergence of tool sets that can not only deal with the incredible amount of information coming in daily, but can also be used to review older data. Security analytics tools don’t actually eliminate the need for a Security Incident and Event Management (SIEM) system. They still have their place in most organisations…
Link: http://www.cso.com.au/article/571117/when-it-comes-threat-detection-incident-response-context-matters/

Monday, March 23, 2015

Newsalert - 2015 Mar 23

Data company [IDT911] to open European HQ in Galway
A company that offers data protection services is to create 60 jobs with the opening of its European headquarters in Galway.
The company provides identity management, fraud monitoring and cyber security services to 17.5 million private customers in the US and Canada as well as to more than 750,000 businesses.
Link: http://www.rte.ie/news/2015/0323/689013-jobs-galway/

Is the UK gaining on the US in its spate of major cyber security breaches?
The data breach landscape in the UK has changed beyond all recognition over the last few years. More than four in ten Britons (42%) have been affected in some way by a breach, and their levels of concern are growing.
Experian has recently completed a new paper, Data Breach Readiness 2.0: The ‘Customer First’ Data Breach Response, which assessed the rapidly changing landscape of data breach in the UK. Not only did we survey businesses and consumers we also spoke, at some length, with industry authorities from leading lawyers, insurers, digital forensic experts, customer support specialists and crisis communications experts to assess the true extent of preparedness among UK organisations should a data breach occur.
Costs are higher also: The average US data breach costs £132 per record compared with £104 in the UK; and lastly lost business costs are higher in the US, reaching £2.2 million on average, compared with less than £1 million in the UK.
Link: http://www.information-age.com/industry/uk-industry/123459208/uk-gaining-us-its-spate-major-cyber-security-breaches

PoSeidon malware targeting retailers, say researchers
A family of improved malware is targeting retailers’ point of sale (PoS) systems, taking up where Zeus and BlackPoS left off, say Cisco researchers.
Dubbed PoSeidon, the malware is designed to scrape PoS devices’ memory for credit card information and exfiltrate that data to servers. The data can be used to create cloned credit cards, and is typically sold on criminal markets. The demand for such data has driven the growth in the number of data breaches involving PoS malware.
Link: http://www.computerweekly.com/news/2240242818/PoSeidon-malware-targeting-retailers-say-researchers

Bridging the Cyber-Security Skills Gap Using the Right Technology
According to the 2015 Global Cybersecurity Status Report from industry association, ISACA, a huge 90% and 87% of US- and UK-based IT and security professionals respectively testified to there being an international shortage of skilled cyber-security professionals, with direct impact on these organizations’ ability to prepare and fend off sophisticated attack as a result.
The technology is moving in the right direction, we just need to make sure it will focus on helping the humans fight the bots and the malicious humans on the other side, not burry them in additional labor.
Link: http://www.cytegic.com/Blog/?p=160

CEOs have false perception of the extent of their cyber risk insurance cover, new report finds
The report on the role of insurance in managing and mitigating cyber risk (32-page / 2.78MB PDF) highlighted a discrepancy between the cover that chief executives believe their companies have for cyber risk and the reality of the insurance protection their businesses have purchased.
"Business leaders who are aware of insurance solutions for cyber tend to overestimate the extent to which they are covered," the report said. "Surveys show that 52% of CEOs believe that they have cover, whereas in fact less than 10% do. This picture is likely a result of the complexity of insurance policies with respect to cyber, with cyber sometimes included, sometimes excluded, and sometimes covered as part of an add-on policy."
According to the report, just 2% of large businesses in the UK have "explicit cyber cover" and approximately half of the businesses the government liaised with for the report said they were not aware "that cyber risks can even be insured".
Link: http://www.out-law.com/en/articles/2015/march/ceos-have-false-perception-of-the-extent-of-their-cyber-risk-insurance-cover-new-report-finds/

Adobe Flash Player Sees Additional Update, Patches Vulnerabilities Found at Pwn2Own Contest
The latest beta version of Adobe Flash Player is now available. It is version number 17.0.0.134, and is the latest free version of the player. This version of Adobe Flash Player comes with many new incremental updates and performance enhancements that increase the quality of the player. Most of the fixes are technical in nature, but many users will see some performance enhancements if they spend a lot of time using Adobe Flash Player.
Link: http://airherald.com/adobe-flash-player-sees-additional-update-patches-vulnerabilities-found-at-pwn2own-contest/23470/

Communication Security Establishment's cyberwarfare toolbox revealed
The CSE toolbox includes the ability to redirect someone to a fake website, create unrest by pretending to be another government or hacker, and siphon classified information out of computer networks, according to experts who viewed the documents.
Link: http://www.cbc.ca/news/canada/communication-security-establishment-s-cyberwarfare-toolbox-revealed-1.3002978?cmp=rss

An introduction to threat intelligence services in the enterprise
Learning about relevant threats as soon as possible gives organizations the best chance to proactively block security holes and take other actions to prevent data loss or system failures.
Threat intelligence services are relative newcomers to the security industry, so there are still a lot of differences in the types of services each offering delivers.
Link: http://searchsecurity.techtarget.com/feature/An-introduction-to-threat-intelligence-services-in-the-enterprise

Airbus Wins UK Cyber Center Research Deal
LONDON — The creation of a UK virtual cyber operations center aimed at defeating battlefield attacks took a step forward with the award of a small study contract to Airbus UK by Ministry of Defence researchers.
Airbus Group's technology innovation arm in the UK announced Monday it secured a £1.4 million (US $2.1 million) deal late last year from the MoD's Defence Science and Technology Laboratory (Dstl) to study the development of a 3-D virtual world to enable analysts, military experts and others to collaborate and share situational awareness to detect and counter cyber attacks on information and weapon systems.
Link: http://www.defensenews.com/story/defense/policy-budget/cyber/2015/03/23/airbus-dstl-cyber-center-award/70326802/