70% cos feel CEOs are responsible for data breaches, only 5% blame IT dept
Websense, Inc. a company protecting organizations from the cyber-attacks and data theft, has announced the results of an international survey of 102 security professionals conducted at this year’s e-Crime Congress. Nearly all respondents (98 %) believe that the law should address serious data breaches that expose consumers’ data loss through punishments such as fines (65%), mandatory disclosure (68%), and compensation for consumers’ affected (55%). Sixteen percent even advocate arrest and jail sentence for the CEO or board members.
Respondents feel that companies that are not taking action against data loss and theft have it as an agenda item, but it’s not yet a high enough priority (45%). Furthermore, 70% say the CEO should hold ultimate responsibility should a breach arise. And the pressure is mounting, as 93% of all respondents believe the advent of the Internet of Things will make companies even more vulnerable to data theft.
Link: http://www.firstpost.com/business/70-cos-feel-ceos-responsible-data-breaches-5-blame-dept-2174439.html
Windows Server 2003 End-of-Life Survey Finds Nearly One in Three Companies Will Miss Deadline, Leaving Nearly 3 Million Servers Vulnerable to Breach
An estimated 2.7 million servers—potentially containing hundreds of millions of files—will be unprotected after July 14, 2015, the end-of-life deadline, according to the survey Bit9 + Carbon Black conducted in February 2015.. Key findings from the survey—of IT leaders at 500 medium and large enterprises in the U.S. and U.K. with at least 500 employees–include:
– More than half of enterprises (57 percent) do not know when the end of life deadline is
Link: http://www.darkreading.com/vulnerabilities—threats/windows-server-2003-end-of-life-survey-finds-nearly-one-in-three-companies-will-miss-deadline-leaving-nearly-3-million-servers-vulnerable-to-breach/d/d-id/1319612
Rise of threat intelligence is leading to too many sources, finds MWR, CPNI and CERT-UK
Threat intelligence is rapidly becoming an ever-higher business priority with a general awareness of the need to ‘do’ threat intelligence, but vendors are falling over themselves to offer a confusingly diverse array of threat intelligence products.
According to MWR senior security researcher Dr David Chismon, there is a risk that in the hurry to keep up with the threat intelligence trend, organisations will end up paying large amounts of money for products that are interesting but of little value in terms of improving the security of their business. “Doing threat intelligence is important – but doing it right is critical,” he said.
In a report by MWR Infosecurity, supported by the Centre for the Protection of National Infrastructure (CPNI) and CERT-UK, the theme of threat intelligence is covered, including how to build a successful threat intelligence programme ,and crucially, how not to build one, as well as detailed advice on collecting, analysing, acting on and sharing the information obtained.
Link: http://www.itsecurityguru.org/2015/03/25/rise-of-threat-intelligence-is-leading-to-too-many-sources-finds-mwr-cpni-and-cert-uk/
On the Heels of the Successful Ramnit Botnet Takedown, AnubisNetworks Adds Powerful New Features to Cyberfeed Threat Intelligence Service / New Cyberfeed Release Delivers More Visibility Into Cyber Threat Vectors and Improved Enrichment and Correlation f
AnubisNetworks, a subsidiary of Security Ratings company BitSight Technologies, announced today significant enhancements to Cyberfeed, a subscription-based threat intelligence service that allows advanced security organizations such as SOCs, MSSPs and CERTs to obtain real-time event feeds on security threats.
Produced from vast global and proprietary sensors networks, Cyberfeed delivers contextualized threat intelligence by correlating data from different security feeds, for example, verifying if an organization’s IP reputation decrease is related to compromised systems or a persistent campaign. These feeds are enriched with data such as geolocalization information or malware profile, thus enabling organizations to act faster and proactively mitigate cyber risks.
New Enhancements to Cyberfeed
• Intelligence Breadth
• Data Depth
Link: http://www.finanznachrichten.de/nachrichten-2015-03/33222776-on-the-heels-of-the-successful-ramnit-botnet-takedown-anubisnetworks-adds-powerful-new-features-to-cyberfeed-threat-intelligence-service-new-cyber-256.htm
New York Fed Creates Cybersecurity Team
Bloomberg Business on Tuesday reported that the Federal Reserve Bank of New York has created a new team dedicated towards cybersecurity threats.
The team will be led by Roy Thetford, the bank’s former information security officer. He will be working with an examination team to establish a new risk-based cybersecurity assessment framework.
Link: http://www.benzinga.com/news/15/03/5355778/new-york-fed-creates-cybersecurity-team
UK attacks on crypto keys and digital certificates endemic
All 499 UK security professionals polled in a global survey say their organisations have responded to multiple attacks on keys and certificates in the past two years.
The 2015 Cost of Failed Trust Report, commissioned by security firm Venafi, claims to be the only research of its kind to examine the internet system of trust.
The potential risk facing UK firms from attacks on keys and certificates is expected to reach at least £33m in the next two years, according to the report, based on interviews with more than 2,300 IT security professionals around the world.
Link: http://www.computerweekly.com/news/4500243119/UK-attacks-on-crypto-keys-and-digital-certificates-endemic?asrc=EM_ERU_41107776&utm_medium=EM&utm_source=ERU&utm_campaign=20150326_ERU%20Transmission%20for%2003/26/2015%20(UserUniverse:%201433145)_myka-reports@techtarget.com&src=5373575
Despite Demands of Ongoing Transformation, CIOs and IT Professionals Remain Focused on Security and Privacy in 2015
MENLO PARK, Calif., March 25, 2015 /PRNewswire/ — As organizations continue to undergo major changes and technology upgrades, CIOs and IT professionals are under growing pressure to manage these transformations successfully while simultaneously addressing increased cybersecurity threats, according to a new survey by global consulting firm Protiviti (www.protiviti.com).
“Gone are the days where information security and data privacy vulnerabilities are viewed as just technical issues. Today, these challenges include critical business policy, governance, compliance and communications that must be addressed across the enterprise, placing even more responsibilities on the shoulders of executive management,” said Kurt Underwood, a managing director with Protiviti and global leader of the firm’s IT consulting practice. “Our survey findings show that organizations going through major transformations see the need to elevate more of their attention and budgets toward mitigating and combating security risks as they seek to enhance and protect the value of their businesses with technology.”
Link: http://www.reuters.com/article/2015/03/25/proviti-it-idUSnPn5H4q25+90+PRN20150325
Cylance Researchers Discover Critical Vulnerability Affecting Hotel Chains Worldwide
Dark Reading
This vulnerability affects 277 hotels, convention centers and data centers across 29 countries. It has the potential to impact millions of customers ranging from everyday vacationers and data center IT staff to tradeshow attendees and high priority targets such as government officials, corporate executives and CSOs.
… discovered a critical vulnerability in ANTlabs’ InnGate product that could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user’s connection and potentially gain access to a hotel’s property management system (PMS).Link: http://www.darkreading.com/attacks-breaches/cylance-researchers-discover-critical-vulnerability-affecting-hotel-chains-worldwide/d/d-id/1319644
Virginia first state to enact digital identity law
Legislation in Virginia will create uniform standards for strengthening and authenticating digital identities. The Commonwealth of Virginia is taking the lead on this issue, as the first in the nation attempting to codify their way out of weak passwords, data breaches and identity theft. The bill has been approved by the General Assembly and was signed into law by Gov. Terry McAuliffe.
Link: http://www.secureidnews.com/news-item/virginia-first-state-to-enact-digital-identity-law/#
New anti-malware weapon launched as NZ cyber security takes giant leap forward
The Red Alert system is the result of several years’ work by NICT scientists and engineers, supported through commissioned research projects, including by Unitec staff and students on computational intelligence for cyber security.
Designed to help protect any network that is connected and subscribed to it, Red Alert will issue an alert as soon as a hack takes place – it will detect intrusions, notify the victim and then provide a report which includes the type of attack, the part of the network infected and a list of experts who can help them resolve the issue.
Link: http://www.computerworld.co.nz/article/571389/new-anti-malware-weapon-launched-nz-cyber-security-takes-giant-leap-forward/
New router malware injects ads and porn into websites
A new variant of router malware has been uncovered that injects unwarranted ads and pornography into websites by modifying the router’s DNS settings. Thanks to a clever implementation, this malware can hijack nearly every website on the internet for malicious purposes.
The malware finds its way into routers by exploiting the fact that many people don’t change their router’s default login credentials. It also attempts to send unauthenticated configuration requests to routers, which some models are vulnerable to. Ara Labs didn’t specify what routers are affected, but keeping your router’s firmware up to date and changing the default login credentials are good ways to keep secure.
Link: http://www.techspot.com/news/60169-new-router-malware-injects-ads-porn-websites.html
The top SA banking malware is…
They are: SWISYN, which makes up 37% of detections, followed by DORKBOT (27%) and ZEUS/ZBOT (23%).
Link: http://www.fin24.com/Tech/News/The-top-SA-banking-malware-is-20150325