[From the desk of Paul Davis – his opinions and no-one else’s]
So onto the news:
BlueHost and HostMonstor Hacked By Syrian Electronic Army
This time SEA hackers have targeted one of the leading web hosting company Endurance International Group INC. Hackers have hacked Endurance Group wings that includes Bluehost, Justhost, Hostgator and Hostmonster which are India’s leading web solution service provider.
Apart from this, its seems that SEA hackers have also hacked twitter account of BlueHost. Hackers had made a tweet from the compromised account. Currently the tweet were deleted but you can see the below image of the tweet done by SEA hackers.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=599ee35e79&e=20056c7556
10 practical security tips for DevOps
You will hear the concept of ‘Infrastructure as Code’ within DevOps. This is where the platforms infrastructure is stored as a set of scripts that can be executed in a repeatable way. Security needs to be looked at in the same way, with moving to ‘Security as Code’ or ‘Software Defined Security’. By moving from a legacy procedure in a Word document to a set of scripts, we can automate that document which means that it can be executed in a repeated and predictable way – it can be included into the DevOps pipeline.
For security professionals it is key to understand that instead of validating the end solution you need to validate the pipeline. If you are happy that the pipeline is building the solution in a way that meets you security goals you can be confident that this will be repeated every time a developer needs to get source code into production.
Here are 10 practical security tips for DevOps …
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b5622fde25&e=20056c7556
Interpol’s Global Complex for Innovation identifies dangerous malware in cryptocurrency transactions
A bunch of researchers from INTERPOL cyber threat team have spotted a loophole in the blockchain for virtual transactions which can be easily exploited and merged with data that is not supposed to be on web. The blockchain has a fixed open space that can be exploited if tapped into the right area.
Though, the loophole has not yet been exploited by people that are not supposed to, it could become a possible means for cyber crime scenarios in the future such as the deployment of modular malware, a reshaping of the distribution of zero-day attacks, as well as the creation of illegal underground marketplaces dealing in private keys which would allow access to this data.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ea802035d4&e=20056c7556
Financial Services: Investing in Data Security Risk Mitigation
In the words of the late Peter Drucker, “What gets measured gets managed”. This also holds true in today’s cyber threat landscape.
Your biggest challenge is a lack of visibility and awareness.
There is no single security tool that will remove all potential points of weakness.
You must be able to identify, manage, monitor and respond to any threats that may exist. Once a risk is quantified, a risk response tool will allow you to take action preemptively or even during the incident to minimize the potential of a data breach.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7fd4260728&e=20056c7556
Security crashes the boardroom party
Given the recent spate of headline-grabbing data breaches, CIOs need to be prepared to answer a lot of board questions about risk.
In a 2014 report titled “Risk and Responsibility in a Hyperconnected World” from the World Economic Forum and McKinsey & Co., the total economic cost of ineffective security was projected to top $3 trillion globally by 2020. That’s a staggering but unfortunately plausible number. So if there’s no question that cybersecurity breaches can devastate the bottom line, why haven’t more companies acted to deal with it more effectively?
Isn’t it time to upgrade cybersecurity to a board-level risk management discussion, not just occasionally but consistently?
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ace9ee46f8&e=20056c7556
Russian banks combat Tyupkin ATM malware gang
The Russian Ministry of Internal Affairs, together with the Federal Security Service, are taking steps to try and locate a criminal cyber-group specialising in robbing ATMs using the Tyupkin computer malware.
The criminals work in two stages. First, they get physical access to the ATMs and insert a bootable CD to install the malware – code named Tyupkin by Kaspersky Lab which discovered the exploit last year. After they reboot the system, the infected ATM is under their control.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=525edc9079&e=20056c7556
Protecting Critical Infrastructure from Threats
According to research performed by Lloyd’s of London insurer, Aegis London, “in the first half of the 2013 fiscal year, the US Department of Homeland Security’s Industrial Control Systems–Computer Emergency Readiness Team responded to more than 200 incidents, 53% of which were in the energy and utility sector, and many of them sponsored by states such as China”. Efforts to improve the security of critical infrastructure systems like nuclear power plants and water treatment facilities have accelerated at a rapid rate since the issuance of US Executive Order 13636, “Improving Critical Infrastructure Cybersecurity”, on February 12, 2013.
When making decisions about security policies for a critical infrastructure facility, the costs of implementing a stricter policy need to be weighed against the potential costs that could result from the failure of a weaker policy. The solution for each organisation will vary based on the requirements necessary to meet their security and business objectives.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=2b13357e8b&e=20056c7556
Eighth Annual “State of the Network” Global Study From JDSU’s Network Instruments Finds 85 Percent of Enterprise Network Teams Now Involved in Security Investigations
As threats continue to escalate, one quarter of network operations professionals now spend more than 10 hours per week on security issues and are becoming increasingly accountable for securing data. This reflects an average uptick of 25 percent since 2013. Additionally, network teams’ security activities are diversifying. Teams are increasingly implementing preventative measures (65 percent), investigating attacks (58 percent) and validating security tool configurations (50 percent). When dealing with threats, half of respondents indicated that correlating security issues with network performance is their top challenge.
The full results of the survey, available for download, also show that emerging network technologies have gained greater adoption over the past year.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=565b2006b8&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage1.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e43a83fd1c)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)