[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
FBI Warns Retailers of New Credit Card Malware
An internal FBI cyber alert sent to U.S. companies Wednesday states that Bureau cyber investigators have identified software signatures used in a new point-of-sale malware called “Punkey,” after the 1980s sitcom character Punky Brewster.
The new Punkey malware was discovered by security researchers at Trustwave, a Chicago security firm, that described it in a blog post as a sophisticated cyber threat. The malware is capable of injecting itself into computers, conducting scans of systems, encrypting stolen data, and then communicating with remote servers that are used to store and retrieve stolen credit card data.
The new software has been in operation since October 2014.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=72f3699e24&e=20056c7556
Bring intuition to threat intelligence
In order to combat cyber threats effectively, you need a threat intelligence approach that does the same – one that both identifies solid threat data (such as a specific malware signature) and matches this data to an established pattern (such as the behavior of past malware).
Use curated threat data if possible. This is data that has context relevant to your systems, vulnerabilities, geography and business vertical.
Leverage expansive threat intelligence repositories. This is data that can serve as historical sentinel memory. It effectively provides attacker and attack information pattern matching, enabling automated security intuition.
Use an aggregation point for analysis.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f5027f27d5&e=20056c7556
What is the best mobile malware protection against NotCompatible.C?
A sophisticated variant of the NotCompatible malware has emerged that is difficult to detect and defend against. Expert Nick Lewis offers tips for handling NotCompatible.C.
The new mobile variant of NotCompatible — NotCompatible.C — includes many advancements. For example, it avoids detection by using a peer-to-peer (P2P) communication protocol, end-to-end encryption for all connections, and other anti-network behavioral analysis techniques to connect to its multiple command and control servers. It can also provide proxy functionality, allowing attackers into the target network through compromised devices; this can also be achieved by issuing execution commands to its bots.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=3e97c7d3fc&e=20056c7556
DYRE Banking Malware Upsurges; Europe and North America Most Affected
North America are experiencing the upsurge of DYRE, a malware family notorious for the multiple ways it steals data and its ties to parcel mule scams, among others. There has been a 125% increase of DYRE-related infections worldwide this quarter compared to the last, proving that cybercriminal interest in online banking has only continued to grow.
Roughly 7 in 10 users infected during the last three months came from the European (39% of the total count) and North American (38%) regions. Asia Pacific came in third, with 19% of the infections.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=557d8b3295&e=20056c7556
Cyber Security And The CIO: Changing The Conversation
During a session titled Cybersecurity: New Approaches to Assessing and Maximizing Your Protection, a panel of information security executives agreed that CISOs and their ilk are key players on the cyber-security battlefront.
… the importance of the role of CISO is well documented. According to the Ponemon Institute’s 2014 Cost of Data Breach Study, one of eight factors having an impact on the cost of an enterprise’s data breach is whether the CISO (or executive with a similar title and role) “has overall responsibility for enterprise data protection” and leads the incident response team. When this is the case, the per capita cost of a data breach is reduced — on average — by $10. (To help put that in perspective: The average per-capita cost of an enterprise data breach in 2014 was $201.)
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=436d555e79&e=20056c7556
State strengthens data breach notification law
HARTFORD — The Connecticut General Assembly unanimously approved changes late Monday to the state’s data breach notification law, including requiring at least one year of identify-theft protection for victims whose Social Security numbers have been compromised.
Additionally, the bill passed by the Senate and House of Representatives, strengthened the law by mandating all data breaches be reported to Attorney General George Jepsen’s office within 90 days. The reporting requirement first went into effect on Oct. 1, 2012, but didn’t include a timeframe.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bda7de731d&e=20056c7556
Employee credentials of half of European top 500 firms exposed online
Web intelligence firm Recorded Future has recently scoured the Web’s underbelly, including paste sites and forums, for exposed corporate credentials (emails and passwords), and found that 49 percent of Europes’s largest companies have had credentials belonging to their employees exposed online.
“… 244 companies account for 57% of top banks, 50% of oil and gas producers, and 64% of mobile telecommunications companies in the FT 500 Europe (a Financial Times listing of Europe’s top companies),” the company’s Special Intelligence Desk noted in the report (registration required) released during Infosecurity Europe 2015.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f36ea2b76b&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=34eaf06727)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)