[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions 😉
So onto the news:
Hacking-enabled insider trading underlines need for cyber legislation
Initial reports indicated that only nine suspects were to be charged by US authorities in Brooklyn, New York and New Jersey in connection with insider trading based on stolen corporate press releases before they had been made public.
The insider trading gang is estimated to have netted more than $100m in illegal profits from 1,000 alleged insider trades over three years, up from initial estimates of $30m, reports the BBC.
The latest insider trading case highlights the need for legislation to strengthen cyber security, according to international cyber security expert David Fidler.
“The insider trading case may stimulate more demand for the SEC to increase its regulatory activities against threats posted by inadequate information security to the fair and efficient operation of security markets,” said Fidler, professor of law and fellow in the Center for Applied Cybersecurity Research at the Indiana University Maurer School of Law.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f54003ad0d&e=20056c7556
Corporate Encrypt-Everything Policies Gain Interest
With tale after tale of data breaches and cyber-espionage making its way into the headlines, encryption by default has been a hot topic of late—and enterprises are beginning to respond. A large majority (84%) of respondents in a recent survey said that they had considered a security strategy of encrypting all sensitive data.
In the survey, from Vormetric and IANS, top reasons for encrypting data included; preventing data breaches (66%), fulfilling compliance or audit mandates (54%) and protection of financial and other assets (53%).
With these realities in mind, respondents are implementing encryption to solve tough problems, including securing data within: Databases (62%); laptops (52%); emails (48%); private clouds (46%); and big data environments (37%).
Over half (54%) responded that their top challenge when implementing encryption is legacy technology and support for encryption. Other roadblocks include the cost of encryption technology (52%) and worries about performance impacts (44%). But interestingly, and in spite of these pain points, a whopping 84% of respondents have considered a security strategy of “encrypt everything,” i.e. encrypting all sensitive data.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1304dae0e4&e=20056c7556
NIST Guide Aims To Help Healthcare Increase Mobile Data Security
The National Institute of Standards and Technology (NIST) has released a draft guide designed to help healthcare organizations increase mobile data security. The guide, NIST Cybersecurity Practice Guide, Special Publication 1800-1: Security Electronic Health Records on Mobile Devices, is a response to the growing need created by increasing use of smartphones and other mobile devices to transmit healthcare data.
NIST explains its new draft guide demonstrates ways that existing technologies can meet the needs of healthcare organizations to better protect the PHI in their EHR systems. In particular, the guide reveals how open-source and commercial tools and technologies that meet cybersecurity standards can help healthcare organizations share patient health records more security via mobile devices.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=67e7ba5846&e=20056c7556
World-first security measure for .au combats increased cybercrime
George Pongas, general manager of naming services at AusRegistry, says the .au Registrar Information Security Standard (ISS) will help protect .au domain name owners from cybercrime and position the namespace as one of the world’s most securely managed zones
The .au Registrar ISS is a set of mandatory protocols which will help .au Registrars manage and improve the security of their infrastructure and systems, as well as protect the stability and integrity of the .au namespace.
Managed by auDA, the mandatory protocols in the ISS will ensure accredited .au Registrars have numerous levels of redundancy in place and adhere to industry best practice security measures to defend against attacks.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=097b732e54&e=20056c7556
Microsoft Edge security features raise the bar in Web browser safety
One big change that should improve Microsoft Edge security is that it’s been written as a Universal Windows app, meaning all processes will run within app container sandboxes. IE 10 introduced Enhanced Protected Mode, a browsing sandbox, but it was only an option on the desktop in IE 10 and IE 11. Edge renders every page inside an app container not just as a default, but all the time, keeping malicious code isolated from other areas of the system.
Further protection is provided by various memory abuse mitigators. Microsoft has been introducing these into Windows and IE for some time, but they will be turned on by default in Microsoft Edge — in fact, a lot of older opt-in security features are now set to be always-on. For example, MemGC (Memory Garbage Collector) removes the responsibility of freeing memory from the programmer by automating the process, and therefore makes buffer overflow vulnerabilities less likely, while CFG (Control Flow Guard) helps limit where a memory corruption attack can jump to.
Microsoft Edge will use a new rendering engine, EdgeHTML. This rendering engine supports the W3C standards for Content Security Policy and HTTP Strict Transport Security, which provide protection against cross-site scripting and forcing connections to a site over HTTPS respectively. These standards help Web developers better defend their sites against attack.
Edge also includes a major overhaul of the DOM representation in the browser’s memory, making the browser’s code more resistant to attacks that attempt to subvert the browser. To reduce the threat posed by poorly written Web browser extensions, Edge will provide no support for VML, VBScript, Toolbars, BHOs or ActiveX, instead relying on the rich capabilities of HTML5.
Microsoft SmartScreen, originally introduced in IE 8, remains one of the controls to defend against malicious sites trying to trick users in to downloading malicious software by performing a reputation check on websites’ users visit.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=918c16658d&e=20056c7556
June Was ‘Worst Month Of Malvertising Ever’
June was “the worst month of malvertising basically ever” and Flash zero-day vulnerabilities are partly to blame, says Patrick Belcher, director of security analytics for Invincea. In the first six months of 2015, malvertising was one of the biggest threats to endpoint security, causing an estimated $525 million in damages (related to repair and recovery costs), according to research released today by Invincea.
The researchers identified a Russian threat actor called “Fessleak,” that was particularly prolific, and had carried out more malvertising exploits than anyone else Invincea witnessed this year, using real-time ad platforms to deliver ransomare and the Bedep click fraud bot.
By the end of the year, Belcher expects that the use of weaponized Microsoft Office documents will overtake malvertising as the leading threat, because the use has recently exploded — with multiple threat actors using the same Visual Basic scripts, available for free on places like Pastebin, to add malicious payloads to documents. The documents are generally delivered via phishing messages.
These malicious documents were used to deliver Dridex, Zeus, Pony, Zbot, Dyreza payloads. They were also used in “just-in-time” malware attacks, which Invincea called the “dominant trend in malare evolution.” In such an attack, the malware is delivered to the endpoint in innocent-looking pieces to avoid detection, then assembled on the endpoint, often using native Windows components as part of the finished product.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=deb89f977e&e=20056c7556
Onapsis Uncovers Three New “High Risk” Vulnerabilities Affecting SAP Mobile
BOSTON–(BUSINESS WIRE)–Onapsis, the global experts in business-critical application security, today released new security advisories detailing vulnerabilities in SAP Mobile. Included in the security advisories are three “high risk” vulnerabilities which could be used to gain access to sensitive business information within organizations that rely on SAP Mobile.
These three “high risk” vulnerabilities, recently fixed by SAP and reported by Onapsis, could be abused by attackers to compromise encrypted information stored in the mobile devices. The most typical example of this kind of information are credentials to connect to SAP systems, which hold the most sensitive business information.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=00fe5df0d9&e=20056c7556
Research Reveals Increased Attacks on Mobile Devices, Networks
A recent research conducted by Check Point Software Technologies on over 16,000 security gateways globally, shows that targeted attacks and ‘Hacktivism’ reached an alarming level in 2014.
The 2015 security report provides insight into the degree of infiltration and sophistication of new threats in the enterprise. Mobility, virtualisation and other technologies have changed the way we do business.
This year’s report revealed that 106 unknown malware hit an organisation every hour, 48 times more than the 2.2 downloads per hour reported in 2013.
The report said mobile devices were the weak links in the security chain, providing easier direct access to more valuable organisational assets than any other intrusion point. Check Point research found that for an organisation with more than 2,000 devices on its network, there’s a 50 percent chance that there are at least 6 infected or targeted mobile devices on their network.
The report revealed that 72 per cent of IT providers agreed that their top mobile security challenge is securing corporate information, and 67 percent said their second biggest challenge is managing personal devices storing both corporate and personal data. Corporate data is at risk, and being made aware of these risks is critical to taking the proper steps to secure mobile devices.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=847f10a878&e=20056c7556
Using Netflow for Security
Using NetFlow for security monitoring can be an effective strategy for both uncovering bad actors and play an important role in your malware incident response steps. This post will take a look at how flow technologies help re-inforce your defenses against electronic crime.
One of the first things admins being introduced to NetFlow and IPFIX come to realize is the massive amount of data that is on the network. Flow volumes can reach into the hundreds of thousands of flows per second, even millions! Trying to understand it all is not a practical goal. However, classifying it to make it easier to pour threw can make life a lot easier and lead to shorter incident response times.
Even when NetFlow and IPFIX are not being used to monitor for security breaches, they are almost always turned to as part of the malware incident response procedure. Read NetFlow best practices. No other technology on the market today provides the broad visibility that flow data does because it provides insight into the far corners of the network. All router vendors today export flow data and more and more switch vendors are supporting the official standard ‘IPFIX’ in order to avoid sampling. Reach out to our team today to start your evaluation of the best flow collection system on the market.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7137a13c72&e=20056c7556
Incident Response: What’s Working and How to Be More Proactive–SANS Survey Results Released
BETHESDA, Md., Aug. 12, 2015 Incident responders are looking for more automated processes and services to gain better visibility and to conduct faster, more accurate response and remediation, according to the 507 respondents to qualify and take the 2015 SANS Incident Response Survey to be released by SANS Institute in a series of webcasts on August 18 and August 20, 2015.
As a result of their efforts, respondents showed slight improvements in time to remediation from 2014. Thirty-six percent of respondents reported needing 24 hours or less to remediate a breach, compared to 30% with the same swift reaction in 2014.
Responders still have a long way to go: They are short on the skills and technologies, and they need more automation and integration across systems that are no longer behind the network firewall, such as apps hosted in the cloud or on personal mobile devices.
Organizations can make additional improvements in their IR capabilities by implementing proactive responses, further driving the need for more automated, integrated processes to follow through on indicators of compromise (IoCs) and fully remediate systems. In the survey, four of the top 10 impediments to IR relate to automation: 45% reported lack of visibility into systems; 37% cited inability to distinguish incidents from normal behaviors; 29% reported too much time needed for remediation; and 28% reported lack of integrated, automated tools.
Full results will be shared during a two-part webcast. Part 1, Tuesday, August 18, 2015, at 1 PM EDT, will focus on the current state of IR and how the landscape has changed since 2014. Part 2, Thursday, August 20, 2015, at 1 PM EDT, will focus on how incident responders can be more proactive in their policies and practices.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7a4b1c3981&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=f8a1510b69)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)