[From the desk of Paul Davis – his opinions and no-one else’s]
This is one of 5 Newsalerts I generate 5 days a week.
If you want to subscribe to the one that highlights security vendor specific news, click this link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f93b0ce95b&e=20056c7556
And please share these newsalerts with others. I do this to help the industry and the feedback loop of seeing people subscribe keeps me going.
Thanks
Paul
Apart from the reporter’s opinions 😉
So onto the news:
South Korea introduces punitive damages resulting from data breach
South Korea amended its Personal Information Protection Act last month by adding punitive and statutory damages to the statute. The amendment will become effective in July 2016 and will allow Korean courts to award punitive damages of up to three times the actual damage from the “loss, theft, leakage, forgery, alteration, or impairment of personal information due to a deliberate act or a serious error.”
This new amendment is the latest in a series of more stringent requirements and penalties in relation to data privacy issued by the South Korean government following a number of major data breach incidents, including those involving South Korea’s three largest credit card companies. These new damages provisions follow and mirror those of the amended Use and Protection of Credit Information Act in February 2015 applicable to credit information companies. An amendment to the Act on the Promotion of Information Communication Network Utilization and the Protection of Information in May 2014 already allows for fines of up to 3% of a company’s revenue in connection with data protection violations.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6db0bfd363&e=20056c7556
Over Two-Thirds of US Companies Plan to Spend More On Security, CFOs Say
Some 69% of US companies have increased investments in data security in the past year, while 92% have a formal data security plan, according to the 2015 CFO Outlook annual Pulse, a survey by Bank of America.
The top five strategic activities of CFOs, beyond the finance role, are technological advances (61%), risk management (60%), data management (59%), human resource issues (49%) and communications strategies (40%), respondents say.
More than 80% of the respondents say they are spending more time on planning disaster recovery, fraud and operational risks, study shows.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=89ce49ce08&e=20056c7556
Threat intelligence needs to grow up
Security teams are overwhelmed with a massive amount of threat data. While a decade ago no one was talking about threat intelligence except government agencies, organizations are now bombarded with threat data leaving them challenged with identifying what is relevant.
Aggregating that data requires a shift in mindset and a maturing of threat intelligence in order to better mitigate risks.
Tomer Schwartz, director of security research, Adallom Labs noted, “Threat intelligence is not looking at all the data. Threat intelligence is new, and products are changing. Understanding that just plugging in to a product is not going to help is critical. Threat intelligence is about getting as much data as we can, not just current data for a current threat.”
Ignoring historical data overlooks a wealth of information that can inform a security program and enable an enterprise to defend against a wider range of incidents. Schwartz said, “In the current state of security, attackers are going to succeed. The correlation with new data and historical data is not happening enough and enterprises are afraid of collaboration.”
Commercial vendors, including ThreatQuotient, TruSTAR, BrightPoint, Webroot, Norse, and Adollom all agreed that threat intelligence has become a dig data problem.
More boutique vendors will be able to provide companies with more valuable and accurate information that will assess intelligence and invest appropriately based on customer needs.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=602d0e8e10&e=20056c7556
Compromised administrative credentials were used to flash malicious boot firmware on Cisco IOS devices
Installing rogue firmware on embedded devices has long been a concern for security researchers, and it seems that such attacks have started to gain ground with hackers.
In an advisory Tuesday, Cisco Systems warned customers that it is aware of a limited number of cases where attackers have replaced the boot firmware on devices running its IOS operating system. IOS runs on most Cisco routers and switches and provides a complex set of networking tools and features.
“No product vulnerability is leveraged in this attack, and the attacker requires valid administrative credentials or physical access to the system to be successful,” Cisco said in its advisory. “The ability to install an upgraded ROMMON image on IOS devices is a standard, documented feature that administrators use to manage their networks.”
The prevent, detect and remedy compromises of Cisco IOS devices, the company’s product security incident response team advises customers to follow recommendations outlined in three documents: Cisco IOS Software Integrity Assurance, Cisco Guide to Harden IOS Devices and Telemetry-Based Infrastructure Device Integrity Monitoring.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=c52b31702c&e=20056c7556
Business not keeping up with rapid changes in cyber attacks, says Proofpoint
Business is struggling to keep up with rapid changes in techniques by cyber criminals as they switch to increasingly malicious campaigns, the latest threat report from security firm Proofpoint reveals.
In addition to the usual parade of new patched vulnerabilities and zero-day exploits, the first half of 2015 saw rapid changes in the exploit kit landscape, according to the Threat Report for June 2015.
The Angler exploit kit and others added zero-day exploits, demonstrating the increasing sophistication and value-add of exploit kits as part of a cyber crime infrastructure.
According to the report, the most striking development of the first six months of 2015 was a massive shift of threat activity from the URL-based campaigns that had dominated 2014 to campaigns that rely on malicious document attachments to deliver malware payloads.
According to Proofpoint researchers, cyber criminals have resurrected a masking technique that largely vanished from the threat landscape in 2006 because malicious macros deliver the most ‘bang for your buck’ because they combine lower up-front and maintenance costs with higher effectiveness to create a ‘killer app’ for cyber criminals.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a6927768a1&e=20056c7556
Citrix Poll: Majority of Employees Use Work Devices Without Security Software
The Citrix-commissioned survey says 88 percent of the American workforce use company-issued computers and mobile devices that are not equipped with corporate security software.
Wakefield Research polled at least 1,000 people in July and found that more than 60 percent of them lack response plans to address possible data thefts, Citrix said Tuesday.
Nearly 40 percent of respondents say they keep a “private folder” on their mobile devices and desktop computers and at least 80 percent think their personal data is at risk of being stolen.
The survey also found that 70 percent of the workforce feel that having their Social Security numbers entrusted to companies poses a higher risk than keeping their Social Security cards in their wallets.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0e482dfdcb&e=20056c7556
Google flubs patch for Stagefright security bug in 950 million Androids
If you’re a Nexus owner, the Stagefright security update should already be installed on your Android device. However, of the six patches in the bundle, one needs more work – meaning, patched devices are still potentially vulnerable to attack via Stagefright.
Researchers at Exodus Intelligence spotted a mistake in this particular source-code tweak, and crafted an MP4 video file to prove the patched Android library is still vulnerable. The Stagefright library crashes when trying to open that data in a multimedia message, and the team say the programming blunder is exploitable.
The monthly software updates for Android arranged by Google in light of the Stagefright bug release were lauded by many as a sensible idea. But whether handset vendors will live up to their promises remains to be seen.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=59d863c598&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=e7a0344e72)
** Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)