[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
UK tops global cyber crime hit list
UK is the top target for cyber criminals with UK businesses targeted more frequently than US counterparts, a study has revealed.
Apart from local threats, criminals in Nigeria, Germany, the US and Mexico lead the way in attacking the UK, according to a study published by security firm ThreatMetrix.
But UK-based criminals were the second highest originators of cyber crime attacks after the US, according to the study, which is based on more than a billion transactions monitored each month by the firmâs Digital Identity Network.
Account creation fraud was the highest risk, accounting for nearly 7% of transactions blocked by ThreatMetrix, while account login risk was lower at 3%.
Mobile now makes up one third of all transactions analysed by ThreatMetrix and is the biggest emerging opportunity and risk for businesses and financial institutions trying to deliver frictionless experiences to their customers, the company said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f520c3099d&e=20056c7556
Hacking Increasingly Becoming a Physical Concern
If this past quarter’s stories are any indication, we could very well be seeing the rise of a new wave of threats that will affect people in a more pronounced and physical level, reports Trend Micro in its Q2 Security Roundup Report. “We’ve previously seen how certain automated transportation systems could be susceptible to cyber-attacks, and now we’re seeing possible threats in aviation.
The first incident took place when security researcher Chris Roberts tweeted messages that suggested that he was tampering with the in-flight systems of the 737/800 plane that he was on.
This was followed by a DDoS attack on Warsaw’s Okecie airport, causing delays that grounded more than 1,400 people flying with LOT Polish Airlines.”
Report also warns that Domain Name System (DNS)-aided attacks using DNS changers to target home routers have made a comeback. “This quarter, cybercriminals set their sights on routers to tamper with the information these relayed to connected devices, thus facilitating data theft.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=89c1a4cc84&e=20056c7556
Untrusted CertificatesâSurvey Shows IT Security Pros Know the Risks but Do Nothing
Today, Venafi released a report based on survey findings and analysis, IT Security Professionals Know the Risk of Untrusted Certificates and Issuers, but Do Nothing.
The survey was conducted at 2015 Black Hat USA and gathered responses from over 300 IT security professionals.
As the title suggests, the report reveals that security professionals know the risks associated with untrusted certificates, including compromises of certificate authorities (CAs), but they are currently not taking steps to protect themselves and donât have remediation mechanisms in place to effectively mitigate a future CA compromise.
Why is it important to understand and respond to threats using untrusted certificates.
The report highlights how cybercriminals are increasingly misusing keys and certificates to breach organizations, elevate their privileges, and hide activity.
And although they may know the risks, most organizations are unprepared to defend against these attacks.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=92cc643127&e=20056c7556
Security experts mostly critical of proposed threat intelligence sharing bill
This fall, the Senate is expected to take another look at the Cybersecurity Information Sharing Act, or CISA, but many security experts and privacy advocates are opposed.
The biggest concern most critics of the CISA bill have is that it seems to be more about the government gathering information than about helping companies improve security.
“The way that the bill is written would give companies the ability to spy on all of their users with impunity, in order to detect if they are a ‘cyber threat,'” said Justin Harvey, chief security officer at Fidelis Cybersecurity. “This information can be shared with the Department of Homeland Security, which can then, in turn, send the data to the NSA in real time, or companies can bypass DHS altogether and send it over to the NSA.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=59ea8f89d1&e=20056c7556
Soltra Launches New Membership Program For Soltra Edge Users
Reston, VA â SEPTEMBER 9, 2015 â Soltraâ˘, a joint venture of FS-ISAC and The Depository Trust & Clearing Corporation (DTCC), today announced an innovative new membership program for users of Soltra Edgeâ˘, the first industry-driven threat intelligence sharing platform.
With this new program, users can get enterprise-grade technical support and many other key benefits to help advance their capabilities to defend against the latest cyber risks and threats with standards-based threat intelligence.
The program is designed to meet the needs of commercial organizations that require full support for cyber security solutions running in their environments.
The process of joining Soltra has been simplified by enabling FS-ISAC members to leverage their existing FS-ISAC membership to join as a Soltra member.
Soltra membership will also be available through other ISACs, ISAOs and similar sponsoring organizations, as well as directly from Soltra.
Membership levels available today include Enterprise Membership and Enterprise Plus Membership, depending on requirements for support and other benefits of membership.
Each membership level is funded by an annual fee.
Enterprise membership tiers include benefits that go beyond traditional enterprise software support agreements including, but not limited to: direct contact with Soltra support technicians and engineers; access to professional services staff for customization and integration support; access to published adaptors; and the ability to submit code modifications for future releases.
Enterprise Plus also includes expedited review of code submissions and an invitation to participate in Soltra pilot groups, providing early access to new capabilities and solutions.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a9084b627b&e=20056c7556
At a time when Congress is struggling to pass cybersecurity legislation and as the number of computer intrusions surges, âinsurers can move the needle,â said Deputy Secretary Sarah Bloom Raskin in remarks at a Washington think tank.
At a time when Congress is struggling to pass cybersecurity legislation and as the number of computer intrusions surges, âinsurers can move the needle,â said Deputy Secretary Sarah Bloom Raskin in remarks at a Washington think tank.
Her speech reflected how the Obama administration is trying to enlist a range of sectors and use a variety of tools to combat the cyberthreat.
Meanwhile, on Capitol Hill, senior security officials testified to the complex nature of the challenge, as criminals and foreign governments have become increasingly adept at penetrating U.S. government and private sector networks to steal both commercial secrets and foreign intelligence.
Industry experts said it is high time that insurers become a more visible part of the debate. âLegislation can take you so far,â said Peter J.
Beshar, general counsel of Marsh & McLennan Companies, an insurance broker and global risk adviser. âBut cyber insurance has the potential to create the right incentives that drive economic behavior across millions of people in the marketplace.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=7ea4e67668&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=05810a82ea)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)