[From the desk of Paul Davis – his opinions and no-one else’s]
If you dealing with the challenges of PCI, look out for the invites to get “early” access to the latest Verizon report. Provides some great insight and support for compliance.
For now for the news:
Eighty pct of global merchants fall short on card data security compliance: report
(Reuters) – Four out of five global retailers and other merchants failed interim tests to determine whether they are in compliance with payment card data security standards, putting them at increased risk of cyberattacks, according to a new report by Verizon Communications Inc.
The report, which gathered data in 30 countries by assessing more than 5,000 merchants including retailers, financial institutions and hospitality firms among others, found only 20 percent of those tested to be fully compliant less than a year after installing security safeguards. [Link to report: vz.to/PCIR15X ]
From 2013-2014, overall compliance went up by 18 percentage points for 11 out of the 12 payment data security standards.
Link: http://www.reuters.com/article/2015/03/11/cybersecurity-usa-idUSL4N0WC4TV20150311
Kaspersky reveals CAPTCHA-tricking Podec Trojan (11 Mar 2015 01:58 GMT)
… security software company said on March 10 that the malware, Trojan-SMS.Android … premium-rate services, said the security software company. According to Kaspersky, Podec … or its deletion. Additionally, the Trojan employs obfuscation and an …
Link: http://www.zdnet.com/article/kaspersky-reveals-captcha-tricking-podec-trojan/#ftag=RSSbaffb68
PayPal buys Israel cyber security firm for £40 million
PayPal’s purchase of the Beersheva-based company, which protects against malware and predicts future hacking techniques, is part of the company’s plan to expand its existing operations in Israel.
Link: http://www.thejc.com/news/world-news/131425/paypal-buys-israel-cyber-security-firm-%C2%A340-million
Four critical questions to ask yourself When looking for a Cyber Threat Intelligence Partner
When looking for a cyber threat intelligence solution you need to understand that you aren’t buying technology so much as engaging with a long-term partner that extends the size of your team and strengthens your defenses – or at least that should be the case.
Link: http://www.isightpartners.com/2015/03/four-critical-questions-to-ask-yourself-when-looking-for-a-cyber-threat-intelligence-partner/
Isle of Man steps up efforts to court cryptocurrency startups
The Isle of Man (IoM) government says it’s making good legislative headway on the regulation of cryptocurrencies, as it seeks to position itself as a prime location for firms dealing in digital money.
The Isle of Man has made a concerted effort over the past year to attract cryptocurrency startups and drive up the contribution e-business makes to its economy from 20% now to at least 23% by 2020.
Link: http://www.computerweekly.com/news/2240242032/Isle-of-Man-steps-up-efforts-to-court-cryptocurrency-startups?asrc=EM_EDA_40567090&utm_medium=EM&utm_source=EDA&utm_campaign=20150311_Apple%20and%20Microsoft%20patch%20Freak%20vulnerability_
Businesses taking PCI compliance more seriously: Verizon
The number of organisations that fully complied with the payment card industry (PCI) security standards during 2014 rose to 20 percent, according to the latest Verizon PCI compliance report.
The report indicated that the level of full compliance was due to an improvement of compliance across the board, with over 60 percent of companies assessed during 2014 compliant with any of the 12 PCI DSS requirements. As a result, PCI DSS compliance went up by an average of 18 percent for 11 out of 12 requirements.
Link: http://www.zdnet.com/article/businesses-taking-pci-compliance-more-seriously-verizon/#ftag=RSSbaffb68
Fast-changing security threats overwhelm IT managers – survey
The study of just over 1,000 security professionals in the United States, Britain and Canada paints a picture of mounting pressures on organisations due to a shortage of necessary specialist skills, tight budgets and poor employee education.The study found 54 percent of respondents believed security staffing levels inside their organisations needed to double in size and another 24 percent said they needed to quadruple, in order to cope with the range of cybersecurity issues they face.
The poll was conducted in December and January by a third-party firm on behalf of Trustwave and drew on responses from more than 600 U.S. security professionals and another 200 each in Canada and Britain.
Link: http://uk.reuters.com/article/2015/03/11/uk-cybersecurity-survey-idUKKBN0M727A20150311
Targeting law firms
While cybercrime has plagued U.S.-based law firms quietly for close to a decade, the frequency of attempts and attacks has been increasing substantially. Numbers aren’t available, since unlike hacking at financial institutions, law firms have no legal obligations to disclose cybercrimes to the public.
But experts say that these crimes have increased, particularly at firms whose practices involve government contracts or mergers and acquisitions, especially when non-U.S. companies or countries are involved.
At least 80 percent of the biggest 100 law firms have had some sort of breach, Peter Tyrrell, the chief operating officer of Digital Guardian, a data security software company, said in a telephone interview.
Link: http://thedailyrecord.com/2015/03/11/targeting-law-firms/#ixzz3U7lh5WkL
Self-deleting malware targets home routers to gather information
Attackers could be using VICEPASS for reconnaissance, or for future cross-site request forgery attacks. Researchers with Trend Micro have analyzed …
Link: http://www.scmagazine.com/malware-that-connects-to-home-routers-deletes-itself-without-a-trace/article/403050/
EiQ Networks Launches SecureVue STIG Profiler to Protect Against Cyber Attacks
BOSTON, March 11, 2015 /PRNewswire/ — EiQ Networks, a pioneer in continuous security intelligence, risk and compliance solutions, launched SecureVue STIG Profiler, a free software solution that plays a critical role in STIG compliance monitoring. The Defense Information Systems Agency (DISA) issues Security Technical Implementation Guides (STIG) that detail the specific configurations settings that must be implemented for various networked devices and applications. Department of Defense agencies and contractors supporting DoD are required to implement the configurations standards outlined in the STIGs in an effort to better secure networks and prevent cyber attacks. A system can have multiple STIGs that apply to it based upon the operating system and applications installed. One of the more time consuming aspects with the implementation of the STIGs is knowing what STIGs apply to any given system. Up until today this has been a very manual and time consuming process. The SecureVue STIG Profiler automates this part of the STIG process and in turn, provides detailed information regarding what STIGs apply to a system based upon the software installed.
Link: http://www.reuters.com/article/2015/03/11/ma-eiq-securevuestig-idUSnPnXkkpH+51+PRN20150311
Hexis Cyber Solutions Launches Latest Version of HawkEye AP for Insider Threat Detection and Advanced Big Data Analytics
HANOVER, Md., March 10, 2015 (GLOBE NEWSWIRE) — Hexis Cyber Solutions, Inc. (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced the latest version of HawkEye AP, its highly scalable, log management solution that provides sophisticated analytics on high volumes of event data. With a new intuitive graphical user interface and an advanced analytics toolbox, HawkEye AP gives users a wide range of new capabilities to model and analyze data according to their specific needs. Included with this release is a new out-of-the-box model covering Insider Threat Detection.
Link: http://www.virtual-strategy.com/2015/03/10/hexis-cyber-solutions-launches-latest-version-hawkeye-ap-insider-threat-detection-and-adv#axzz3U7otOW7W
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com
If someone forwarded this email to you and you want to be added in,
please click this: Subscribe to this list