Why Data Breaches Don’t Hurt Stock Prices
[The] mismatch between the stock price and the medium and long-term impact on companies’ profitability should be addressed through better data. Shareholders still don’t have good metrics, tools, and approaches to measure the impact of cyber attacks on businesses and translate that into a dollar value. In most cases, at the time a security breach is disclosed, it is almost impossible for shareholders to assess its full implications. Shareholders should look beyond short-term effects and examine the impact on other factors, such as overall security plans, profitability, cash flow, cost of capital, legal fees associated with the breach, and potential changes in management.
Now that major security breaches have become an inevitability in doing business, companies should put strong data security systems in place, just as they protect against other types of business and operational risks. However, companies whose assets are primarily non-digital have less incentive to invest in prevention if they know their stock price will survive — and that takes a toll on the overall economy and consumer privacy.
Link: https://hbr.org/2015/03/why-data-breaches-dont-hurt-stock-prices
Updated – Security Alert: Vawtrak aka Neverquest Trojan Targeting Canadian Banks
Our malware analysts have detected an ongoing malware campaign, where Vawtrak (or Neverquest), a classic Trojan-banker targets credentials from banks in Canada to steal financial information.
This high versatility offers Vawtrak the ability to collect credentials and sensitive information from FTP servers, email clients and finally from all spheres of the online.
Number and location of victims: the size of the BOTnet depends on the campaign, but we have already identified approximately 15.000 BOTs in the Canadian targeted attack, and 90% of these are located in Canada based on geoIP.
Link: https://heimdalsecurity.com/blog/vawtrak-financial-malware/
Targeted controls key to effective information security, says Protiviti
The firm’s managing director and global lead of the IT governance and risk management practice, Jonathan Wyatt, said too often businesses focus only on keeping intruders out.
The first thing businesses need to accept is that it is impossible to protect everything to the highest level all the time, he said, but also that they do have valuable data and that keeping it safe is achievable. Businesses must take control of their IT landscape
Link: http://www.computerweekly.com/news/4500243458/Targeted-controls-key-to-effective-information-security-says-Protiviti?asrc=EM_ERU_41330668&utm_medium=EM&utm_source=ERU&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&src=5375580
Social engineering techniques are becoming harder to stop, experts say
As social engineering techniques get more sophisticated and attacks appear more like authentic messages, experts say that training methods need to evolve as well. Baker said that the trick to educating employees has always been to make people suspicious of these requests, but that is getting more difficult because it often isn’t enough to simply have users keep an eye out for improper use of language or odd typos.
As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.
Link: http://searchsecurity.techtarget.com/news/4500243233/Social-engineering-techniques-are-becoming-harder-to-stop-experts-say?utm_medium=EM&asrc=EM_ERU_41331086&utm_campaign=20150401_ERU%20Transmission%20for%2004/01/2015%20(UserUniverse:%201449016)_myka-reports@techtarget.com&utm_source=ERU&src=5375580
Corporate Security Checklist – a CEO’s Guide to Cyber Security
You may not know the figures yet, but data breaches are currently among the most common and most costly security problems for organizations of all sizes. The 2014 Cyber Security Intelligence Index by IBM shows that companies are attacked around 16,856 times a year, and data breaches are one of the preeminent causes for these attacks.
Ensuring your company’s cyber security is a complex job and you need a trustworthy CTO or CIO to keep things up to date and working well. As a manager or CEO, you couldn’t possibly have the time to dedicate to understanding or coordinating all of this by yourself.
What we’re trying to help you is understand why cyber security is a necessity and a fundamental factor that influences your company’s stability and success.
Link: https://heimdalsecurity.com/blog/corporate-security-checklist-a-ceos-guide-to-cyber-security/
Sinkholing Volatile Cedar DGA Infrastructure
There is currently some buzz about the Volatile Cedar APT activity in the Middle East, a group that deploys not only custom built RATs, but USB propagation components, as reported by Check Point [pdf]. If you are interested in learning more about this APT, we recommend checking their paper first.
One interesting feature of the backdoors used by this group is their ability to first connect to a set of static updater command and control (C2) servers, which then redirect to other C2. When they cannot connect to their hardcoded static C2, they fall back to a DGA algorithm, and cycle through other domains to connect with.
Link: https://securelist.com/blog/research/69421/sinkholing-volatile-cedar-dga-infrastructure/
PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities
The governing body behind the Payment Card Industry Data Security Standard has confirmed that the next version of the mandate will be released in just a few weeks, which could spark a scramble by merchants trying to implement the surprise update.
According to the SSC, the changes in PCI 3.1 will affect all requirements that reference SSL as an example of what it calls “strong cryptography,” which in its glossary of terms is defined as “cryptography based on industry-tested and accepted algorithms, along with strong key lengths (minimum 112-bits of effective key strength) and proper key-management practices.”
Link: http://searchsecurity.techtarget.com/news/4500243398/PCI-DSS-31-set-for-April-2015-release-will-cover-SSL-vulnerabilities?utm_medium=EM&asrc=EM_NLN_41362368&utm_campaign=20150401_Fire%20drill:%20Surprise%20PCI%20DSS%20update%20may%20be%20days%20away_mtamarov&utm_source=NLN&track=NL-1820&ad=899837
Cisco buys virtual appliance software vendor
Cisco (CSCO -1%) is buying Embrane, a provider of virtual (software-based) firewall and load balancer appliances, and (perhaps more importantly for Cisco) a software platform for deploying and managing virtual appliances (whether Embrane’s or a third party’s). Terms are undisclosed.
Embrane’s team is joining Cisco’s Insieme SDN/switching unit; the networking giant argues Embrane’s offerings will strengthen the feature set of its Nexus data center switch line and ACI SDN/networking virtualization platform (seeing healthy growth, in pitched battle with VMware’s NSX).
Link: http://seekingalpha.com/news/2405416-cisco-buys-virtual-appliance-software-vendor?auth_param=137vrm:1aho75g:69ceee3ad86c2affa033f48c8b0df37e&uprof=45
Anonymous proxies used to carry out shotgun DDoS attacks
… new research from website security company Incapsula has uncovered a darker side to the use of anonymizers as a source of DDoS attacks.
According to the findings DDoS attacks from anonymous proxies accounted for 20 percent of all application layer attacks. On average, perpetrators were directing traffic from 1,800 different IPs. This is what Incapsula calls a “Shotgun” attack.
Link: http://betanews.com/2015/03/31/anonymous-proxies-used-to-carry-out-shotgun-ddos-attacks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed+-+bn+-+Betanews+Full+Content+Feed+-+BN
Google kills 200 ad-injecting Chrome extensions, says many are malware
More than a third of Chrome extensions that inject ads were recently classified as malware in a study that Google researchers carried out with colleagues from the University of California at Berkeley. The Researchers uncovered 192 deceptive Chrome extensions that affected 14 million users. Google officials have since killed those extensions and incorporated new techniques to catch any new or updated extensions that carry out similar abuses.
Link: http://arstechnica.com/security/2015/04/google-kills-200-ad-injecting-chrome-extensions-says-many-are-malware/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
F5 opens new Security Operations Center in Seattle to help companies defeat …
GeekWire
F5 Networks marked the opening of a new Security Operations Center at its Seattle headquarters this afternoon — complete with one of its engineers in a black hoodie playing the role of a hacker launching a mock online attack, to show how the company’s …
Link: http://www.geekwire.com/2015/f5-opens-new-security-operations-center-in-seattle-to-help-companies-defeat-online-attacks/