Cisco Launches New Advanced Malware Protection Capabilities and Incident Response Services, Giving Customers Powerful Tools for Faster Time to Detection and Resolution
SAN JOSE, CA, Apr 07, 2015 (Marketwired via COMTEX) — Cisco CSCO, -0.32% today unveiled a host of new capabilities and services that give security professionals extensive intelligence and analysis on potential compromises and solutions to protect against, respond to and recover from attacks.
Link: http://www.marketwatch.com/story/cisco-launches-new-advanced-malware-protection-capabilities-and-incident-response-services-giving-customers-powerful-tools-for-faster-time-to-detection-and-resolution-2015-04-07?reflink=MW_news_stmp
Heartbleed still a risk for most large UK firms, study shows
More than two-thirds of Forbes Global 2000 companies in the UK remain vulnerable to attacks that exploit incomplete remediation of the Heartbleed vulnerability in OpenSSL, a study shows.
Link: http://www.computerweekly.com/news/4500243837/Heartbleed-still-a-risk-for-most-large-UK-firms-study-shows?asrc=EM_EDA_41521413&utm_medium=EM&utm_source=EDA&utm_campaign=20150407_Heartbleed%20still%20a%20risk%20for%20most%20large%20UK%20firms,%20study%20shows_
NIST calls for final comments on draft covering sensitive information protection
NIST composed the draft with the National Archives and Records Administration (NARA) in accordance with Executive Order 13556, which established the CUI program and designated NARA as the main entity to implement it, a NISA press release states. The deadline to comment is May 12, after which NIST will review the thoughts and put together its final document with an anticipated June release.
Link: http://www.scmagazine.com/nist-and-nara-collaborate-to-release-final-draft/article/407586/
A new experiment tracks credit card data as it travels through the criminal web
Earlier this year, security firm BitGlass decided to test the underground marketplace with a little experiment. The company created an Excel file with 1,568 fake profiles, complete with names, phone numbers, addresses, social security numbers, and credit card numbers. Along with the phony data, the file had a hidden watermark that would report back to BitGlass every time the file was opened, operating like a homing beacon. Then the company dropped the file onto a public Dropbox account and posted it to a few cybercrime forums and waited for the beacon to phone home.
Link: http://www.theverge.com/2015/4/7/8356953/dark-web-data-breach-credit-card-tracking
A guide to monetizing risks for security spending decisions
You have a finite amount of cash to spend on people and technologies to keep your business’ risk to an acceptable level, so you have to make your decisions wisely. As Curt Dalton points out in this step-by-step guide, monetizing key risks helps you convey impact in a more meaningful way
• Measure the impact
• Monetize your key risks
• Risk decision making
By monetizing key risks, you will be able to convey impact in a more meaningful way. By providing consistent and methodical risk guidance, executives will be able to more effectively collaborate with you to improve alignment between business objectives and security.
Link: http://www.csoonline.com/article/2903740/metrics-budgets/a-guide-to-monetizing-risks-for-security-spending-decisions.html
Firefox issues brand new update to fix HTTPS security hole in new update
Mozilla recently published its scheduled release of Firefox 37.0.
Firefox 37.0 introduced support for HTTP/2, the not-quite-finalised-yet update to the venerable HTTP protocol.
Link: http://news360.com/digestarticle/5zHJpMCjAUC_9dY_guR-rg
Black Duck Software Announces Industry’s Most Comprehensive Security Solution to Identify and Remediate Vulnerabilities
BURLINGTON, Mass.–(BUSINESS WIRE)–Black Duck Software, the leading OSS Logistics solutions provider enabling the secure management of open source code, today announced the industry’s most comprehensive open source security solution that helps security and development teams find and remediate open source vulnerabilities, the Black Duck Hub. The Black Duck Hub helps customers identify open source used within their code, identify known security vulnerabilities, and triage, schedule, and track remediation.
On average, more than 30 percent of software deployed in most enterprises is open source software (OSS); however, few organizations have visibility into what open source is used and where. With more than 4,000 new open source vulnerabilities reported each year, understanding what open source is used within an organization is critical. Thousands of unknown open source vulnerabilities go unnoticed within a typical enterprise. The Black Duck Hub identifies open source usage, maps known open source vulnerabilities, and tracks remediation efforts. The Black Duck Hub leverages Black Duck’s KnowledgeBase of license and vulnerability data, the most comprehensive source of language coverage in the industry.
Link: http://www.businesswire.com/news/home/20150407005252/en/Black-Duck-Software-Announces-Industry%E2%80%99s-Comprehensive-Security#.VSSAWRPF-OU
New RSA Breach Readiness Survey Finds Majority Not Prepared
SBIC serves as Best Practices Benchmark while 57% of industry at large never update or review Incident Response plans
Content Intelligence in the survey measured awareness gained from tools, technology and processes in place to identify and monitor critical assets. While all SBIC members have a capability to gather data and provide centralized alerting, 55% of the general survey population lacks this capability rendering them blind to many threats. Identifying false positives still proves a difficult task. Only 50% of the general respondents have a formal plan in place for identifying false positives while over 90% of SBIC members have automated cyber-security technologies and a process to update information to reduce the chances of future incidents.
Link: http://www.reuters.com/article/2015/04/07/rsa-globalreachresult-idUSnPnTxWN4+56+PRN20150407
XL Launches Security Insight Platform to Identify Global Business Risks
XL Group’s kidnap & ransom underwriting team has announced the launch of its new Global Security Insight (GSI) platform.
Created and frequently updated by Salamanca Group, the merchant banking and operational risk management business, the global platform provides XL Group’s clients with detailed information about security risks in over 200 territories. Access is included as part of XL Group’s pre-incident response service and provides clients and their staff with vital information for those traveling or conducting business throughout the world.
Link: http://www.insurancejournal.com/news/international/2015/04/07/363481.htm