iOS 8.3 fixes dozens of security vulnerabilities
Apple has issued more than three-dozen security fixes in its latest mobile operating system update, released Wednesday.
Link: http://www.zdnet.com/article/ios-8-3-fixes-dozens-of-security-issues/?tag=nl.e589&s_cid=e589&ttag=e589&ftag=TREc64629f
Malware-as-a-Service enabling novice threat actors to attack
According to the Websense Security Labs 2015 Threat Report, MaaS (Malware-as-a-Service) is enabling even entry level threat actors to successfully create and launch data theft.
One of the oldest vectors of attack, email, is still a potent attack launcher in spite of the evolution of the web.
Link: http://www.cbronline.com/news/cybersecurity/data/malware-as-a-service-enabling-novice-threat-actors-to-attack-4549833
Proactive Security Strategies Dramatically Improve Security Effectiveness
A new study from Accenture and the Ponemon Institute confirms that companies that employ proactive security strategies realized a greater return on security investments than companies who depend on more traditional approaches to securing their networks,
“Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent,” the report found.
“Live threat intelligence is the key to surviving the new digital siege. But in order to be useful, threat intelligence needs to be as complete and relevant as possible. New offerings like the Norse Appliance 10g are becoming must-have tools for defending modern organizations on the Internet.”
Link: http://blog.norsecorp.com/2015/04/08/proactive-security-strategies-dramatically-improve-security-effectiveness/#prettyPhoto
Cybercrime fighting group takes down Beebone botnet
LONDON (AP) – A new group of international cybercrime fighters claimed one of its first kills Thursday, pulling the plug on malicious servers that hijacked at least 12,000 machines, most of them in the United States.
Beebone was modest by botnet standards, but Samani – the chief technology officer of Intel Security’s Europe, Middle East and Africa division – said it was state-of-the-art. Beebone relied on a pair of malicious programs that re-downloaded each other, an insurance policy should one of them be removed. Regular tweaks to the software’s code made it difficult for experts to blacklist the programs.
Link: http://www.vcstar.com/news/world/new-cybercrime-group-takes-down-beebone-botnet_70421421
Botnet activity inside organisations predicts likelihood of future data breach
Organisations showing evidence of botnets inside their networks are not only more likely to suffer a data breach, the level of botnet activity correlates directly to increased risk, security analytics firm BitSight has suggested after analysing incidents at more than 6,000 companies.
Breaking this down by sector showed that education was the poorest performer, perhaps not a surprise. This sector had the smallest number of grade A networks (the best) and the highest number of grade F networks (the worst).
Utilities was the next worst performer, ahead of data breach hotspot healthcare, retail, in that order. Finance was the best performing sector, differences BitSight has commented on before.
Link: http://www.techworld.com/news/security/botnet-activity-inside-organisations-predicts-likelihood-of-future-data-breach-3607112/
Wall Street Needs Better Safeguards Against Hackers, Says Regulator
Financial regulators are raising concerns about weaknesses in the networks of outside vendors that serve Wall Street’s biggest banks, security lapses that might allow hackers to gain access to sensitive financial data.
In a survey of 40 banks, New York state’s top bank cop, Benjamin Lawsky, found that fewer than half regularly inspected the security systems of their outisde vendors. About two-thirds of the firms surveyed had no policy in place requiring partners to give notice when their networks have been compromised, the New York Times reports.
Link: http://www.ibtimes.com/wall-street-needs-better-safeguards-against-hackers-says-regulator-1875823
Infosecurity Europe 2015: Escalating Cyber-Threats Driving Business Response Strategies – Report
The results of Infosecurity Europe’s 2015 survey are now in – and the research indicates that the key driver of businesses’ security and response strategies is the escalating number of high-profile, headline-grabbing threats and breaches.
According to 67% of respondents, well-publicized incidents such as Target, Sony and JP Morgan, along with vulnerabilities like Heartbleed and Shellshock, are having a positive impact on businesses’ understanding of potential threats.
A corresponding number (62%) reported that reputational damage was the worst possible outcome their organizations could face in the wake of an incident. It would appear that industry horror stories from 2014 and early 2015 are resonating.
In addition, 44% of professionals surveyed believe that the key driver of security strategy and investment in their organization is the complex and evolving threat landscape.
Link: http://www.infosecurity-magazine.com/news/infosecurity-europe-escalating/