[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
So onto the news:
Hackers Still Going Hard After Banks – But Employees Are Now Prized Targets
According to a new study released by Raytheon/Websense, summarized here in this article published in Information Weekâs Dark Reading on Tuesday, June 23rd, banks still garner the most attention when it comes to cyber attacks; three times more than any other industry. The attention, however, isnât new, and banks and other financial institutions are usually on the cutting edge when it comes to technology solutions geared to keep their networks safe. âBut there is still a soft spot that technology alone still canât quite solve,â says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions and digital forensics services headquartered in New York City, âand that soft spot comes in the form of personnel already inside the castle.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=fc875ca5fd&e=20056c7556
Executive Enterprise Mobility: Report by Apperian
In order to understand the trends and the preferred enterprise approaches, our partner Apperian recently conducted an Executive Enterprise Mobility survey. The takeaways from the summary were quite impressive and intrigued me a lot. The survey results reinforced the enterprise mobility journey and the shift in the strategies adopted to enable user satisfaction and drive mobile productivity. The survey results are published in this report.
Enterprises are now moving beyond Secure Email when they think of a mobile deployment. There is now an increasing focus on mobilizing the core workflows that have the greatest impact on ROI. Although more than two-thirds of respondents stated security as their primary concern, the same respondents also stated that their investments are focused on increasing the app usage and adoption.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d5e373effc&e=20056c7556
CryptoWall ransom malware sneaks onto systems using clickfraud botnet
Security firm Damballa has discovered a conventional click-fraud botnet being used to distribute the CryptoWall ransom malware, an unusual but deadly integration between normally very different types of crimeware.
In its latest threat report, the firm reports tracking a clickfraud infection nicknamed âRuthlessTreeMafiaâ it noticed on a customer network – in fact the Asprox botnet – which at first appeared to be nothing more sinister than an attempt to direct bogus traffic to a search engine.
This kind of campaign looks like a warning. CryptoWall has become the number one ransom malware menace of 2015 and can probably be considered on par with the infamous CryptoLocker of 2013 for sheer aggressiveness albeit that consumers and businesses are more aware of this type of threat than they were then.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b24258267a&e=20056c7556
United States: Canada Moves Forward With Mandatory Federal Security Breach Notification Law
On June 18, 2015, the Canadian Minister of Industry announced that the Digital Privacy Act, which amends Canada’s foundational Personal Information Protection and Electronic Documents Act (PIPEDA), has received royal assent and is now law. Although the Act contains a number of provisions that are likely to impact organizations doing business in Canada, certain key featuresânotably, the security breach notification requirementsâwill not come into effect until regulations are issued by the Canadian government.
Pursuant to amendments contained in the Digital Privacy Act, organizations will be required to notify the Privacy Commissioner and affected individuals of “any breach of security safeguards involving personal information under [the organization’s] control if it is reasonable in the circumstances to believe that the breach creates a real risk of significant harm to an individual.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f076db25e9&e=20056c7556
NIST Drops Weak Dual_EC RNG From Official Recommendations
NIST officially has removed the controversial and compromised Dual_EC_DRBG from its list of recommended algorithms for generating random numbers.
The Dual_EC random number generator was at the center of a controversy in the security community two years ago after revelations that the National Security Agency had exerted its influence on the development of the algorithm and intentionally weakened it to allow the agency to access communications protected by products that use Dual_EC. The random number generator later was included in the RSA BSAFE crypto library as the default algorithm. The BSAFE library is used in a long list of encryption products.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ef6b2110ee&e=20056c7556
Famed Security Researcher Mudge Leaves Google
Peiter Zatko, a respected computer security researcher better known by the nickname Mudge, says heâs leaving his job at Google to explore ways to help U.S. government make software more secure.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=93451c9198&e=20056c7556
Study: Click-fraud malware often leads to more dire infections
Damballa warned in a âState of Infections Reportâ that seemingly low-risk click-fraud malware could lead to further infections of more sinister threats, such as ransomware
In the report’s RuthlessTreeMafia group example, a victim was infected with click-fraud malware through a phishing email. Once infected with this initial malware â the group used Asprox â the malware’s Command and Control (C&C) server then updated the impacted device with additional malware. One was a rootkit and the other a click-fraud installer.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ed4cabdda2&e=20056c7556
Zeus and SpyEye banking malware gang arrested in Ukraine
Europol has triumphantly reported the arrest of five suspects accused of being key members of the gang behind the notorious Zeus/SpyEye malware used to attack countless of online bank accounts in the last five years.
In a statement, the organisation said that the unnamed individuals had been picked up at four cities in Ukraine on 18 and 19 June after an intensive Belgian and Austrian investigation stretching back to 2013.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d51f607428&e=20056c7556
Government seeks to boost security of telco infrastructure
The Telecommunications and Other Legislation Amendment Bill 2015 (PDF) will amend the Telecommunications Act 1997 to strengthen the current framework for managing national security risks to Australiaâs telecommunications networks.
That framework would include an obligation to protect infrastructure and data passing through it, compel industry to provide the government with information to assess national security risks to telco infrastructure and a penalty regime to include compliance.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=16a414ef7a&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=b705367136)
** Update subscription preferences (http://paulgdavis.us3.list-manage2.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)