[From the desk of Paul Davis – his opinions and no-one else’s]
Apart from the reporter’s opinions đ
Also, in case you are interested there is another newsalert I generate on new campaigns and hacker techniques. Here’s a link if you want to subscribe: Link (http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ac2a04cc93&e=20056c7556)
So onto the news:
Donât kill Flash, says Cisco security veteran
But Flash should not be discarded, believes Cisco security veteran John Stewart, saying it might in fact be the lesser of two evils.
âI have a lot of sympathy for the (Adobe) teams. They need to weather the storm,â Stewart told The Register in a media call on Friday.
âAdobe is zeroing in on ensuring security testing happens across their portfolio in a big way.
âIf anyone thinks something is better than Flash then they need to consider what that alternative is against doubling-down security efforts on what we already have.â
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=955871488c&e=20056c7556
PagerDuty hacked … and finally comes clean 21 days later. Cheers
‘Fessing up to the breach on its website, PagerDuty admitted that it detected an unauthorised intrusion by an attacker who exfiltrated “some information” about its customers back in early July.
An email sent to customers and seen by The Register is more revealing about what was exposed. The company acknowledged the attacker “gained unauthorised access to our users’ names, email addresses, public calendar feed URLs, and hashed, salted and peppered passwordsâ.
As a precautionary measure, the company is asking its users to set new strong passwords following the breach.
PagerDuty additionally recommends that customers reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=092997b796&e=20056c7556
European Union gets serious about data protection
An upcoming European Union data protection law will enforce reporting of data breaches and introduce fines for companies breached because of their negligence, and risk managers need to act now to be ready for it, experts say.
A final version of the European Commission General Data Protection Regulation is expected in December, with the regulation taking effect across the European Union two years after its publication. Companies need to understand their risk profile now to prepare for it, sources say.
âMandatory reporting is coming, and people need to start taking steps nowâ to be ready, said Geoff White, underwriting manager for cyber, technology and media at Barbican Insurance Group in London.
The draft rules would require supervisory authorities and affected individuals to be notified of a breach that poses âsignificant risk of harmâ to data subjects, or a serious violation of their rights, within 72 hours.
Companies can only begin to quantify whether a breach poses ârisk of harmâ to data subjects if they have detailed documentation of their data and to whom it belongs, and have processes in place to swiftly and accurately assess the scope of any breach, she said.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f3d96c13f1&e=20056c7556
RBS says cyber attack behind online banking failure
Frustrated customers complained of problems accessing their account online and making payments. The issue lasted around 50 minutes and affected RBS and NatWest customers .
It was initially thought to be the result of an internal glitch, but the bank now claims it was caused by an attack on its servers. A spokesman insisted none of its customers’ data was at risk.
It is not the first time RBS has been targeted. In December 2013, customers were locked out of their account for 12 hours as a result of a DDoS attack.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=119a1fb750&e=20056c7556
Botnet takedowns: are they worth it?
Are botnet takedowns really winning the war? No, but increasing the cost to the attacker and winning a particular battle that hopefully provides enough value â and defending a particular set of victims as a part of that ROI â can be a good thing.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6060f1de33&e=20056c7556
How vulnerable are the U.S. stock markets to hackers?
The threat of exchanges being hacked, though, is very real. More than half of the 46 exchanges surveyed by the International Organization of Securities Commissions and the World Federation of Exchanges reported suffering a cyberattack in 2012, according to a working paper released the following year. Exchanges in the U.S. were 67% more likely to have reported experiencing an attack than those based elsewhere.
Cybercrime has repeatedly been called the biggest threat to the financial sector and to businesses â and warnings have been growing louder and more urgent as attacks increase in frequency and complexity. About 88% of brokerages and 74% of advisers in the U.S. have faced cyberattacks, according to a Securities and Exchange Commission report released in February. A major U.S. bank suffers an attack every 34 seconds, according to testimony from a Congressional hearing in June.
Red flags have been raised about computer security at stock exchanges for at least 25 years. In 1991, the U.S. Government Accountability Office, a watchdog agency, found 68 systems-security and other control weaknesses at five stock markets, including NYSE. While financial firms have advanced to become âtechnology companies with a bank wrapped around them,â Schimmeck said, âthe challenge is changing a tire on a car thatâs going 60 miles per hour on a roadâ as hackers search for vulnerabilities.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d539abafef&e=20056c7556
Audi Hints at Hacker Bounty Program, ‘Virtual Cockpit’ Ambitions
Two Nvidia computer modules power the entire affair. One Tegra 3 chip handles the Virtual Cockpit aspects (allowing for a 60 frames per second display at a 1440-by-540 resolution, the limit at which a driver, from that distance, would be able to enjoy a “Retina” effect, as Halliger described). A second Tegra 3 chip handles the Navigation Plus system, which can output information at anywhere from 30-60 frames per second, same resolution.
This is all old news, though, for those who have been following Audi’s dashboard ambitions over the past year or so. Though Audi representatives didn’t go into great detail, they did touch a bit on more recent car security revelations in the question-and-answer portion of today’s Audi event. After all, the more connected cars get, the more prone they might be to third-party attacks, as some hackers were able to recently show with a Jeep Cherokee.
Audi, cognizant of this fact, has apparently had a bug bounty program of-sorts in place since 2008. Though Halliger didn’t go into great detail, he did note that invited participants are given cash rewards for successful infiltrations of Audi car systems.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e191f9f7db&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: ** dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If someone forwarded this email to you and you want to be added in,
please click this: ** Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
** Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=23342610c7)
** Update subscription preferences (http://paulgdavis.us3.list-manage1.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)